Re: breaking into the system through cyrus account ?
On Jun 3, 2008, at 3:10 AM, Rudi Bruchez wrote: Hello, I'm using Cyrus on a Debian box, with pop3s. I found some time ago that someone was able to place a spamming tool in the /var/spool/cyrus/ directory. I cleaned it and changed all my passwords. All seemed ok. Hopefully you are keeping up to date with these security issues with Debian SSL and OpenSSH: http://www.debian.org/security/2008/dsa-1571 http://www.debian.org/security/2008/dsa-1576 I figured out this week that an IRC bot was at the same place. I changed my passwords again, and upgraded to the last Cyrus Debian package. It looks like the cracker gained root access. I don't have the time and window to reinstall my system. My question would be : have you already heard of such breaks ? The Cyrus account has shell access in passwd. Is it necessary ? Could I put it to /bin/false, and change it when I want to su to it for changing smth ? Thanks ! Rudi Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
breaking into the system through cyrus account ?
Hello, I'm using Cyrus on a Debian box, with pop3s. I found some time ago that someone was able to place a spamming tool in the /var/spool/cyrus/ directory. I cleaned it and changed all my passwords. All seemed ok. I figured out this week that an IRC bot was at the same place. I changed my passwords again, and upgraded to the last Cyrus Debian package. It looks like the cracker gained root access. I don't have the time and window to reinstall my system. My question would be : have you already heard of such breaks ? The Cyrus account has shell access in passwd. Is it necessary ? Could I put it to /bin/false, and change it when I want to su to it for changing smth ? Thanks ! Rudi Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMSP Authentication issue
One last question. In the meantime is there a working virtdomain patch for IMSP? --On June 3, 2008 8:38:00 AM +0200 Martin Ziegler <[EMAIL PROTECTED]> wrote: > Wesley, you've got it. > > A simple > > ln -s /opt/cyrus/imsp/var/ /var/imsp > > and eerything is working as it should. > > Many thanks for your help guys!!! > > --On June 2, 2008 2:24:32 PM -0400 Wesley Craig <[EMAIL PROTECTED]> wrote: > >> On 02 Jun 2008, at 02:55, Martin Ziegler wrote: >>> Yes it's running as root. I didn't modified any of the code. I just >>> passed the new PREFIX to configure. >> >> The --prefix that you pass to configure isn't utilized by syncdb.c. Per >> notes/Setup-instructions for version 1.7b, you have to either use >> /var/imsp or edit the PREFIX definition in syncdb.c. >> >> :wes >> >>> --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig <[EMAIL PROTECTED]> >>> wrote: So you modified PREFIX in syncdb.c? >> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
