Displaying 11 results from an estimated 11 matches for "mcgrail".
2019 Mar 28
2
Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 28 March 2019 16:37 Kevin A. McGrail via dovecot <
<a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote:
<...
2020 May 07
6
What's a Reasonable Inbox Size?
Greetings,
I have several users who have inboxes that are over 20 GB.
Lately I have noticed Dovecot logs say it's taking over 30 seconds to
sync their mailboxes.
As email admins,? how do you handle inboxes that are so large? Do you
use mailbox types that have better performance like dbox? We're using
maildir.
What's a reasonable inbox size?? Is 20+ GB reasonable and nothing to
2020 May 07
2
What's a Reasonable Inbox Size?
Thanks for your response,
So, how do those rotation scripts work in concept?
People are still able to access their old inboxes, but it just moves
them to an archived state?
On 5/7/2020 9:40 AM, Kevin A. McGrail wrote:
> On 5/7/2020 11:39 AM, Asai wrote:
>> What's a reasonable inbox size?? Is 20+ GB reasonable and nothing to
>> worry about?
>>
> Great question.
>
> At my firm, we wrote rotation tools that work for mbox format to rotate
> inboxes monthly if they are over...
2009 Feb 26
1
Compilation Issue on Old Boxes with macro in src/master/main.c
I'm throwing an error compiling with a custom-compiled gcc 3.2.3 on one box.
The configuration string is CC=/usr/local/gcc3.2.3/bin/gcc CPPFLAGS=-I/usr/local/ssl/include LDFLAGS=-L/usr/local/ssl/lib ./configure --with-ssl=openssl --with-ssldir=/usr/local/ssl/certs --with-pam --with-pop3d --sysconfdir=/etc --localstatedir=/var
I've used this to compile on other older boxes with success.
2019 Mar 28
2
CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-2964 (Bug ID)
Vulnerability type: CWE-120
Vulnerable version: 2.0.14 - 2.3.5
Vulnerable component: fts, pop3-uidl-plugin
Report confidence: Confirmed
Researcher credits: Found in internal testing
Solution status: Fixed by Vendor
Fixed version: 2.3.5.1, 2.2.36.3
Vendor notification: 2019-02-05
Solution date: 2019-03-21
Public
2019 Mar 28
2
CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-2964 (Bug ID)
Vulnerability type: CWE-120
Vulnerable version: 2.0.14 - 2.3.5
Vulnerable component: fts, pop3-uidl-plugin
Report confidence: Confirmed
Researcher credits: Found in internal testing
Solution status: Fixed by Vendor
Fixed version: 2.3.5.1, 2.2.36.3
Vendor notification: 2019-02-05
Solution date: 2019-03-21
Public
2007 May 31
2
Possible Caching Bug showing up as a MIME Boundary Issue
Possible Caching Bug showing up as a MIME Boundary Issue
I'm using Dovecot version 1.0.0. I was using Dovecot version 1.0.0 beta3 or alpha4. I upgraded to Dovecot 1.0.0 to make sure that was not the issue.
Over the past few weeks on a server running a stable dovecot, I have seem a few emails arriving where the MIME document structure dividers are visible. I've included a
2019 Mar 28
0
Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
On 3/28/2019 7:42 AM, Aki Tuomi via dovecot wrote:
> olution:
> Operators should update to the latest Patch Release. The only workaround
> is to disable FTS and pop3-uidl plugin.
Hi Aki, thanks for the CVE.? For quick mitigation, can you confirm how
to disable these plugins and what they provide?? We'd like to assess if
we are using them while we rollout the fix.
Regards,
KAM
2019 Mar 28
0
Mitigation / disable FTS and pop3-uidl plugin was Re: CVE-2019-7524: Buffer overflow when reading extension header from dovecot index files
On 3/28/2019 10:40 AM, Aki Tuomi wrote:
>
> check for fts in mail_plugins. pop3-uidl is used by pop3_migration
> plugin.
Sorry if I'm dense but can you be more specific?? Are you talking about
checking conf files or binary files??
For example, does the existence of
/usr/local/lib/dovecot/lib20_fts_plugin.so imply an exploitable situation??
Are their settings in a conf file that
2020 May 07
0
[External] What's a Reasonable Inbox Size?
On 5/7/2020 11:39 AM, Asai wrote:
> What's a reasonable inbox size?? Is 20+ GB reasonable and nothing to
> worry about?
>
Great question.
At my firm, we wrote rotation tools that work for mbox format to rotate
inboxes monthly if they are over a certain size.? We also do the sent
items folders.
We find that large inboxes are bad for the server and bad for the client
because the MUAs
2020 May 07
0
[External] Re: What's a Reasonable Inbox Size?
On 5/7/2020 12:43 PM, Asai wrote:
> Thanks for your response,
>
> So, how do those rotation scripts work in concept?
>
> People are still able to access their old inboxes, but it just moves
> them to an archived state?
We rotate the folder to another name with the date like INBOX-2020-05-07
with instructions how to refresh their folder list (or even modify the
.subscription file