Which Email server is more secure?

[satyendra84]

Dear friends,

Problem: My institute is using squirrel email server from last five years for around 4000 email accounts. Today i came to know about vulnerability of our email server that while logging into it anyone in the LAN running sniffing tools can get the user name and password easily. My system administrator assigned me the task to come up with more secure solution.
so kindly suggest me the solution.....

[daark.child]

Squirrelmail is just a web frontend. There should be some other app e.g. Sendmail, Postfix, Exim etc thats acting as the actual mail server.

[satyendra84]

can u suggest some solution of mentioned vulnerability.....

[davidanand]

Hey,

To install qmail toaster plz follow the URL
It is easy to manage via graphical too ....
Bill's Linux Qmail Toaster v. 0.9.2
and you can use the same squirrel mail as your front end ...!!

[centuser1]

I suggest going to squirell mails site and see if they have a fix.

consider upgrade if possible.

However, if they are part of your lan a few things I would think..


1...non encrypted inputs and outputs are easily grabbed or proxied by just about anyone on the lan.

2 even a poor hacker can find tools to interecept I/O inside of a LAN and act as an intermediary....even with encryption sometimes....depending on how encrypted.

I would hire a security expert to just come in and go over the dos and donts...especially what could happen if you have a devious person working for you.

Fact is, if someone is on your LAN, they are already past most of your major defenses (at least most comapnies).

Logging all things going on, which terminal, and all that helps...sniffer rooter outer programs are out there too,

My best idea is to have the boss spend some cash on a network security professional as soon as possible. Nothing can be cheaper when you factor in how much it could cost you

[davidanand]

If you feel that squirrel mail is not secure try horde....
Horde Projects.....
any how all depends on your security