aboutsummaryrefslogtreecommitdiffstats
path: root/website/testservers.html
blob: 5c212ccaba930f8af322515069f5b173c52387b7 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="description" content=""/>
<meta name="keywords" content=""/> 
<title>Fetchmail's Test List</title>
</head>
<body>
<table width="100%" cellpadding=0 summary="Canned page header"><tr>
<td width="30%">Back to <a href="/index.html">Home Page</a>
<td width="30%" align=right>Wed Oct 15 18:43:10 EDT 2003
</tr></table>
<hr />
<h1>Fetchmail's Test List</h1>

<p>Here are the server types on my regression-test list:</p>

<table border=1 width=80% align=center summary="Server list">
<tr>
<td><strong>Protocol &amp; Version:</strong></td>
<td><strong>Special Options:</strong></td>
</tr>
<tr><td>IMAP: CommuniGate IMAP server</td><td>IMAPrev1 STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5</td>
<tr><td>POP3: CommuniGate POP3 server</td><td>CAPA LAST APOP CRAM-MD5</td>
<tr><td>POP3: IntraStore POP3 mail server</td><td>!CAPA LAST</td>
<tr><td>APOP: IntraStore POP3 mail server</td><td>!CAPA LAST APOP</td>
<tr><td>IMAP: IntraStore IMAP mail server</td><td>IMAPrev1 IDLE AUTH=CRAM-MD5 AUTH=SKEY AUTH=ANONYMOUS</td>
<tr><td>POP3: Eudora EIMS</td><td>CAPA LAST APOP SASL CRAM-MD5 NTLM</td>
<tr><td>POP3: gmx.de pop server</td><td>!CAPA UIDL</td>
<tr><td>IMAP: IMail IMAP server</td><td>IMAP4rev1 AUTH=CRAM-MD5</td>
<tr><td>IMAP: Microsoft Exchange</td><td>IDLE AUTH=NTLM</td>
<tr><td>POP3: qpopper 3.1.2 (Eudora) patched with mysql</td><td>CAPA UIDL</td>
<tr><td>IMAP: Courier IMAP</td><td>IMAP4rev1</td>
<tr><td>POP3: Courier POP3</td><td>CAPA UIDL</td>
<tr><td>APOP: Qpopper using APOP</td><td>!CAPA</td>
<tr><td>IMAP: UW IMAP</td><td>IMAPrev1</td>
<tr><td>IMAP: Courier IMAP</td><td>IMAP4rev1</td>
<tr><td>POP3: Qpopper 4.0.5</td><td>CAPA UIDL</td>
</tr></table>

<p>If you control a post-office server that is not one of the types listed
here, please consider lending me a test account.  Note that I do <em>not</em>
need shell access, just the permissions to send mail to a mailbox the server
looks at and to fetch mail off of it.</p>

<p>I'd like to have weird things like a POP2 server on here.  Also more
closed-source servers because they tend to be broken in odd
ways. These are the real robustness tests.</p>

<hr />
<table width="100%" cellpadding=0 summary="Canned page header"><tr>
<td width="30%">Back to <a href="/index.html">Home Page</a>
<td width="30%" align=right>Wed Oct 15 18:43:10 EDT 2003
</tr></table>

<br clear="left" />
</BODY>
</HTML>
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-15 00:53:40 +0000
gt; <li><a name="cve-2010-1167" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1167">CVE-2010-1167:</a> Fetchmail <a href="fetchmail-SA-2010-02.txt">could exhaust all available memory and abort on certain computers (for instance Linux) in multibyte locales (for instance UTF-8) when dumping malformed headers in debug (-v -v) mode.</a> This bug was introduced long before 6.0.0 and has been fixed in release 6.3.17.</li> <li><a name="cve-2010-0562" href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0562">CVE-2010-0562:</a> Fetchmail <a href="fetchmail-SA-2010-01.txt">would overrun the heap when displaying X.509 TLS/SSL certificates with characters with high bit set in verbose mode on platforms where char is a signed type.</a> This bug was introduced in release 6.3.11 and has been fixed in release 6.3.14.</li> <li><a name="cve-2009-2666" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666">CVE-2009-2666:</a> Fetchmail <a href="fetchmail-SA-2009-01.txt">was found to validate SSL/TLS X.509 certificates improperly and allow man-in-the-middle-attacks to go undetected.</a> This bug has been fixed in release 6.3.11. For previous versions, use the <a href="fetchmail-SA-2009-01.txt">patch contained in the security announcement.</a></li> <li><a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></li> <li><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and has been fixed in release 6.3.9. For 6.3.8, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 and newer validate the APOP challenge more strictly.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974:</a> Fetchmail was found to <a href="fetchmail-SA-2006-03.txt">crash when refusing a message that was bound to be delivered by an MDA.</a> This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867">CVE-2006-5867:</a> Fetchmail was found to <a href="fetchmail-SA-2006-02.txt">omit TLS or send the password in clear text despite the configuration stating otherwise.</a> This was a long-standing bug reported by Isaac Wilcox, fixed in fetchmail 6.3.6. There will be no 6.2.X releases to fix this bug in 6.2.X.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321">CVE-2006-0321:</a> Fetchmail was found to <a href="fetchmail-SA-2006-01.txt">crash after bouncing a message with bad addresses. This bug was introduced with fetchmail 6.3.0 and fixed in fetchmail 6.3.2.</a></li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348">CVE-2005-4348:</a> Fetchmail was found to contain <a href="fetchmail-SA-2005-03.txt">a bug (null pointer dereference) that can be exploited to a denial of service attack</a> when fetchmail runs in multidrop mode. 6.2.5.5 and 6.3.1 have this bug fixed.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088">CVE-2005-3088:</a> Fetchmailconf was found to <a href="fetchmail-SA-2005-02.txt">open the configuration files world-readable, writing data to them, and only then tightening up permissions</a>, which may cause password information to be visible to other users. This bug affected fetchmail 6.2.0, 6.2.5 and 6.2.5.2. The bug is fixed in fetchmail 6.2.5.4 and 6.3.0.</li> <li><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335">CVE-2005-2335:</a> Fetchmail was found to contain a <a href="fetchmail-SA-2005-01.txt">remotely exploitable code injection vulnerability (potentially privileged code)</a> in the POP3 code, affecting both the 6.2.0 and 6.2.5 releases. 6.2.5.2, 6.2.5.4 and 6.3.0 have got this bug fixed. (Other versions have not been checked if they contain this bug.)</li> </ul> <p style="font-size:100%"><strong>Please <a href="http://sourceforge.net/projects/fetchmail/files/">update to the newest fetchmail version</a>.</strong></p> </div> </body> </html>
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-15 00:53:40 +0000