Hello, I'm using Cyrus on a Debian box, with pop3s. I found some time ago that someone was able to place a spamming tool in the /var/spool/cyrus/ directory. I cleaned it and changed all my passwords. All seemed ok. I figured out this week that an IRC bot was at the same place. I changed my passwords again, and upgraded to the last Cyrus Debian package. It looks like the cracker gained root access. I don't have the time and window to reinstall my system. My question would be : have you already heard of such breaks ? The Cyrus account has shell access in passwd. Is it necessary ? Could I put it to /bin/false, and change it when I want to su to it for changing smth ? Thanks ! Rudi ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
