[Dovecot] how secure is Dovecot when exposed to the Internet?
Florin Andrei
florin at andrei.myip.org
Mon Aug 10 09:55:36 EEST 2009
$ dovecot -n
# 1.1.11: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.28-11-server x86_64 Ubuntu 9.04
protocols: imap imaps managesieve
I need to make an IMAP (actually imaps) server available over the
Internet. Unfortunately, VPN is not available (not all clients support
VPN), so I will have to expose the imaps port to the Internet.
My question is: how reliable is Dovecot in such a setup? I am not
talking about encryption (protecting the traffic between server and
client). I am talking about having the daemon exposed to anything coming
in from the Internet, buffer overflows and stuff like that.
What's the security history of this software in situations like this?
--
Florin Andrei
http://florin.myip.org/
More information about the dovecot
mailing list