Mailbox vulnerable?
Hongwei Li
hongwei at morpheus.wustl.edu
Mon Jun 28 18:27:17 UTC 2004
> I can confirm that warning messages appear in the log by uw-imapd.
> Normally I do not offer POP3 to my users, just IMAPs and with that I
> never had any issue. Now for testing I activated POP3 locally in
> addition and telneted to it. In result I get the message too:
>
> ==> /var/log/imaplog <=Jun 28 19:06:12 blacky ipop3d[14128]: Trying to get
> mailbox lock from
> process 29363
> Jun 28 19:06:13 blacky ipop3d[14128]: Mailbox vulnerable - directory
> /var/spool/mail must have 1777 protection
> Jun 28 19:06:13 blacky ipop3d[14128]: Login user=adalloz
> host=localhost.localdomain [127.0.0.1] nmsgs=207/207
> Jun 28 19:06:27 blacky ipop3d[14128]: Mailbox vulnerable - directory
> /var/spool/mail must have 1777 protection
> Jun 28 19:06:27 blacky ipop3d[14128]: Logout user=adalloz
> host=localhost.localdomain [127.0.0.1] nmsgs=207 ndele=0
>
> So I suggest checking bugzilla for reports about that. If nothing is in
> there you might fill in a report yourself. Though I doubt there will be
> ever a fix as uw-imapd is no more shipped with current FC2. You may
> switch over to dovecot or disable POP3 and let your users use IMAP. Or
I do use uw-imapd. What is shipped with fc2? how to switch over to
dovecot in fc1? Any document or link I can read? Thanks!
Hongwei
More information about the fedora-list
mailing list