[Dovecot] Authentication and the wrong mailbox?
Rich West
Rich.West at wesmo.com
Sat Apr 9 19:48:57 EEST 2005
*whew* That's comforting, actually, to know that it wasn't just me. :)
I've done the same.. created a dovecot-ldap.conf and updated the
dovecot.conf accordingly.
A restart of dovecot, and it is happily running. Hopefully, we won't
see this problem again!
Thanks for your help!
-Rich
> Yep, that's *exactly* the setup we have.
>
> It's very easy... just a configuration change.
>
> Rich West wrote:
>
>> Really?? I have to tell you, it's scary!
>>
>> We're using 0.99.13, the RPM that came with FC3. I tried to build
>> the latest version using the SRPM (with some minor modifications),
>> but encountered problems there..
>>
>> Yes, I'm authenticating against LDAP via NSS (through PAM)...
>>
>> Native LDAP authentication, eh? Hrmm... How difficult is that to
>> set up?
>>
>> -Rich
>>
>>
>>> We had the same problem when we converted.
>>>
>>> What version of dovecot are you using? What are you authenticating
>>> against? LDAP?
>>>
>>> I had been authenticating via nss to LDAP. I switched to the LDAP
>>> native authentication and have not had the problem since.
>>>
>>> Rich West wrote:
>>>
>>>> I just migrated from UW-imap to dovecot last night. After some
>>>> tweaking of the dovecot.conf file, disabling xinetd's entries,
>>>> firing up the dovecot daemon, and copying the .mailboxlist to
>>>> .subscriptions for all users, things looked to be going just fine!
>>>>
>>>> I received a call this morning from a user stating that they had
>>>> all of *my* emails in *their* inbox! They don't know when it
>>>> happened as their machine POP's email off every 5-10 minutes or so,
>>>> but we were able to isolate it to a 8hr period last night.
>>>>
>>>> Further investigation showed that at some time through the evening,
>>>> dovecot freaked out during the authentication phase and for some
>>>> bizzare reason, when the user connected via POP3, they were able to
>>>> download all of my inbox!
>>>>
>>>> Additionally, by the time I was looking in to it, NO users could
>>>> authenticate via dovecot, and, hence, no one had access to email.
>>>>
>>>> Restarting dovecot resolved the issue, but I have my doubts about
>>>> it being truly resolved.
>>>>
>>>> I'm going to run some tests (what little I can think of), but this
>>>> is the first time I have ever experienced a situation such as
>>>> this. One thing for UW is that this situation never happened, and
>>>> I've only had dovecot running for about 13hrs.
>>>>
>>>> Any ideas as to how or why this may have happened, and how it can
>>>> be prevented, would be wonderful.
>>>>
>>>> -Rich
>>>
More information about the dovecot
mailing list