Ok... What the hell ... I just compiled 5.3.24 WITHOUT learn-passwords. Installed it. Restarted all mail services. I can STILL log into any account with any password.
Someone here must be able to shed some light on this for me?? Please? --- jeff thomas <[EMAIL PROTECTED]> wrote: > Ok... > > So, I just compiled 5.3.24 and installed it. I used > the following configure line: > > ./configure --enable-qmaildir=/var/qmail > --enable-tcprules-prog=/usr/local/bin/tcprules > --enable-learn-passwords=y > --enable-tcpserver-file=/usr/home/vpopmail/etc/tcp.smtp > --enable-defaultquota=10000000 --enable-logging=e > --enable-valias=y --enable-roaming-users=y > --enable-relay-clear-minutes=30 --enable-mysql=y > --enable-sqlincdir=/usr/local/include/mysql > --enable-sqllibdir=/usr/local/lib/mysql > --enable-default-domain=domain.com > --enable-qmail-ext=y --prefix=/usr/home > > > Same freaking problem. I can log into all of the > accounts with any password. Thoughts? > > > > --- jeff thomas <[EMAIL PROTECTED]> wrote: > > Ok... I tried this fix. > > > > I edited vchkpw.c and removed the FOOB and ENDIF. > > recompiled. > > > > No luck. Same thing. Any password I put in still > > works. > > > > Thoughts? > > > > --- Michael Bowe <[EMAIL PROTECTED]> wrote: > > > I just remembered that learn-passwords was > broken > > in > > > 5.3.20, and then > > > eventually fixed in 5.3.24 > > > > > > http://sourceforge.net/tracker/index.php?func=detail&aid=783824&group_id=85937&atid=577798 > > > > > > Maybe this has something to do with your > problem? > > > > > > Michael. > > > > > > ----- Original Message ----- > > > From: "jeff thomas" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Wednesday, August 13, 2003 6:47 PM > > > Subject: Re: [vchkpw] Urgent - vchkpw/vpopmail > > > authenticate even with wrong > > > pw? > > > > > > > > > > Learn passwords was enabled. However, it > should > > > learn > > > > only the FIRST password entered for each > > > account.... > > > > not multiple passwords for each account. > > > > > > > > Right? > > > > > > > > It would seem logical that with > learn-passwords, > > > the > > > > first time i put in the password for > [EMAIL PROTECTED], > > it > > > > "learns" that password. If I try to log into > > > [EMAIL PROTECTED] > > > > with a different password, I should be > rejected, > > > as it > > > > "learned" the first password. > > > > > > > > > > > > > > > > > > > > --- Michael Bowe <[EMAIL PROTECTED]> > wrote: > > > > > I could be barking up the wrong tree here > > but... > > > > > > > > > > Perhaps did you configure vpopmail to "learn > > > > > passwords" ? > > > > > > > > > > It rings a bell for me that if you upgrade > > from > > > an > > > > > v4.x vpopmail, and you > > > > > enable clear passwords in your v5.2 > vpopmail, > > > you > > > > > loose all your existing > > > > > passwords and the general way to recover > from > > > this > > > > > is to enable vpopmail's > > > > > "learn passwords" functionality > > > > > > > > > > This could explain why "any password works". > > But > > > > > then again, once the > > > > > password has been learned, you shouldn't be > > able > > > to > > > > > go back and use some > > > > > other password and still get access > > > > > > > > > > Michael. > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: "jeff thomas" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Sent: Wednesday, August 13, 2003 10:15 AM > > > > > Subject: [vchkpw] Urgent - vchkpw/vpopmail > > > > > authenticate even with wrong pw? > > > > > > > > > > > > > > > > Hello - > > > > > > > > > > > > I recently installed vpopmail 5.3.20 from > > > freebsd > > > > > > ports. I used Matt Simerson's FreeBSD > Qmail > > > > > Toaster > > > > > > scripts to install it (it uses ports). > > > > > > > > > > > > > > > > > > That installed without problem. I > installed > > > > > > courier-imap and squirrelmail as well as > > > > > sqwebmail. I > > > > > > noticed today that I can log into any of > the > > > > > accounts > > > > > > via sqwebmail with any password. I can > > > literally > > > > > put > > > > > > in "xxx" for the password on my e-mail > > account > > > and > > > > > it > > > > > > will let me in. I tried it on squirrelmail > > > with > > > > > the > > > > > > same problem. So, then I tried simply > > logging > > > into > > > > > the > > > > > > POP3 account with "xyz" as the password. > It, > > > too, > > > > > let > > > > > > me in with full access. > > > > > > > > > > > > This is bad - obviously. Anyone care to > shed > > > some > > > > > > light on what I need to do to get this > fixed > > > ASAP. > > > > > I > > > > > > upgraded from 4.9.x and use mysql4 for > > > > > authentication. > > > > > > > > > > > > Any and all help is appreciated. > > > > > > > > > > > > __________________________________ > > > > > > Do you Yahoo!? > > > > > > Yahoo! SiteBuilder - Free, easy-to-use web > > > site > > > > > design software > > > > > > http://sitebuilder.yahoo.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > __________________________________ > > > > Do you Yahoo!? > > > > Yahoo! SiteBuilder - Free, easy-to-use web > site > > > design software > > > > http://sitebuilder.yahoo.com > > > > > > > > > > > > > > > > > > > > __________________________________ > > Do you Yahoo!? > > Yahoo! SiteBuilder - Free, easy-to-use web site > === message truncated === __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
