date:20181004

Re: [qmailtoaster] ClamAV 0.100.1

2018-10-04 Thread Eric Broch


Will do.


On 10/4/2018 11:43 AM, Jason Westbrook wrote:


Hi Eric

Some of us are still stuck on CentOS 5, any possibility of making a 
source RPM for 100.1 (or 100.2) available


Thanks!

Jason Westbrook


On Wed, Sep 5, 2018 at 1:44 AM ChandranManikandan > wrote:


Hi Eric,

Thanks for your update and help.

I have tried to update on COS6 and COS7 64 bit.
But COS 6 32 bit come below error. May the server is very traffic?

rpm -Uvh

ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.100.1-5.qt.zlib1211.el6.i686.rpm
Retrieving

ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.100.1-5.qt.zlib1211.el6.i686.rpm
curl: (78) RETR response: 550
error: skipping

ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.100.1-5.qt.zlib1211.el6.i686.rpm
- transfer failed

Let me try again and update you.


On Sat, Sep 1, 2018 at 11:30 PM Eric Broch
mailto:ebr...@whitehorsetc.com>> wrote:

The latest ClamAV is in the testing repo for CentOS 7 and 6
(32 and 64 bit)

-- 
Eric Broch

White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com

For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com




-- 
*/Thanks & Best Regards,

Manikandan.C
/*



--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] ClamAV 0.100.1

2018-10-04 Thread Jason Westbrook

Hi Eric

Some of us are still stuck on CentOS 5, any possibility of making a source
RPM for 100.1 (or 100.2) available

Thanks!

Jason Westbrook


On Wed, Sep 5, 2018 at 1:44 AM ChandranManikandan  wrote:

> Hi Eric,
>
> Thanks for your update and help.
>
> I have tried to update on COS6 and COS7 64 bit.
> But COS 6 32 bit come below error. May the server is very traffic?
>
> rpm -Uvh
> ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.100.1-5.qt.zlib1211.el6.i686.rpm
> Retrieving
> ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.100.1-5.qt.zlib1211.el6.i686.rpm
> curl: (78) RETR response: 550
> error: skipping
> ftp://ftp.qmailtoaster.com/pub/repo/qmt/CentOS/6/testing/i386/clamav-0.100.1-5.qt.zlib1211.el6.i686.rpm
> - transfer failed
>
> Let me try again and update you.
>
>
> On Sat, Sep 1, 2018 at 11:30 PM Eric Broch 
> wrote:
>
>> The latest ClamAV is in the testing repo for CentOS 7 and 6 (32 and 64
>> bit)
>>
>> --
>> Eric Broch
>> White Horse Technical Consulting (WHTC)
>>
>>
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>
>
> --
>
>
> *Thanks & Best Regards,Manikandan.C*
>

Re: [qmailtoaster] bayes setup

2018-10-04 Thread Eric Broch


Hi Peter,

Have a look here 
(https://spamassassin.apache.org/full/3.1.x/doc/sa-learn.html).


In the 'OPTIONS' section is a good description of what each provides.

Eric


On 10/4/2018 12:01 PM, Peter Peltonen wrote:

Very generic question about teaching spamassassin:

If one runs sa-learn against a maildir folder for learning more spam,
should that folder:

a) contain messages that spamassasin has failed to classify spam

or

b) contain messages that spamassasin has failed to classify spam AND
messages that spamassasin has succeeded in classifying as spam

and if the answer is b) does then I suppose it does not matter that
the subjects of the messages contain the *** SPAM *** prefix?

Same thing goes for ham: should I teach sa against ham classified
wrongly as spam only or include correctly identified ham as well?

Peter

On Thu, Oct 4, 2018 at 3:14 PM Eric Broch  wrote:

Sorry below show be

# chown vchkpw:vpopmail /etc/spamassassin/.spamassassin


On 10/4/2018 6:13 AM, Eric Broch wrote:

# chown vchkpw:vpopmail drwxr-xr-x2 vpopmail vchkpw 20480 Oct  4
05:57 .spamassassin

--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com



--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] bayes setup

2018-10-04 Thread Peter Peltonen

Very generic question about teaching spamassassin:

If one runs sa-learn against a maildir folder for learning more spam,
should that folder:

a) contain messages that spamassasin has failed to classify spam

or

b) contain messages that spamassasin has failed to classify spam AND
messages that spamassasin has succeeded in classifying as spam

and if the answer is b) does then I suppose it does not matter that
the subjects of the messages contain the *** SPAM *** prefix?

Same thing goes for ham: should I teach sa against ham classified
wrongly as spam only or include correctly identified ham as well?

Peter

On Thu, Oct 4, 2018 at 3:14 PM Eric Broch  wrote:
>
> Sorry below show be
>
> # chown vchkpw:vpopmail /etc/spamassassin/.spamassassin
>
>
> On 10/4/2018 6:13 AM, Eric Broch wrote:
> > # chown vchkpw:vpopmail drwxr-xr-x2 vpopmail vchkpw 20480 Oct  4
> > 05:57 .spamassassin
>
> --
> Eric Broch
> White Horse Technical Consulting (WHTC)
>
>
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>

-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Fwd: Re: vpopmail

2018-10-04 Thread Andrew Swartz

Yet I believe we have solved this problem:

Remote IMAP/POP3 authentication should be done via STARTTLS or TLS.
Therefore CRAM-MD5 is not necessary and PLAIN or LOGIN auth mechanisms
can be used.

Local authentication (i.e. the webmail server authenticating through
IMAP) can use unsecure connection with PLAIN/LOGIN mechanisms without
substantial risk.

If PLAIN or LOGIN mechanisms are used exclusively, then the cleartext
passwords are not needed and can be set to NULL.

Both IMAP and webmail should be set to use PLAIN or LOGIN mechanisms.

vpopmail should be configured with the '--disable-clear-passwd' option.

Unless I'm missing something, the above steps solve the problem.
Dovecot using cleartext passwords for CRAM-MD5 authentication is not a
bug, it is correct functioning (because the server requires the
cleartext password to authenticate the client).

However, the problem is unsolved for admins who want to serve IMAP/POP3
over an unencrypted channel.  Then they have to maintain CRAM-MD5
capability, which means they must maintain cleartext passwords which do
not exceed 16 characters.  I would argue that this should not be the
default configuration, but rather something that someone can configure
if they desire an especially insecure configuration.

-Andy

On 10/4/2018 8:00 AM, Remo Mattei wrote:
> +1 
> 
> When I read it.. 
> 
>> On Oct 4, 2018, at 08:10, Andrew Swartz  wrote:
>>
>> I have ABSOLUTELY NO IDEA what that is supposed to mean.
>>
>> -Andy
>>
>>
>> On 10/4/2018 3:56 AM, Eric Broch wrote:
>>> Here's the answer I got from the Dovecot mailing list concerning the
>>> question of clear text password authentication...not sure how to
>>> implement...ideas? :
>>>
>>> On 03.10.2018 23:30, Eric Broch wrote:
 Hello list,

 I run Dovecot with the vpopmail driver and have found that it
 authenticates against the clear text password in the vpopmail
 database. Is there a configuration option either at compile time, link
 time, or a setting in one of the configuration files that tells the
 program to authenticate against the hash instead of the clear text?

>>>
>>> Prefix your passwords in vpopmail with {SCHEME} (like,  {CRYPT})
>>>  
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>>
>>>
>>
> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> 

smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qmailtoaster] Fwd: Re: vpopmail

2018-10-04 Thread Remo Mattei

+1 

When I read it.. 

> On Oct 4, 2018, at 08:10, Andrew Swartz  wrote:
> 
> I have ABSOLUTELY NO IDEA what that is supposed to mean.
> 
> -Andy
> 
> 
> On 10/4/2018 3:56 AM, Eric Broch wrote:
>> Here's the answer I got from the Dovecot mailing list concerning the
>> question of clear text password authentication...not sure how to
>> implement...ideas? :
>> 
>> On 03.10.2018 23:30, Eric Broch wrote:
>>> Hello list,
>>> 
>>> I run Dovecot with the vpopmail driver and have found that it
>>> authenticates against the clear text password in the vpopmail
>>> database. Is there a configuration option either at compile time, link
>>> time, or a setting in one of the configuration files that tells the
>>> program to authenticate against the hash instead of the clear text?
>>> 
>> 
>> Prefix your passwords in vpopmail with {SCHEME} (like,  {CRYPT})
>>  
>> 
>> 
>> -
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>> 
>> 
> 


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] Fwd: Re: vpopmail

2018-10-04 Thread Andrew Swartz

I have ABSOLUTELY NO IDEA what that is supposed to mean.

-Andy


On 10/4/2018 3:56 AM, Eric Broch wrote:
> Here's the answer I got from the Dovecot mailing list concerning the
> question of clear text password authentication...not sure how to
> implement...ideas? :
> 
> On 03.10.2018 23:30, Eric Broch wrote:
>> Hello list,
>>
>> I run Dovecot with the vpopmail driver and have found that it
>> authenticates against the clear text password in the vpopmail
>> database. Is there a configuration option either at compile time, link
>> time, or a setting in one of the configuration files that tells the
>> program to authenticate against the hash instead of the clear text?
>>
> 
> Prefix your passwords in vpopmail with {SCHEME} (like,  {CRYPT})
>  
> 
> 
> -
> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
> 
> 



smime.p7s
Description: S/MIME Cryptographic Signature

Re: [qmailtoaster] bayes setup

2018-10-04 Thread Eric Broch


Sorry below show be

# chown vchkpw:vpopmail /etc/spamassassin/.spamassassin


On 10/4/2018 6:13 AM, Eric Broch wrote:
# chown vchkpw:vpopmail drwxr-xr-x    2 vpopmail vchkpw 20480 Oct  4 
05:57 .spamassassin


--
Eric Broch
White Horse Technical Consulting (WHTC)


-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: [qmailtoaster] bayes setup

2018-10-04 Thread Eric Broch


Here's my set up:

I had to

# mkdir /etc/spamassassin/.spamassassin

# chown vchkpw:vpopmail drwxr-xr-x    2 vpopmail vchkpw 20480 Oct  4 
05:57 .spamassassin


# ls -l /etc/spamassassin/

...

drwxr-xr-x    2 vpopmail vchkpw 20480 Oct  4 05:57 .spamassassin

...

# vi /etc/spamassassin/local.cf (Add settings below)

use_auto_whitelist 1
auto_whitelist_file_mode 0700
auto_whitelist_path /etc/spamassassin/.spamassassin/auto-whitelist

use_bayes 1
use_bayes_rules 1
bayes_auto_learn 1
bayes_path /etc/spamassassin/.spamassassin/bayes
bayes_auto_learn_threshold_spam 6.0
bayes_file_mode 0700

# restart spamd

See if bayes is working

# spamassassin --lint -D

Look for these lines

Oct  4 06:10:44.219 [32423] dbg: bayes: tie-ing to DB file R/O 
/etc/spamassassin/.spamassassin/bayes_toks
Oct  4 06:10:44.220 [32423] dbg: bayes: tie-ing to DB file R/O 
/etc/spamassassin/.spamassassin/bayes_seen

Oct  4 06:10:44.221 [32423] dbg: bayes: found bayes db version 3
Oct  4 06:10:44.222 [32423] dbg: bayes: DB journal sync: last sync: 
1538654406


# ls -l /etc/spamassassin/.spamassassin (files seen when spamassassin 
starts training)


-rwx-- 1 vpopmail vchkpw 9867264 Oct  4 05:57 auto-whitelist
-rw--- 1 vpopmail vchkpw 5373952 Oct  3 15:00 bayes_seen
-rw--- 1 vpopmail vchkpw 5308416 Oct  4 06:00 bayes_toks

# use sa-learn to train on messages or directory


On 10/4/2018 2:29 AM, Rajesh M wrote:

hello all

qmail toaster on centos 6, 64 bit

Please advise concerning steps to be followed for implementing bayes.

should i follow the steps listed here ? or is there anything specific related 
specific to qmail toaster
https://wiki.apache.org/spamassassin/SiteWideBayesSetup

the mail traffic on this server is around 6 emails per day


thanks
rajesh





-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: Fwd: [qmailtoaster] dovecot

2018-10-04 Thread Eric Broch


Yes


On 10/4/2018 2:16 AM, Tony White wrote:

Hi,
  If you have no clear password then vuserinfo is unable to report the 
user password.

It will only give you the encrypted password.

best wishes
   Tony White

On 04/10/18 14:22, Andrew Swartz wrote:

I ~may~ have just figured out why vpopmail stores cleartext passwords:

It is so it can support CRAM-MD5.

CRAM-MD5 is a challenge-response protocol used to provide privacy over
unencrypted connections.  The server challenges the client with a
pseudorandom challenge.  The client uses the password with HMAC-MD5 to
hash the challenge and send it back.  The server repeats the client
procedure to confirm that the client used (and thus has) the correct
password.

But this means that the server MUST have access to the cleartext
password, otherwise it cannot repeat the clients actions and confirm
authentication.  This cannot be accomplished with a salted hashed password.

If you remove the use of CRAM-MD5 and use PLAIN or LOGIN, the server
does not need access to the cleartext password.

Back when vpopmail was written, cleartext password storage was already
out of favor.  But TLS was not widely used, and the only way to not send
passwords in the clear was CRAM-MD5 (or a similar scheme), and this
required storing cleartext passwords.  Though storing cleartext
passwords is unsafe, it is much safer than sending cleartext passwords
over an encrypted channel.

I suspect that this is the primary reason that vpopmail primarily uses
hashed passwords but supports cleartext passwords with the option to
disable them.

-Andy


On 10/3/2018 7:51 PM, Eric Broch wrote:

Hi Andy,

I got it to work.

In '/etc/dovecot/toaster.conf' add 'mail_location = maildir:~/Maildir'

and make sure of 'auth_mechanisms = plain login'

In '/etc/squirrelmail/config_local.php' here are my imap settings:

$imapServerAddress  = 'localhost';
$imap_server_type   = 'dovecot';
$imap_auth_mech = 'login';

worked for my squirrelmail setup, hope you get it working

-Eric


On 10/3/2018 9:18 PM, Andrew Swartz wrote:

And I'll add that at the end, with pw_clear_passwd set to null, login
succeeds via IMAP but fails via Squirrelmail.

-Andy



 Forwarded Message 
Subject: Re: [qmailtoaster] dovecot
Date: Wed, 3 Oct 2018 19:12:11 -0800
From: Andrew Swartz
To:qmailtoaster-list@qmailtoaster.com

Eric,

With pw_clear_passwd set to '0123456789' I successfully logged in via
this technique using password '0123456789'.

I used SQL to reset pw_clear_passwd to null.

Again I successfully logged in via this technique using password
'0123456789'.


-Andy



On 10/3/2018 6:02 PM, Eric Broch wrote:

Try the CLI commands I sent. There can be issues with the configuration
of squirrelmail and roundcube.

IMAP:

# openssl s_client -crlf -connect localhost:993

imap> tag loginu...@domain.tld   $userpassword


Submission:

# cd /usr/local/bin
# wgethttp://www.jetmore.org/john/code/swaks/latest/swaks
# chown root.root swaks
# chmod +x swaks

# swaks --tosome...@remotedomain.tld  --fromu...@domain.tld  --server
$yourqmthost --port 587 --ehlo test -tls --auth login --auth-user
u...@domain.tld  --auth-password $userpassword


On 10/3/2018 7:45 PM, Andrew Swartz wrote:

Eric,

On Centos7 QMT:

I just created a new user account and set the password to '0123456789'.
Then I used your SQL command to set pw_clear_passwd to null.
Then I viewed the table to confirm it was empty (it was).
Then I tried to log in to Squirrelmail using password '0123456789':
Login failed.
Then I used your SQL command to reset pw_clear_passwd back to
'0123456789'.
Then I tried to log in to Squirrelmail using password '0123456789':
success.

This seems different from your experience.

This sucks because it seems to mean no easy fix for this problem.


-Andy




On 10/3/2018 4:24 PM, Eric Broch wrote:

I've been contacted by someone who removed the clear text password
from
an account and had issued logging into Dovecot even after a
restart. The
fix of course is to reset the password with
/home/vpopmail/bin/vpasswd.
Does anyone else want to confirm/refute my findings that w/o the clear
text password Dovecot will work?


--
Eric Broch
White Horse Technical Consulting (WHTC)





--
Eric Broch
White Horse Technical Consulting (WHTC)

[qmailtoaster] Fwd: Re: vpopmail

2018-10-04 Thread Eric Broch

Here's the answer I got from the Dovecot mailing list concerning the 
question of clear text password authentication...not sure how to 
implement...ideas? :


On 03.10.2018 23:30, Eric Broch wrote:

Hello list,

I run Dovecot with the vpopmail driver and have found that it
authenticates against the clear text password in the vpopmail
database. Is there a configuration option either at compile time, link
time, or a setting in one of the configuration files that tells the
program to authenticate against the hash instead of the clear text?



Prefix your passwords in vpopmail with {SCHEME} (like,  {CRYPT})
 



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

[qmailtoaster] bayes setup

2018-10-04 Thread Rajesh M

hello all

qmail toaster on centos 6, 64 bit

Please advise concerning steps to be followed for implementing bayes.

should i follow the steps listed here ? or is there anything specific related 
specific to qmail toaster
https://wiki.apache.org/spamassassin/SiteWideBayesSetup

the mail traffic on this server is around 6 emails per day


thanks
rajesh



-
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com

Re: Fwd: [qmailtoaster] dovecot

2018-10-04 Thread Tony White


Hi,
  If you have no clear password then vuserinfo is unable to report the user 
password.
It will only give you the encrypted password.

best wishes
  Tony White

On 04/10/18 14:22, Andrew Swartz wrote:


I ~may~ have just figured out why vpopmail stores cleartext passwords:

It is so it can support CRAM-MD5.

CRAM-MD5 is a challenge-response protocol used to provide privacy over
unencrypted connections.  The server challenges the client with a
pseudorandom challenge.  The client uses the password with HMAC-MD5 to
hash the challenge and send it back.  The server repeats the client
procedure to confirm that the client used (and thus has) the correct
password.

But this means that the server MUST have access to the cleartext
password, otherwise it cannot repeat the clients actions and confirm
authentication.  This cannot be accomplished with a salted hashed password.

If you remove the use of CRAM-MD5 and use PLAIN or LOGIN, the server
does not need access to the cleartext password.

Back when vpopmail was written, cleartext password storage was already
out of favor.  But TLS was not widely used, and the only way to not send
passwords in the clear was CRAM-MD5 (or a similar scheme), and this
required storing cleartext passwords.  Though storing cleartext
passwords is unsafe, it is much safer than sending cleartext passwords
over an encrypted channel.

I suspect that this is the primary reason that vpopmail primarily uses
hashed passwords but supports cleartext passwords with the option to
disable them.

-Andy


On 10/3/2018 7:51 PM, Eric Broch wrote:

Hi Andy,

I got it to work.

In '/etc/dovecot/toaster.conf' add 'mail_location = maildir:~/Maildir'

and make sure of 'auth_mechanisms = plain login'

In '/etc/squirrelmail/config_local.php' here are my imap settings:

$imapServerAddress  = 'localhost';
$imap_server_type   = 'dovecot';
$imap_auth_mech = 'login';

worked for my squirrelmail setup, hope you get it working

-Eric


On 10/3/2018 9:18 PM, Andrew Swartz wrote:

And I'll add that at the end, with pw_clear_passwd set to null, login
succeeds via IMAP but fails via Squirrelmail.

-Andy



 Forwarded Message 
Subject: Re: [qmailtoaster] dovecot
Date: Wed, 3 Oct 2018 19:12:11 -0800
From: Andrew Swartz 
To: qmailtoaster-list@qmailtoaster.com

Eric,

With pw_clear_passwd set to '0123456789' I successfully logged in via
this technique using password '0123456789'.

I used SQL to reset pw_clear_passwd to null.

Again I successfully logged in via this technique using password
'0123456789'.


-Andy



On 10/3/2018 6:02 PM, Eric Broch wrote:

Try the CLI commands I sent. There can be issues with the configuration
of squirrelmail and roundcube.

IMAP:

# openssl s_client -crlf -connect localhost:993

imap> tag login u...@domain.tld  $userpassword


Submission:

# cd /usr/local/bin
# wget http://www.jetmore.org/john/code/swaks/latest/swaks
# chown root.root swaks
# chmod +x swaks

# swaks --to some...@remotedomain.tld --from u...@domain.tld --server
$yourqmthost --port 587 --ehlo test -tls --auth login --auth-user
u...@domain.tld --auth-password $userpassword


On 10/3/2018 7:45 PM, Andrew Swartz wrote:

Eric,

On Centos7 QMT:

I just created a new user account and set the password to '0123456789'.
Then I used your SQL command to set pw_clear_passwd to null.
Then I viewed the table to confirm it was empty (it was).
Then I tried to log in to Squirrelmail using password '0123456789':
Login failed.
Then I used your SQL command to reset pw_clear_passwd back to
'0123456789'.
Then I tried to log in to Squirrelmail using password '0123456789':
success.

This seems different from your experience.

This sucks because it seems to mean no easy fix for this problem.


-Andy




On 10/3/2018 4:24 PM, Eric Broch wrote:

I've been contacted by someone who removed the clear text password
from
an account and had issued logging into Dovecot even after a
restart. The
fix of course is to reset the password with
/home/vpopmail/bin/vpasswd.
Does anyone else want to confirm/refute my findings that w/o the clear
text password Dovecot will work?


--
Eric Broch
White Horse Technical Consulting (WHTC)

Re: [qmailtoaster] ClamAV 0.100.1

Re: [qmailtoaster] ClamAV 0.100.1

Re: [qmailtoaster] bayes setup

Re: [qmailtoaster] bayes setup

Re: [qmailtoaster] Fwd: Re: vpopmail

Re: [qmailtoaster] Fwd: Re: vpopmail

Re: [qmailtoaster] Fwd: Re: vpopmail

Re: [qmailtoaster] bayes setup

Re: [qmailtoaster] bayes setup

Re: Fwd: [qmailtoaster] dovecot

[qmailtoaster] Fwd: Re: vpopmail

[qmailtoaster] bayes setup

Re: Fwd: [qmailtoaster] dovecot

13 matches

Site Navigation

Mail list logo

Footer information