> I have installed change_sqlpass plugin, and set my mysql database > to "force change password", it worked but i found > out that users can still "Compose" and send mail before > changing password. This was not intended as a security feature. I'm sure it can be fixed, and I'll put it on my list, but in the meantime.... > Am i doing something wrong in the installation or this is > the way the plugin currently works. > > - Squirrelmail 1.4.17 > - Compatibility 2.0.13 > - change_sqlpass 3.3-1.2 > > Actually i am addressing situation where our user's pass > had been hijacked and trough a kind of 'bot', being used to send out spam > from > our server. If you are experiencing abuse, a much better solution is to actually change the password and contact the user. If you want SquirrelMail to monitor accounts for suspicious mass outgoing emails (and optionally automatically block such accounts from sending once they have been identified), I suggest the Restrict Senders plugin instead. > It will be nice if "compose" can be blocked as well until > user change password. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donations.php ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
