Bugtraq mailing list archives

Re: sqwebmail web login

From: Tim Nelson <sysadmin () sunet com au>
Date: Thu, 5 Feb 2004 09:57:04 +1100 (EST)

On Tue, 3 Feb 2004, Antonio Messina wrote:

platform:
linux 2.4 i386
pachages: qmail+sqwebmail+qmailadmin+vpopmail-vchkpw-auth.


NOT with FreeBSD 4.5, kernel GENERIC, sqwebmail 3.3.3, vpopmail 5.2

However, I think it's due to a misconfiguration. Root mailbox does NOT 
exist in default qmail installation: it's just an alias, not a real 
valid user.


        Sqwebmail reads the filesystem directly, so will be doing this 
itself.  It doesn't depend on the qmail setup.  Sqwebmail is part of the 
Courier suite.  While I am using all the other software in the courier 
suite, I'm using SquirrelMail instead of sqwebmail.  Sqwebmail accesses 
the filesystem directly for performance reasons.  But I prefer to keep my 
web server and mail servers separate.  

http://www.inter7.com/sqwebmail.html

        So, I place the blame squarely on sqwebmail.  However, I know the 
Courier folks are quite responsive to security issues, so I've included 
MrSam on this message.  

        :)

-- 
Tim Nelson
Systems Administrator
Sunet Internet
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187
Web: http://www.sunet.com.au/
Email: sysadmin () sunet com au

Current thread:

sqwebmail web login Marco Marabelli (Feb 02)
- Re: sqwebmail web login Antonio Messina (Feb 03)
  - Re: sqwebmail web login Tim Nelson (Feb 04)
- Re: sqwebmail web login Brian Bothwell (Feb 03)
- <Possible follow-ups>
- Re: sqwebmail web login scott . jefferd (Feb 03)