[xmail] Re: Remove password in pop3 log and CtrlClnt userlist command
Hi, If you are using Linux or FreeBSD you can edit CTRLSvr.cpp (line 304) and POP3Svr.cpp (line 543) and remove password before compile. Good Look! On Sat, 29 Nov 2003, Jeffrey Laramie wrote: > > On Saturday 29 November 2003 19:56, Michael Hauck wrote: > > Hi everyone! > > > > I'm using XMail on my server and it runs very nicely. The only thing I > > don't like is the output of the unencrypted password in the pop3 log and > > when I use the userlist command in the CtrlClnt tool. I don't think the > > admin has to know user passwords. Is there an easy way to change this? I > > have had a look at the code but it's not very well documented (or I > > simply missed the documentation...). I tried editing the CTRLDo_userlist > > function but that didn't help. > > > > Thanks! > > > > mike > > > > Hi Mike, > > This was discussed at length on this list a few months ago. Many of us are > concerned about XMail storing passwords in log files, particularly > unencrypted ones. Davide's point is that the logs are only accessable by root > so it doesn't make any difference if the log shows passwords. At this point > my recommendation is: If you are concerned about this use Mike Howeth's > system or any other configuration that gives those files additional > protection. > > Jeff > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > > > > --- > Esta mensagem foi verificada pelo e-mail protegido Arte Final > Antivírus: F-Prot / Versão: 4.1.1 / Atualizado em: 28-Nov-2003 > Proteja o seu e-mail com a Arte Final - http://www.artefinal.com.br > Até mais, --- Vitor Renato Alves de Brito - System Manager Arte Final Provedor Internet - http://www.artefinal.com.br Alfenas/Lavras - Sul de Minas Gerais --- Esta mensagem foi verificada pelo e-mail protegido Arte Final Antivírus: F-Prot / Versão: 4.1.1 / Atualizado em: 28-Nov-2003 Proteja o seu e-mail com a Arte Final - http://www.artefinal.com.br - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Remove password in pop3 log and CtrlClnt userlist command
Yeah, answering my own emails is fun! ;) I also got the other think working. I had to edit the CTRLDo_userlist function. I think it was just too late at night when I tried it the first time... mike Michael Hauck wrote: >Hi again, > >The pop3 log thing was easy to change. I simply removed the password >field from the static int POP3LogSession(POP3Session & POP3S) function. > >mike > >Jeffrey Laramie wrote: > > > >>On Saturday 29 November 2003 19:56, Michael Hauck wrote: >> >> >> >> >>>Hi everyone! >>> >>>I'm using XMail on my server and it runs very nicely. The only thing I >>>don't like is the output of the unencrypted password in the pop3 log and >>>when I use the userlist command in the CtrlClnt tool. I don't think the >>>admin has to know user passwords. Is there an easy way to change this? I >>>have had a look at the code but it's not very well documented (or I >>>simply missed the documentation...). I tried editing the CTRLDo_userlist >>>function but that didn't help. >>> >>>Thanks! >>> >>>mike >>> >>> >>> >>> >>> >>Hi Mike, >> >>This was discussed at length on this list a few months ago. Many of us are >>concerned about XMail storing passwords in log files, particularly >>unencrypted ones. Davide's point is that the logs are only accessable by root >>so it doesn't make any difference if the log shows passwords. At this point >>my recommendation is: If you are concerned about this use Mike Howeth's >>system or any other configuration that gives those files additional >>protection. >> >>Jeff >>- >>To unsubscribe from this list: send the line "unsubscribe xmail" in >>the body of a message to [EMAIL PROTECTED] >>For general help: send the line "help" in the body of a message to >>[EMAIL PROTECTED] >> >> >> >> >> >> > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Remove password in pop3 log and CtrlClnt userlist command
Hi again, The pop3 log thing was easy to change. I simply removed the password field from the static int POP3LogSession(POP3Session & POP3S) function. mike Jeffrey Laramie wrote: >On Saturday 29 November 2003 19:56, Michael Hauck wrote: > > >>Hi everyone! >> >>I'm using XMail on my server and it runs very nicely. The only thing I >>don't like is the output of the unencrypted password in the pop3 log and >>when I use the userlist command in the CtrlClnt tool. I don't think the >>admin has to know user passwords. Is there an easy way to change this? I >>have had a look at the code but it's not very well documented (or I >>simply missed the documentation...). I tried editing the CTRLDo_userlist >>function but that didn't help. >> >>Thanks! >> >>mike >> >> >> > >Hi Mike, > >This was discussed at length on this list a few months ago. Many of us are >concerned about XMail storing passwords in log files, particularly >unencrypted ones. Davide's point is that the logs are only accessable by root >so it doesn't make any difference if the log shows passwords. At this point >my recommendation is: If you are concerned about this use Mike Howeth's >system or any other configuration that gives those files additional >protection. > >Jeff >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Remove password in pop3 log and CtrlClnt userlist command
On Saturday 29 November 2003 19:56, Michael Hauck wrote: > Hi everyone! > > I'm using XMail on my server and it runs very nicely. The only thing I > don't like is the output of the unencrypted password in the pop3 log and > when I use the userlist command in the CtrlClnt tool. I don't think the > admin has to know user passwords. Is there an easy way to change this? I > have had a look at the code but it's not very well documented (or I > simply missed the documentation...). I tried editing the CTRLDo_userlist > function but that didn't help. > > Thanks! > > mike > Hi Mike, This was discussed at length on this list a few months ago. Many of us are concerned about XMail storing passwords in log files, particularly unencrypted ones. Davide's point is that the logs are only accessable by root so it doesn't make any difference if the log shows passwords. At this point my recommendation is: If you are concerned about this use Mike Howeth's system or any other configuration that gives those files additional protection. Jeff - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Remove password in pop3 log and CtrlClnt userlist command
I work around the former problem by changing all of the x_LOG_FILE #defines so that each set of logs has its own (individually-securable) directory, e.g: #define FILTC_LOG_FILE "filtc" SYS_SLASH_STR "filtc" (the distribution would have simply said, #define FILTC_LOG_FILE "filtc") (filtc is something of my own; just using it as an example) I haven't needed to get rid of the other issue tho, so can't help you there -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Hauck Sent: Saturday 29 November 2003 6:57 PM To: [EMAIL PROTECTED] Subject: [xmail] Remove password in pop3 log and CtrlClnt userlist command Hi everyone! I'm using XMail on my server and it runs very nicely. The only thing I don't like is the output of the unencrypted password in the pop3 log and when I use the userlist command in the CtrlClnt tool. I don't think the admin has to know user passwords. Is there an easy way to change this? I have had a look at the code but it's not very well documented (or I simply missed the documentation...). I tried editing the CTRLDo_userlist function but that didn't help. Thanks! mike - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
