At 04:54 AM 12/15/98 , Dave Crocker wrote:
At 05:17 PM 12/14/98 -0800, Roeland M.J. Meyer wrote:
FYI: Not that I sell shell accounts anyway, but I additionally block all non-http access, from *.EDU, with tcp_wrappers and my POP3 is wrapped up in SSH. IMAPD was shot and buried(deleted) a long time ago.
this means that any user who is traveling, and happens to try to get their mail while accessing from a .edu site won't be able to pick it up.
Only if they are accessing mail on MHSC systems, from an *.EDU dial-up. There are other dial-up options and MHSC has direct dial-up ports available. Also, we do allow VPN tunnels from *.EDU, but only to directed hosts with no routing and on advanced arrangement. The user that does so, does it under our TOS and AUP.
since imap popularity is growing, lack of imap service is also problematic.
It's balance of problems. We consider the rootkit risk more severe than the loss of business from *.EDU sites. We have secure POP3 and Web-based (SSL) mail, we are investigating POP3 over SSL. Those services are allowed to *.EDU, from MHSC. As has been shown by others, IMAPD attacks are on the rise. It would not do for a security advocate to get rootkit'd, just think of the publicity <grin>. It's one of the things that keep me up at night. Many of the vulnerable systems are in *.EDU, as has already been shown to my satisfaction. Granted, MHSC has always viewed *.EDU is a huge potential security risk. That is an unapologized bias on our part. It is the nature of the beast. When the reference code, for IMAPD, becomes better written, or we (MHSC) re-write it ourselves, we will reinstantiate the IMAPD service. Until then, it remains dead. A current example is a spammer that I've been tracing for weeks. They always come from a different host, but it's obviously the same guys, they are very good. Many of the relays they use have been root'd. The latest one I've found is at sun.soci.niu.edu. So a SAINT run against it yourself and see how vulnerable they are. If they aren't root'd now, they soon will be, IMHO. I am quickly gaining the unsupported suspicion that spammers may be behind many of the IMAPD attacks. They are looking for hosts to send their spew from. Note that this *is* an unsupported view/suspicion, I claim no solid evidence. _________________________________________________ Morgan Hill Software Company, Inc. Roeland M.J. Meyer, ISOC (RM993) President and CEO. e-mail: <mailto:rmeyer@mhsc.com>mailto:rmeyer@mhsc.com Web-pages: <http://www.mhsc.com/~rmeyer>http://www.mhsc.com/~rmeyer Web-site: <http://www.mhsc.com>http://www.mhsc.com Colorado Springs, CO - Livermore, CA - Morgan Hill, CA -----------------------------------------(legal notice)-------- Note: Statements made in this message do not necessarily reflect the position of MHSC. All forcasts and projections are to be considered as forward-looking and presume conditions which may not be referenced herein. -----------------------------------------(/legal notice)-------