The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Squirrelmail + security concerns with cPanels using UW Imap Server!

Discussion in 'Security' started by sexy_guy, May 2, 2003.

  1. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Cpanel is using UW Imap server. There are major security concerns with the possibily to show non-mail files within SquirrelMail and other mail clients. This includes sensitive files, such as /etc/passwd and others. It's a known problem with the UW imap server. The easiest and probably the best is to not use UW. It's terribly slow with large mailboxes. A much better alternate to UW would be Courier IMAP which is significantely faster and more secure. It would also help with the speed of pop3 on heavily loaded servers such as cPanel. Anyone care to comment on this? This is definately a major security concern espeically for those of us running Squirrelmail.
     
  2. howard

    howard Well-Known Member

    Joined:
    Apr 20, 2003
    Messages:
    233
    Likes Received:
    0
    Trophy Points:
    16
    yep courier-imap is defiantly a nice thing to have and i like its custom authentication modules however it uses the maildir mailbox format which would mean changing the current exim config to cope w/this and also the present mailboxes (so that people wouldn't have their customers start complaining they can't see archived mail etc)

    With the varying issues people are having at the moment i am not sure if it would be a good thing to introduce at the moment (although i would fully support its introduction when things have settled down)
     
  3. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    Saw a few posts here where people were configuring their Squirrelmail to use Courier Imap which is incorrect. It should be set to University of Washingtons(UW) Imap server.

    There is a very easy transition, upgrade available, to go from UW Imap to Courier but it would probably break most of the Imap functionality currently installed for cPanel. SIGH!
     
Loading...

Share This Page