| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0402050949560.16397-100000@ganymede.bcc.local> Date: Thu, 5 Feb 2004 09:57:04 +1100 (EST) From: Tim Nelson <sysadmin@...et.com.au> To: Antonio Messina <messina@...iesistemi.it> Cc: Marco Marabelli <mm@...t.it>, bugtraq@...urityfocus.com, mrsam@...rier-mta.com Subject: Re: sqwebmail web login On Tue, 3 Feb 2004, Antonio Messina wrote: > > platform: > > linux 2.4 i386 > > pachages: qmail+sqwebmail+qmailadmin+vpopmail-vchkpw-auth. > > NOT with FreeBSD 4.5, kernel GENERIC, sqwebmail 3.3.3, vpopmail 5.2 > > However, I think it's due to a misconfiguration. Root mailbox does NOT > exist in default qmail installation: it's just an alias, not a real > valid user. Sqwebmail reads the filesystem directly, so will be doing this itself. It doesn't depend on the qmail setup. Sqwebmail is part of the Courier suite. While I am using all the other software in the courier suite, I'm using SquirrelMail instead of sqwebmail. Sqwebmail accesses the filesystem directly for performance reasons. But I prefer to keep my web server and mail servers separate. http://www.inter7.com/sqwebmail.html So, I place the blame squarely on sqwebmail. However, I know the Courier folks are quite responsive to security issues, so I've included MrSam on this message. :) -- Tim Nelson Systems Administrator Sunet Internet Tel: +61 3 5241 1155 Fax: +61 3 5241 6187 Web: http://www.sunet.com.au/ Email: sysadmin@...et.com.au
Powered by blists - more mailing lists