Please spare us the top-posting of your signature and so forth, thanks. > >> I guess I'll start with a short greeting to all out there... and just so > >> you > >> know, this is my first post. > >> > >> As a background info, here is my configtest.php > >> > >> SquirrelMail configtest > >> > >> This script will try to check some aspects of your SquirrelMail > >> configuration and point you to errors whereever it can find them. You > >> need > >> to go run conf.pl in the config/ directory first before you run this > >> script. > >> > >> > >> SquirrelMail version: 1.4.8-4.0.1.el4.centos > >> Config file version: 1.4.0 > >> Config file last modified: 11 December 2007 23:50:48 Checking PHP > >> configuration... > >> PHP version 4.3.9 OK. > >> PHP extensions OK. > >> Checking paths... > >> Data dir OK. > >> Attachment dir OK. > >> > >> > >> ERROR: You have enabled the msg_flags plugin but I cannot read its > >> setup.php file. Plugins OK. > >> Themes OK. > >> Default language OK. > >> Base URL detected as: https://webmail.jsums.edu/webmail/src > >> (location > >> base autodetected) > >> Checking outgoing mail service.... > >> SMTP server OK (220 ccaix.jsums.edu ESMTP Sendmail 8.13.1/8.13.1; > >> Wed, > >> 12 Dec 2007 00:24:39 -0600) > >> Checking IMAP service.... > >> IMAP server ready (* OK ccaix.jsums.edu Cyrus IMAP4 > >> v2.2.12-Invoca-RPM-2.2.12-8.1.RHEL4 server ready) > >> Capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ > >> MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT > >> CHILDREN > >> MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES > >> ANNOTATEMORE > >> IDLE AUTH=PLAIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE > >> Checking internationalization (i18n) settings... > >> gettext - Gettext functions are available. You must have > >> appropriate > >> system locales compiled. > >> mbstring - Mbstring functions are available. > >> recode - Recode functions are unavailable. > >> iconv - Iconv functions are available. > >> timezone - Webmail users can change their time zone settings. > >> Checking database functions... > >> not using database functionality. > >> > >> > >> Congratulations, your SquirrelMail setup looks fine to me! > >> > >> Login now > >> > >> > >> Now the problem... we've been using sm for about a year, with good > >> results... this morning I was called to help a user how claimed that the > >> emails that she was sending were being delivered as a coming from a > >> different user; she was running ie 6 (I think), and she was the only > >> person > >> using her computer (so that rules out some one else using it and letting > >> ie > >> save their username and passwords to login to sm). > >> > >> In general our sm talkes to our cyrus server... all sm settings are > >> stored > >> in the sm server and all other mailbox info in the cyrus server... > >> > >> When I checked the destination mailbox for that mail that was sent from > >> her > >> account; the message headers did not show her username at all; they were > >> showing that the message came from a whole different user (evethough she > >> typed in her correct username and password at the login screen). > > > > You probably mean the > From: header had an email address that did not > > belong to her....?? You need to be SPECIFIC about WHAT *EXACTLY* you > > checked and WHAT *EXACTLY* did not match or we cannot accurately help > > you. > > > > I mean every header (not just the FROM, etc.) in that email has a different > username than the one that logged in... then when I tested myself, I user > the user's username and password and it logged in as a complete different > user (different from the username and password that i typed and different > from the one that was noted when the user realized that something was wrong. What don't you understand about the word "exactly"? If you cannot answer the questions you are asked, please don't waste our time. PROVE that when you logged in with the user's credentials that the IMAP server actually logged you in as another user. This should show up in the logs which you should be watching as you debug this problem. If you don't know how to watch the logs, that means you didn't read the mailing list posting guidelines. > >> When I tried to send from her account, the composed window showed a > >> signature information that did not belong to her; and this was not even > >> the > >> same account that prompted the support call; is was like the sm was > >> taking > >> her username and just opening random preferences files... what is odd is > >> that the cyrus server shows now record of those mails being sent from > >> her > >> account... log files say [squirrelmail authenticated user joe.doe] where > >> her > >> username was mary.smith, for example. > >> > >> I was not able to replicate this behavior a 3rd time, and it only seemed > >> to > >> be on her laptop.... I have not gotten any other reports of such > >> symptoms... > >> > >> Under what conditions will squirrelmail take a username and password, > >> and > >> pass them to a cyrus server as complete different username and password > >> sets... and they are correct sine the cyrus server took them.... > > > > It is not clear to me what you are looking at, but my guess is that > > the user's preferences have been changed/compromised, and that this > > has nothing to do with the account username and password. If the user > > can log in on the login screen with her username and password, then > > the IMAP server is not involved and the problem is simply that the > > preferences have been changed. This can happen by way of a known > > issue in SM where preferences can be replaced by other users who log > > in to the same SqurirelMail installation on a computer where another > > user on the same SquirrelMail server was already logged in. The > > solution in this case is to manually reset the user's preferences (by > > deleting the preference file or asking the user to change them in the > > personal options page) and to make it clear to all users that they > > should LOG OUT before anyone else logs in to SquirrelMail from the > > same computer. > > > > The user was working on a laptop that was assigned to her... she said that > noone else has used that laptop... even if internet explorer was having a > bug (remembering cookies or something like that), somehow it transformed her > username and password into someone else's... Somehow I doubt the username and password (especially the latter) were magically "transformed" at all. > When I tested it, I closed her explorer and reopened it, typed her username > and password and it let me login with those credentials, but it took me to a > different user's prefs... even the signature that you append to the end of > the messages was not hers... of course, it was that from the other/wrong > user... You don't get "taken to the prefs" when you log in. You have to be much more PRECISE when you explain the problem. If you mean that the name and email address in the personal options page are wrong, then that sounds exactly like the problem I already described and which you denied at the beginning of your message. But here, you seem to be confirming the problem -- for which I already gave you the solution. Why don't you try to use my solution before you post back with no more useful information than you sent the first time? > > If the user's account password was somehow compromised, that has > > nothing to do with software and everything to do with password > > strength and/or personal computer security. Having the user change > > her password to something new and secure is a good idea in this case. > > > >> Any help is much needed and appreciated. > >> > >> Thanks in advenced and sorry for the log post... but I think it is > >> necessary > >> > >> > > ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
