--
--
--
Rafael Mahecha
E-mail Administrator
Office of Information Management
Jackson State University
JSU e-Center
1230 Raymond Road
Jackson, MS 39204
mahecha@xxxxxxxxx
(601)-979-1783
http://www.jsums.edu
On Thu, December 13, 2007 9:23 pm, Paul Lesniewski wrote:
> On Dec 11, 2007 10:51 PM, Rafael Mahecha <mahecha@xxxxxxxxx> wrote:
>> I guess I'll start with a short greeting to all out there... and just so
>> you
>> know, this is my first post.
>>
>> As a background info, here is my configtest.php
>>
>>
>>
>>
>>
>> SquirrelMail configtest
>>
>> This script will try to check some aspects of your SquirrelMail
>> configuration and point you to errors whereever it can find them. You
>> need
>> to go run conf.pl in the config/ directory first before you run this
>> script.
>>
>>
>> SquirrelMail version: 1.4.8-4.0.1.el4.centos
>> Config file version: 1.4.0
>> Config file last modified: 11 December 2007 23:50:48 Checking PHP
>> configuration...
>> PHP version 4.3.9 OK.
>> PHP extensions OK.
>> Checking paths...
>> Data dir OK.
>> Attachment dir OK.
>>
>>
>> ERROR: You have enabled the msg_flags plugin but I cannot read its
>> setup.php file. Plugins OK.
>> Themes OK.
>> Default language OK.
>> Base URL detected as: https://webmail.jsums.edu/webmail/src
>> (location
>> base autodetected)
>> Checking outgoing mail service....
>> SMTP server OK (220 ccaix.jsums.edu ESMTP Sendmail 8.13.1/8.13.1;
>> Wed,
>> 12 Dec 2007 00:24:39 -0600)
>> Checking IMAP service....
>> IMAP server ready (* OK ccaix.jsums.edu Cyrus IMAP4
>> v2.2.12-Invoca-RPM-2.2.12-8.1.RHEL4 server ready)
>> Capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+
>> MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT
>> CHILDREN
>> MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES
>> ANNOTATEMORE
>> IDLE AUTH=PLAIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
>> Checking internationalization (i18n) settings...
>> gettext - Gettext functions are available. You must have
>> appropriate
>> system locales compiled.
>> mbstring - Mbstring functions are available.
>> recode - Recode functions are unavailable.
>> iconv - Iconv functions are available.
>> timezone - Webmail users can change their time zone settings.
>> Checking database functions...
>> not using database functionality.
>>
>>
>> Congratulations, your SquirrelMail setup looks fine to me!
>>
>> Login now
>>
>>
>> Now the problem... we've been using sm for about a year, with good
>> results... this morning I was called to help a user how claimed that the
>> emails that she was sending were being delivered as a coming from a
>> different user; she was running ie 6 (I think), and she was the only
>> person
>> using her computer (so that rules out some one else using it and letting
>> ie
>> save their username and passwords to login to sm).
>>
>> In general our sm talkes to our cyrus server... all sm settings are
>> stored
>> in the sm server and all other mailbox info in the cyrus server...
>>
>> When I checked the destination mailbox for that mail that was sent from
>> her
>> account; the message headers did not show her username at all; they were
>> showing that the message came from a whole different user (evethough she
>> typed in her correct username and password at the login screen).
>
> You probably mean the
From: header had an email address that did not
> belong to her....?? You need to be SPECIFIC about WHAT *EXACTLY* you
> checked and WHAT *EXACTLY* did not match or we cannot accurately help
> you.
>
I mean every header (not just the FROM, etc.) in that email has a different username than the one that logged in... then when I tested myself, I user the user's username and password and it logged in as a complete different user (different from the username and password that i typed and different from the one that was noted when the user realized that something was wrong.
>> When I tried to send from her account, the composed window showed a
>> signature information that did not belong to her; and this was not even
>> the
>> same account that prompted the support call; is was like the sm was
>> taking
>> her username and just opening random preferences files... what is odd is
>> that the cyrus server shows now record of those mails being sent from
>> her
>> account... log files say [squirrelmail authenticated user joe.doe] where
>> her
>> username was mary.smith, for example.
>>
>> I was not able to replicate this behavior a 3rd time, and it only seemed
>> to
>> be on her laptop.... I have not gotten any other reports of such
>> symptoms...
>>
>> Under what conditions will squirrelmail take a username and password,
>> and
>> pass them to a cyrus server as complete different username and password
>> sets... and they are correct sine the cyrus server took them....
>
> It is not clear to me what you are looking at, but my guess is that
> the user's preferences have been changed/compromised, and that this
> has nothing to do with the account username and password. If the user
> can log in on the login screen with her username and password, then
> the IMAP server is not involved and the problem is simply that the
> preferences have been changed. This can happen by way of a known
> issue in SM where preferences can be replaced by other users who log
> in to the same SqurirelMail installation on a computer where another
> user on the same SquirrelMail server was already logged in. The
> solution in this case is to manually reset the user's preferences (by
> deleting the preference file or asking the user to change them in the
> personal options page) and to make it clear to all users that they
> should LOG OUT before anyone else logs in to SquirrelMail from the
> same computer.
>
The user was working on a laptop that was assigned to her... she said that noone else has used that laptop... even if internet explorer was having a bug (remembering cookies or something like that), somehow it transformed her username and password into someone else's...
When I tested it, I closed her explorer and reopened it, typed her username and password and it let me login with those credentials, but it took me to a different user's prefs... even the signature that you append to the end of the messages was not hers... of course, it was that from the other/wrong user...
> If the user's account password was somehow compromised, that has
> nothing to do with software and everything to do with password
> strength and/or personal computer security. Having the user change
> her password to something new and secure is a good idea in this case.
>
>> Any help is much needed and appreciated.
>>
>> Thanks in advenced and sorry for the log post... but I think it is
>> necessary
>>
>>
>
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
