We've been using SquirrelMail for years and have by and large been super happy. Recently we had what we feel is a very strange session issue that we think is likely related to PHP, but I wanted to toss it out here in case anyone else had seen this before. We got a report the other day of someone sending a message from squirrel and when the message sent the from address was set to that of another one of our users. For example: bobuser@xxxxxxxxxx logs into SM, composes a messages and sends it. When the message is received by the recipient it reports the From: address as joeuser@xxxxxxxxxxx Luckily we were also able to get the full headers for this message and the header showed that the SquirrelMail authenticated user was bobuser@xxxxxxxxxx, but shows all the from info as joeuser@xxxxxxxxxxx The mail logs also showed the message and reported all the activity as from joeuser@xxxxxxxxxx While researching this I found that this had happened at least one other time before, and had been happening someone consistently for this third user. While troubleshooting they noticed their system clock was set to 1970 for some reason. They set their clock to the correct time and it has not happened since. On a whim with this new case I had both bobuser and joeuser check their system clocks and sure enough, one was set to 2001 and one was set to 1970. Now, this seems Awfully strange to me and rather frustrating because I'd really rather not have people sending mail from the wrong user and of course I can't control what all of my users clocks are set to. I'm suspecting it might be a session oddity and somehow when the date is way off it is confusing the session expiration. However, this really doesn't seem to explain how they were getting someone else's prefs, at least partially. Has anyone else seen or heard of anything like this? At the time of the report we were running apache 2.2.2 (now 2.2.3 because of today's advisory), with php 5.1.3 and a patched version of SM 1.4.6 (I will be upgrading SM on Monday to the true 1.4.7 version). All of this runs on FreeBSD 4.11. Let me know what other information I can provide. Thanks much. Matt Ruzicka - Senior Systems Administrator Front Range Internet, Inc. matt@xxxxxxxx - (970) 212-0728 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
