> We've been using SquirrelMail for years and have by and large been super > happy. Recently we had what we feel is a very strange session issue that > we think is likely related to PHP, but I wanted to toss it out here in > case anyone else had seen this before. > > We got a report the other day of someone sending a message from squirrel > and when the message sent the from address was set to that of another one > of our users. > > For example: bobuser@xxxxxxxxxx logs into SM, composes a messages and > sends it. When the message is received by the recipient it reports the > From: address as joeuser@xxxxxxxxxxx > > Luckily we were also able to get the full headers for this message and the > header showed that the SquirrelMail authenticated user was > bobuser@xxxxxxxxxx, but shows all the from info as joeuser@xxxxxxxxxxx > > The mail logs also showed the message and reported all the activity as > from joeuser@xxxxxxxxxx > > While researching this I found that this had happened at least one other > time before, and had been happening someone consistently for this third > user. While troubleshooting they noticed their system clock was set to > 1970 for some reason. They set their clock to the correct time and it has > not happened since. > > On a whim with this new case I had both bobuser and joeuser check their > system clocks and sure enough, one was set to 2001 and one was set to > 1970. > > Now, this seems Awfully strange to me and rather frustrating because I'd > really rather not have people sending mail from the wrong user and of > course I can't control what all of my users clocks are set to. > > I'm suspecting it might be a session oddity and somehow when the date is > way off it is confusing the session expiration. However, this really > doesn't seem to explain how they were getting someone else's prefs, at > least partially. > > Has anyone else seen or heard of anything like this? > > At the time of the report we were running apache 2.2.2 (now 2.2.3 because > of today's advisory), with php 5.1.3 and a patched version of SM 1.4.6 (I > will be upgrading SM on Monday to the true 1.4.7 version). All of this > runs on FreeBSD 4.11. > > Let me know what other information I can provide. Both users use Internet Explorer, right? Which Windows version and which Explorer version? -- Tomas ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
