-----Original Message----- From: Mixter <mixterat_private> To: BUGTRAQat_private <BUGTRAQat_private> Date: Tuesday, November 30, 1999 10:23 AM Subject: serious Qpopper 3.0 vulnerability >PS: The installation file suggests to run qpopper without tcpd, e.g.: >pop3 stream tcp nowait root /usr/local/lib/qpopper qpopper -s >I would NOT suggest doing it that way. Use: >pop3 stream tcp nowait root /usr/sbin/tcpd qpopper -s >instead. At least for me it works behind a tcp wrapper, and that way, >you can use access control and every connection _attempt_ gets logged. Does anyone know why qpopper suggests running without wrappers? Does it lose some functionality that way, or is it deadwood from a previous incompatibility between tcpd and qpopper? It seems pretty significant to suggest not using wrappers, and I would expect a significant reason for that, but I don't recall seeing anything about it in the docs. Josh Higham
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:15:45 PDT