What server? legacy stuff I am afraid, freeware imapd v11.241 on a poor old SGI indy, 180Mhz MIPS R5000, which to its credit has survived remarkably well but my fear that it is nearing the end of its natural life, is shared by the whole team (3 of us!). I asked why it wasn't retired years ago, the answer I got struck warning bells, because when paraphrased it was, 'Security through Obscurity' , more people know how to crack a linux than a irix box. I personally believe this is rubbish, IRIX has not got a fantastic trackrecord in this area, and getting patches and ports in without a licensed cc is ... well don't ask.

Will check out Cyrus, also I've found an exchange server replacment claimant that looks interesting.

You don't know how many people have used PITA in the same sentence as Lotus, I laffed when I read that ++

I'm going to go even farther afield, and suggest the IMAP server we use at work. It's Windows-based, but it can run on Win2k Pro. Actually it can run on NT, or even 9x, but I wouldn't recommend that. www.mdaemon.com - their 6.70 release just came out the other day. They've licensed Bynari's client plugin, so that Outlook users can use IMAP behind-the-scenes (even if your version of Outlook doesn't support IMAP natively) The product is inexpensive: They have POP or IMAP in the Pro version, they have an IMAP-based web-mail product that supports SSL, and has it's own calendar that will be integrated with Outlook in the next rev, they have a server-based IM system (looking to integrate with Trillian I think.) Inexpensive add-ons: AV product plugin based on Kaspersky, but you can use something else, the Bynari client (Groupware) will be an additional cost when it's release (you can start playing with the betas now if you'd like) The only PITA for me right now - they don't support IMAP SEARCH BODY, which I believe was one of your requirements. I've made a point to get that wish-listed. MDaemon keep messages as RFC-822 text files in server-side directories, one per IMAP folder. So, a server-side search-engine would be a worthwhile project; Perl seems like it would fit the bill. Email me (mfinnigan@telaid.com) if you think you would like to hear more from me on the topic.

'Security through Obscurity' , more people know how to crack a linux than a irix box.

As it stands today, the entire security industry is obscurity. From passwords to cryptography it is all reliant on obscurity. You just need the proper amount of obscurity to minimize the risks for the job at hand.

Not the greatest example, but do a search for department of defense webstar and see what pops up.

Howdy!

"Security through obscurity" refers to the concept of hiding the mechanisms that provide the security rather than key security. If everyone can find out how the lock works, weaknesses in the mechanism become exposed. If knowing how the lock works does not make discerning a specific key usefully easier, the lock is that much stronger.

Now, using secrecy laws to try to obscure the innards of crypto gear does arguably fall under that term.

Securing passwords (keys) does not constitute "security through obscurity". Deliberately opting to stay with an old, less well known system because less people are familiar with cracking it does constitute "security through obscurity". I hope you see the difference.

yours,
Michael