[Dovecot] Authentication and the wrong mailbox?

Rich West Rich.West at wesmo.com
Sat Apr 9 19:48:57 EEST 2005


*whew*  That's comforting, actually, to know that it wasn't just me. :)

I've done the same.. created a dovecot-ldap.conf and updated the 
dovecot.conf accordingly.

A restart of dovecot, and it is happily running.  Hopefully, we won't 
see this problem again!

Thanks for your help!
-Rich

> Yep, that's *exactly* the setup we have.
>
> It's very easy... just a configuration change.
>
> Rich West wrote:
>
>> Really??  I have to tell you, it's scary!
>>
>> We're using 0.99.13, the RPM that came with FC3.  I tried to build 
>> the latest version using the SRPM (with some minor modifications), 
>> but encountered problems there..
>>
>> Yes, I'm authenticating against LDAP via NSS (through PAM)...
>>
>> Native LDAP authentication, eh?  Hrmm...  How difficult is that to 
>> set up?
>>
>> -Rich
>>
>>
>>> We had the same problem when we converted.
>>>
>>> What version of dovecot are you using? What are you authenticating 
>>> against? LDAP?
>>>
>>> I had been authenticating via nss to LDAP. I switched to the LDAP 
>>> native authentication and have not had the problem since.
>>>
>>> Rich West wrote:
>>>
>>>> I just migrated from UW-imap to dovecot last night.  After some 
>>>> tweaking of the dovecot.conf file, disabling xinetd's entries, 
>>>> firing up the dovecot daemon, and copying the .mailboxlist to 
>>>> .subscriptions for all users, things looked to be going just fine!
>>>>
>>>> I received a call this morning from a user stating that they had 
>>>> all of *my* emails in *their* inbox!  They don't know when it 
>>>> happened as their machine POP's email off every 5-10 minutes or so, 
>>>> but we were able to isolate it to a 8hr period last night.
>>>>
>>>> Further investigation showed that at some time through the evening, 
>>>> dovecot freaked out during the authentication phase and for some 
>>>> bizzare reason, when the user connected via POP3, they were able to 
>>>> download all of my inbox!
>>>>
>>>> Additionally, by the time I was looking in to it, NO users could 
>>>> authenticate via dovecot, and, hence, no one had access to email.
>>>>
>>>> Restarting dovecot resolved the issue, but I have my doubts about 
>>>> it being truly resolved.
>>>>
>>>> I'm going to run some tests (what little I can think of), but this 
>>>> is the first time I have ever experienced a situation such as 
>>>> this.  One thing for UW is that this situation never happened, and 
>>>> I've only had dovecot running for about 13hrs.
>>>>
>>>> Any ideas as to how or why this may have happened, and how it can 
>>>> be prevented, would be wonderful.
>>>>
>>>> -Rich
>>>



More information about the dovecot mailing list