Re: Cryus IMAP accepts any password!

From: Michuki Mwangi (no email)
Date: Tue Mar 29 2005 - 11:35:04 EST

  • Next message: Michuki Mwangi: "Re: Cryus IMAP accepts any password! - Solved"

    Dear list members,

    I seem to have the most bizarre situation on my new setup.

    FreeBSD 5.3
    Cyrus-imap2 2.2.8
    Cyrus-saslauthd 2.1.19_1
    pam-mysql
    mysql 5.0.0.2
    Postfix - 2.1.4
    Squirrelmail - 1.4.3a

    Setup and delivery is fine.I can check mail from the respective accounts
    created in mysql and cyradm with *ANY* PASSWORD!. in this case i have tried
    both through Webmail (Squirrelmail) and mail client.

    I can see the following from messages log

    Mar 29 19:16:23 mail pop3[868]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits new) no authentication
    Mar 29 19:16:23 mail pop3[868]: login: [x.x.x.x] info PLAIN+TLS User logged in

    I thought that my setup was wrong so i tried to debug by putting a wrong
    username or password or DB in the /etc/pam.d/pop and imap files

    Well i can see that an sql error is generated in auth.log as follows.

    Mar 29 19:15:25 mail saslauthd[569]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'
    Mar 29 19:15:32 mail saslauthd[565]: pam_mysql: MySQL err Access denied for user: 'xxx'@'localhost' to database 'mail'

    however am still able to check mail through the webclient or Kmail.

    My /etc/pam.d/imap & pop files are as follows.
    # auth
    #auth required pam_nologin.so no_warn
    #auth sufficient pam_krb5.so no_warn try_first_pass
    #auth sufficient pam_ssh.so no_warn try_first_pass
    #auth required pam_unix.so no_warn try_first_pass
    auth sufficient pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tabl
    e=accountuser usercolumn=username passwdcolumn=password crypt=0
    account required pam_mysql.so user=xxxxxx passwd=xxxxx host=localhost db=mail tab
    le=accountuser usercolumn=username passwdcolumn=password crypt=0

    imap.conf file has the following options uncommented from the default settings.

    configdirectory: /var/imap
    partition-default: /home/mail
    allowanonymouslogin: no
    allowplaintext: yes
    timeout: 30
    poptimeout: 10
    admins: cyrus
    reject8bit: no
    sieveusehomedir: false
    sievedir: /home/sieve
    sendmail: /usr/sbin/sendmail
    sasl_pwcheck_method: saslauthd
    sasl_mech_list: PLAIN LOGIN
    tls_cert_file:/var/imap/server.pem
    tls_key_file:/var/imap/key.pem
    tls_ca_file:/var/imap/server.pem
    tls_ca_file:/var/imap/server.pem
    #
    # EOF

    Where am i going wrong?

    Regards, 

    ---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
  • Next message: Michuki Mwangi: "Re: Cryus IMAP accepts any password! - Solved"





    Hosted Email Solutions

    Invaluement Anti-Spam DNSBLs



    		Powered By FreeBSD   Powered By FreeBSD