[Dovecot] Authentication and the wrong mailbox?
Timo Sirainen
tss at iki.fi
Sun Apr 10 01:16:41 EEST 2005
No, PAM doesn't have anything to do with the problem. pam_ldap is
working just fine. The check is done when userdb=passwd.
On Sat, 2005-04-09 at 15:22 -0400, Rich West wrote:
> One can hope!
>
> Just curious, the patch that you put up there, is that ONLY performed
> when the connection is established via PAM?
>
> -Rich
>
> > Perhaps these will help in future:
> >
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154314
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154315
> >
> > On 9.4.2005, at 19:00, Josh Burley wrote:
> >
> >> We had the same problem when we converted.
> >>
> >> What version of dovecot are you using? What are you authenticating
> >> against? LDAP?
> >>
> >> I had been authenticating via nss to LDAP. I switched to the LDAP
> >> native authentication and have not had the problem since.
> >>
> >> Rich West wrote:
> >>
> >>> I just migrated from UW-imap to dovecot last night. After some
> >>> tweaking of the dovecot.conf file, disabling xinetd's entries,
> >>> firing up the dovecot daemon, and copying the .mailboxlist to
> >>> .subscriptions for all users, things looked to be going just fine!
> >>>
> >>> I received a call this morning from a user stating that they had all
> >>> of *my* emails in *their* inbox! They don't know when it happened
> >>> as their machine POP's email off every 5-10 minutes or so, but we
> >>> were able to isolate it to a 8hr period last night.
> >>>
> >>> Further investigation showed that at some time through the evening,
> >>> dovecot freaked out during the authentication phase and for some
> >>> bizzare reason, when the user connected via POP3, they were able to
> >>> download all of my inbox!
> >>>
> >>> Additionally, by the time I was looking in to it, NO users could
> >>> authenticate via dovecot, and, hence, no one had access to email.
> >>>
> >>> Restarting dovecot resolved the issue, but I have my doubts about it
> >>> being truly resolved.
> >>>
> >>> I'm going to run some tests (what little I can think of), but this
> >>> is the first time I have ever experienced a situation such as this.
> >>> One thing for UW is that this situation never happened, and I've
> >>> only had dovecot running for about 13hrs.
> >>>
> >>> Any ideas as to how or why this may have happened, and how it can be
> >>> prevented, would be wonderful.
> >>>
> >>> -Rich
> >>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20050410/a86b8c30/attachment-0001.bin>
More information about the dovecot
mailing list