HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   HOWTO-Related Questions (http://www.howtoforge.com/forums/forumdisplay.php?f=2)
-   -   Postfix courier, IMAP squirrelmail accepting any passwords for users accounts ERROR** (http://www.howtoforge.com/forums/showthread.php?t=48799)

j.smith1981 15th September 2010 10:36

Postfix courier, IMAP squirrelmail accepting any passwords for users accounts ERROR**
 
Hi all,

Having a bit of a worry here!

I am able to login to Squirrelmail after falco's tutorial with any password given.

ie if I type myusername@mydomain.com then say 123456 as my password, i get to login.

but if I was to say change my password 654321 it still accepts that, why on earth is this?

Does anyone know of anyway of stopping this? Just shouldnt be happening, wasnt happening yesturday thats for sure.

Be interesting to see anyones reply.

Kind regards and I look forward to a response in advance,
Jeremy.

falko 16th September 2010 13:57

How exactly did you change the password?

j.smith1981 16th September 2010 16:36

I didnt change the password at all.

Its just started accepting any passwords I input, its got nothing to do with changing passwords at all.

The example I gave was what I have found wrong.

Not even that above I mean say I typed invents into the password field, it would still let me in without it being what its supposed to be as such

Say my real password was 'welcome1'

The password I input into squirrelmail login was s56pj879, it would still let me in with the latter password, even though its completely different to the database.

I am really confused as this should not be happening!

Jeremy

j.smith1981 16th September 2010 16:38

Right I have this.

Its obviously not working for that user, I input a username say myuser@example.com

With password : 45645 (stored in the users password row for that selected user 'myuser@'

But on the database its actually 123456 yea?

But then 45645 is a password for another user, how come its obviously accepting that as a valid password?

Thats what I am essentially getting at.

Its got nothing to do with changing of passwords, doesnt appear to work even that for me, so there's no point in pondering that as I havent changed passwords for any of the email accounts.

Jeremy

j.smith1981 17th September 2010 13:25

I have these logs which may have something to do with it:

Its a logcheck script.

Quote:

Sep 17 11:37:39 server1 clamd[3209]: SelfCheck: Database status OK.
Sep 17 11:45:37 server1 postfix/smtpd[6662]: sql_select option missing
Sep 17 11:45:37 server1 postfix/smtpd[6662]: auxpropfunc error no mechanism available
Sep 17 11:45:48 server1 postfix/smtpd[6681]: sql_select option missing
Sep 17 11:45:48 server1 postfix/smtpd[6681]: auxpropfunc error no mechanism available
Sep 17 11:55:39 server1 clamd[3209]: SelfCheck: Database status OK.
Sep 17 12:03:34 server1 postfix/smtpd[7092]: sql_select option missing
Sep 17 12:03:34 server1 postfix/smtpd[7092]: auxpropfunc error no mechanism available
This may shed some light onto this problem perhaps?

Hmm bit annoying though!

Thanks for your help so far though,
Jeremy

falko 17th September 2010 15:30

Does your /etc/postfix/sasl/smtpd.conf look exactly like in the tutorial?

j.smith1981 17th September 2010 17:10

There isnt one, this is for the centos 4.8 tutorial though was that supposed to be in there for this tutorial?

falko 18th September 2010 13:09

Ok, on CentOS 4.8, the file is /usr/lib/sasl2/smtpd.conf (32bit) or /usr/lib64/sasl2/smtpd.conf (64bit). Does it look like in the tutorial?

j.smith1981 20th September 2010 10:24

Thanks falco, I have copied the contents of the file here:

Quote:

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket
Hmm i've emptied the SQL tables to see if that helps with this.

Looking forward to your reply, still think it could be a glitch though myself unless I havent removed or amended something in there (I always copy and paste commands now so it could be my mistake).

Hope this helps with my annoying situation lol.

Thanks again,
Jez.

falko 21st September 2010 18:31

The file looks ok. I'm not sure what is wrong. Are there any other errors in your mail log?


All times are GMT +2. The time now is 16:43.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.