[Dovecot] Authentication and the wrong mailbox?

Josh Burley jburley at kuci.org
Sat Apr 9 19:31:30 EEST 2005 

Yep, that's *exactly* the setup we have.

It's very easy... just a configuration change.

Rich West wrote:

> Really??  I have to tell you, it's scary!
>
> We're using 0.99.13, the RPM that came with FC3.  I tried to build the 
> latest version using the SRPM (with some minor modifications), but 
> encountered problems there..
>
> Yes, I'm authenticating against LDAP via NSS (through PAM)...
>
> Native LDAP authentication, eh?  Hrmm...  How difficult is that to set 
> up?
>
> -Rich
>
>
>> We had the same problem when we converted.
>>
>> What version of dovecot are you using? What are you authenticating 
>> against? LDAP?
>>
>> I had been authenticating via nss to LDAP. I switched to the LDAP 
>> native authentication and have not had the problem since.
>>
>> Rich West wrote:
>>
>>> I just migrated from UW-imap to dovecot last night.  After some 
>>> tweaking of the dovecot.conf file, disabling xinetd's entries, 
>>> firing up the dovecot daemon, and copying the .mailboxlist to 
>>> .subscriptions for all users, things looked to be going just fine!
>>>
>>> I received a call this morning from a user stating that they had all 
>>> of *my* emails in *their* inbox!  They don't know when it happened 
>>> as their machine POP's email off every 5-10 minutes or so, but we 
>>> were able to isolate it to a 8hr period last night.
>>>
>>> Further investigation showed that at some time through the evening, 
>>> dovecot freaked out during the authentication phase and for some 
>>> bizzare reason, when the user connected via POP3, they were able to 
>>> download all of my inbox!
>>>
>>> Additionally, by the time I was looking in to it, NO users could 
>>> authenticate via dovecot, and, hence, no one had access to email.
>>>
>>> Restarting dovecot resolved the issue, but I have my doubts about it 
>>> being truly resolved.
>>>
>>> I'm going to run some tests (what little I can think of), but this 
>>> is the first time I have ever experienced a situation such as this.  
>>> One thing for UW is that this situation never happened, and I've 
>>> only had dovecot running for about 13hrs.
>>>
>>> Any ideas as to how or why this may have happened, and how it can be 
>>> prevented, would be wonderful.
>>>
>>> -Rich
>>
>>

More information about the dovecot mailing list