Menu
▾
▴
RE: [fetchmail-users] Accessing user mailbox from another account
|
From: Ian M. <ia...@in...> - 2006-06-23 17:09:03
|
Frederic It is only a way to permit cross mailbox access. Neither of the accounts needs to be privileged, account A only needs access to mailbox B. Considering how it works, I would be surprised if something similar did not exist in many linux based pop3 servers out there. The possibility for an attack on the server using the admin account would exist regardless. An attacker can always try the administrator account, but you have to take the following into account before that would work: - pop3 must be enabled for the admin account... Which normally it would not be. - The admin account has not been renamed (also under windows the admin account has a local spelling, so in france it is administrateur - you have no way of knowing) - Have loads of patience - usually after several failed tries the server stops authenticating the connections and you don't know when it has stopped authenticating and is simply failing all attempts. - As far as I know any linux based pop3 server will allow access to the email for the root account in the same way. In my experience dictionary attacks have been a waste of time for over 10 years on most systems... Embedded systems excluded. Ian Murphy Integra XP http://www.integra-xp.com 00 34 94 621 5265 |
