[Dovecot] Authentication and the wrong mailbox?

Timo Sirainen tss at iki.fi
Sun Apr 10 01:16:41 EEST 2005


No, PAM doesn't have anything to do with the problem. pam_ldap is
working just fine. The check is done when userdb=passwd.

On Sat, 2005-04-09 at 15:22 -0400, Rich West wrote:
> One can hope!
> 
> Just curious, the patch that you put up there, is that ONLY performed 
> when the connection is established via PAM?
> 
> -Rich
> 
> > Perhaps these will help in future:
> >
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154314
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154315
> >
> > On 9.4.2005, at 19:00, Josh Burley wrote:
> >
> >> We had the same problem when we converted.
> >>
> >> What version of dovecot are you using? What are you authenticating 
> >> against? LDAP?
> >>
> >> I had been authenticating via nss to LDAP. I switched to the LDAP 
> >> native authentication and have not had the problem since.
> >>
> >> Rich West wrote:
> >>
> >>> I just migrated from UW-imap to dovecot last night.  After some 
> >>> tweaking of the dovecot.conf file, disabling xinetd's entries, 
> >>> firing up the dovecot daemon, and copying the .mailboxlist to 
> >>> .subscriptions for all users, things looked to be going just fine!
> >>>
> >>> I received a call this morning from a user stating that they had all 
> >>> of *my* emails in *their* inbox!  They don't know when it happened 
> >>> as their machine POP's email off every 5-10 minutes or so, but we 
> >>> were able to isolate it to a 8hr period last night.
> >>>
> >>> Further investigation showed that at some time through the evening, 
> >>> dovecot freaked out during the authentication phase and for some 
> >>> bizzare reason, when the user connected via POP3, they were able to 
> >>> download all of my inbox!
> >>>
> >>> Additionally, by the time I was looking in to it, NO users could 
> >>> authenticate via dovecot, and, hence, no one had access to email.
> >>>
> >>> Restarting dovecot resolved the issue, but I have my doubts about it 
> >>> being truly resolved.
> >>>
> >>> I'm going to run some tests (what little I can think of), but this 
> >>> is the first time I have ever experienced a situation such as this.  
> >>> One thing for UW is that this situation never happened, and I've 
> >>> only had dovecot running for about 13hrs.
> >>>
> >>> Any ideas as to how or why this may have happened, and how it can be 
> >>> prevented, would be wonderful.
> >>>
> >>> -Rich
> >>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20050410/a86b8c30/attachment-0001.bin>


More information about the dovecot mailing list