Postfix courier, IMAP squirrelmail accepting any passwords for users accounts ERROR**

[j.smith1981]

Hi all,

Having a bit of a worry here!

I am able to login to Squirrelmail after falco's tutorial with any password given.

ie if I type myusername@mydomain.com then say 123456 as my password, i get to login.

but if I was to say change my password 654321 it still accepts that, why on earth is this?

Does anyone know of anyway of stopping this? Just shouldnt be happening, wasnt happening yesturday thats for sure.

Be interesting to see anyones reply.

Kind regards and I look forward to a response in advance,
Jeremy.

[falko]

How exactly did you change the password?

[j.smith1981]

I didnt change the password at all.

Its just started accepting any passwords I input, its got nothing to do with changing passwords at all.

The example I gave was what I have found wrong.

Not even that above I mean say I typed invents into the password field, it would still let me in without it being what its supposed to be as such

Say my real password was 'welcome1'

The password I input into squirrelmail login was s56pj879, it would still let me in with the latter password, even though its completely different to the database.

I am really confused as this should not be happening!

Jeremy

[j.smith1981]

Right I have this.

Its obviously not working for that user, I input a username say myuser@example.com

With password : 45645 (stored in the users password row for that selected user 'myuser@'

But on the database its actually 123456 yea?

But then 45645 is a password for another user, how come its obviously accepting that as a valid password?

Thats what I am essentially getting at.

Its got nothing to do with changing of passwords, doesnt appear to work even that for me, so there's no point in pondering that as I havent changed passwords for any of the email accounts.

Jeremy

[j.smith1981]

I have these logs which may have something to do with it:

Its a logcheck script.

Quote:

Sep 17 11:37:39 server1 clamd[3209]: SelfCheck: Database status OK.
Sep 17 11:45:37 server1 postfix/smtpd[6662]: sql_select option missing
Sep 17 11:45:37 server1 postfix/smtpd[6662]: auxpropfunc error no mechanism available
Sep 17 11:45:48 server1 postfix/smtpd[6681]: sql_select option missing
Sep 17 11:45:48 server1 postfix/smtpd[6681]: auxpropfunc error no mechanism available
Sep 17 11:55:39 server1 clamd[3209]: SelfCheck: Database status OK.
Sep 17 12:03:34 server1 postfix/smtpd[7092]: sql_select option missing
Sep 17 12:03:34 server1 postfix/smtpd[7092]: auxpropfunc error no mechanism available

This may shed some light onto this problem perhaps?

Hmm bit annoying though!

Thanks for your help so far though,
Jeremy

[falko]

Does your /etc/postfix/sasl/smtpd.conf look exactly like in the tutorial?

[j.smith1981]

There isnt one, this is for the centos 4.8 tutorial though was that supposed to be in there for this tutorial?

[falko]

Ok, on CentOS 4.8, the file is /usr/lib/sasl2/smtpd.conf (32bit) or /usr/lib64/sasl2/smtpd.conf (64bit). Does it look like in the tutorial?

[j.smith1981]

Thanks falco, I have copied the contents of the file here:

Quote:

pwcheck_method: authdaemond
log_level: 3
mech_list: PLAIN LOGIN
authdaemond_path:/var/spool/authdaemon/socket

Hmm i've emptied the SQL tables to see if that helps with this.

Looking forward to your reply, still think it could be a glitch though myself unless I havent removed or amended something in there (I always copy and paste commands now so it could be my mistake).

Hope this helps with my annoying situation lol.

Thanks again,
Jez.

[falko]

The file looks ok. I'm not sure what is wrong. Are there any other errors in your mail log?