[Dovecot] how secure is Dovecot when exposed to the Internet?
$ dovecot -n # 1.1.11: /etc/dovecot/dovecot.conf # OS: Linux 2.6.28-11-server x86_64 Ubuntu 9.04 protocols: imap imaps managesieve
I need to make an IMAP (actually imaps) server available over the Internet. Unfortunately, VPN is not available (not all clients support VPN), so I will have to expose the imaps port to the Internet.
My question is: how reliable is Dovecot in such a setup? I am not talking about encryption (protecting the traffic between server and client). I am talking about having the daemon exposed to anything coming in from the Internet, buffer overflows and stuff like that.
What's the security history of this software in situations like this?
-- Florin Andrei
On Aug 10, 2009, at 2:55 AM, Florin Andrei wrote:
My question is: how reliable is Dovecot in such a setup? I am not
talking about encryption (protecting the traffic between server and
client). I am talking about having the daemon exposed to anything
coming in from the Internet, buffer overflows and stuff like that.What's the security history of this software in situations like this?
Timo Sirainen wrote:
OK, that's pretty convincing. Thanks.
-- Florin Andrei
participants (2)
-
Florin Andrei
-
Timo Sirainen