[Dovecot] Authentication and the wrong mailbox?

Rich West Rich.West at wesmo.com
Sat Apr 9 19:29:29 EEST 2005


Really??  I have to tell you, it's scary!

We're using 0.99.13, the RPM that came with FC3.  I tried to build the 
latest version using the SRPM (with some minor modifications), but 
encountered problems there..

Yes, I'm authenticating against LDAP via NSS (through PAM)...

Native LDAP authentication, eh?  Hrmm...  How difficult is that to set up?

-Rich


> We had the same problem when we converted.
>
> What version of dovecot are you using? What are you authenticating 
> against? LDAP?
>
> I had been authenticating via nss to LDAP. I switched to the LDAP 
> native authentication and have not had the problem since.
>
> Rich West wrote:
>
>> I just migrated from UW-imap to dovecot last night.  After some 
>> tweaking of the dovecot.conf file, disabling xinetd's entries, firing 
>> up the dovecot daemon, and copying the .mailboxlist to .subscriptions 
>> for all users, things looked to be going just fine!
>>
>> I received a call this morning from a user stating that they had all 
>> of *my* emails in *their* inbox!  They don't know when it happened as 
>> their machine POP's email off every 5-10 minutes or so, but we were 
>> able to isolate it to a 8hr period last night.
>>
>> Further investigation showed that at some time through the evening, 
>> dovecot freaked out during the authentication phase and for some 
>> bizzare reason, when the user connected via POP3, they were able to 
>> download all of my inbox!
>>
>> Additionally, by the time I was looking in to it, NO users could 
>> authenticate via dovecot, and, hence, no one had access to email.
>>
>> Restarting dovecot resolved the issue, but I have my doubts about it 
>> being truly resolved.
>>
>> I'm going to run some tests (what little I can think of), but this is 
>> the first time I have ever experienced a situation such as this.  One 
>> thing for UW is that this situation never happened, and I've only had 
>> dovecot running for about 13hrs.
>>
>> Any ideas as to how or why this may have happened, and how it can be 
>> prevented, would be wonderful.
>>
>> -Rich
>




More information about the dovecot mailing list