On Thu, 2011-07-28 at 13:33 -0500, John R. Dennison wrote: > On Mon, Jul 25, 2011 at 07:14:39PM +0100, Keith Roberts wrote: > > > > +1 that's what my hosting provider gives on my webmail > > service, and I think it's a nice application to use. > > Please excuse the untimely response - been busy. > > I'd give users Exchange and OWA before I would even consider Horde and > its ilk; their track record with regards to security is abysmal and > while it may have gotten somewhat better in the past year or so the > security track record of that project leaves an extremely bad taste in > my mouth. ---- Not going to comment on Exchange/OWA Horde/Imp etc. security track record is no worse than any other PHP based web-mail solution. It has all the attack vectors - PHP, SQL, IMAP etc. It is so flexible that you can use pretty much any IMAP server (including Exchange), any SQL DB, any web server, etc. which of course leaves many possibilities for misconfiguration. What really happens is that they are sometimes used for sending out spam because of bad password policies on many servers. To the Horde/IMP developers credit, they do have rate limiting methods available. It's also used by many universities throughout the world. And by the way, check your apache logs... the webmail server script kiddies are looking for is roundcube Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.