On 28 March 2019 16:44 Kevin A. McGrail via dovecot < dovecot@dovecot.org> wrote:

On 3/28/2019 10:40 AM, Aki Tuomi wrote:

>

check for fts in mail_plugins. pop3-uidl is used by pop3_migration

plugin.

Sorry if I'm dense but can you be more specific? Are you talking about

checking conf files or binary files?

For example, does the existence of

/usr/local/lib/dovecot/lib20_fts_plugin.so imply an exploitable situation?

Are their settings in a conf file that disable those plugins?

Regards,

KAM

Plugin needs to be explicitly loaded in configuration.

---
Aki Tuomi