On Thu, 2011-07-28 at 13:33 -0500, John R. Dennison wrote:
On Mon, Jul 25, 2011 at 07:14:39PM +0100, Keith Roberts wrote:
+1 that's what my hosting provider gives on my webmail service, and I think it's a nice application to use.
Please excuse the untimely response - been busy.
I'd give users Exchange and OWA before I would even consider Horde and its ilk; their track record with regards to security is abysmal and while it may have gotten somewhat better in the past year or so the security track record of that project leaves an extremely bad taste in my mouth.
---- Not going to comment on Exchange/OWA
Horde/Imp etc. security track record is no worse than any other PHP based web-mail solution. It has all the attack vectors - PHP, SQL, IMAP etc. It is so flexible that you can use pretty much any IMAP server (including Exchange), any SQL DB, any web server, etc. which of course leaves many possibilities for misconfiguration. What really happens is that they are sometimes used for sending out spam because of bad password policies on many servers. To the Horde/IMP developers credit, they do have rate limiting methods available. It's also used by many universities throughout the world.
And by the way, check your apache logs... the webmail server script kiddies are looking for is roundcube
Craig