Here is an idea for a single password and login point: ( This requires imail/webmail "ignore source IP check" or whatever that is be disabled... but it has to be disabled for aol users anyway, so you probably already have it unchecked)
Have them login to WEBMAIL first, and a link to the manager from in webmail. Include their IMAIL SessionKey and full email address in the URL Ex Link from webmail (using imail variables): http://spamwatch.njaccess.com/[EMAIL PROTECTED]&imailkey= /X123411242 Now the login.cfm would actually do a CFHTTP get for: http://mail.njaccess.com:8383/X123411242/menu.cgi Then scan the page for [EMAIL PROTECTED] ( my menu.cgi contains Welcome EMAILADDRESS! ) If the imailkey was invald, then the CFHTTP would have been given the 'login failed' screen and [EMAIL PROTECTED] woulld not be found. If the key was valid, then the CFHTTP obtained their 'main menu' screen, which contains the current logged in adress for the key. If someone tries to switch to a different [EMAIL PROTECTED] then it won't work because the exact string wouldnt be found on the menu page for the imailkey that was given. Ex: <cfset imURL = "http://#mailip##imailuserkey#/menu.#imailnumber#.cgi?mbx=Main"> <cfhttp url="#imurl#" method="GET" port="80" resolveurl="false"></cfhttp> <CFIF FindNoCase(url.ImailEmail,cfhttp.filecontent)> <CFSET AuthPass = 1> </CFIF> Basically a little trickery to compare the email given via a URL variable against an IMAIL session key without any direct access to the registry or any actual password usage. This is how I do it with my CF app I wrote for my users. If this sounds like something you'de like to do or want to see it in action, or want my login.cfm source let me know. -Tom -----Original Message----- From: Scot Desort [mailto:[EMAIL PROTECTED] Sent: Thursday, November 06, 2003 3:40 PM To: [EMAIL PROTECTED] Subject: RE: [Declude.JunkMail] Opinions on web interface Thanks Matt. Geez, one time last year I searched the net endlessly for something like that util. I came up with tons of stuff to extract users and domain lists, and even old security exploits in Imail 4.x and 5.x that allowed you to easily go into the registry and pull passwords out. But this util could be the answer for me since it pulls passwords. I really didn't want to force users to use 2 passwords, but I didn't want to hold up the interface being released. And let's face it, many of them can't remember their email password anyway since everything is autosaved. But I will look at this util. Thanks again, Scot -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble Sent: Thursday, November 06, 2003 3:53 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Opinions on web interface Scot, Nice job! BTW, IMail managed passwords could be modified by way of a script. There's a tool out there which will decrypt the passwords from your registry, and I would imagine that you could sync that with your database without having to convert IMail over to SQL, and hand off new passwords by way of the built in IMail programs which are also used by the Web mail products. Try the following tool and run it with the command "c:\path\extractUsers.exe -f c:\extractusers" http://dev.myownemail.com/Imail/ExtractUsers.htm In the very least, you could parse the output files, or probably redirect the output to your database at regular intervals or after every password change??? Matt Scot Desort wrote: I just finished throwing together a web interface to allow our customers to self-maintain their spam thresholds, whitelists and declude actions. It's very simple, but does everything we need. Written in ColdFusion, SQL database to store settings, with a custom tag that writes the text files to disk for Declude to read. The only thing that would be nice would be to have it sync the password with the IMAIL password. I suppose one of these days I will convert all of my domains to SQL for IMAIL password storage, which would solve the problem. Your comments are welcomed: http://spamwatch.njaccess.com demo login user name: [EMAIL PROTECTED] pw: spam Feel free to play around. It's not a live account. Thanks, -- Scot ----- Original Message ----- From: "R. Scott Perry" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 03, 2003 4:30 PM Subject: Re: [Declude.JunkMail] WhiteList option questions Just upgrading Declude after a fair amount of time. The docs say that the white list file should go into $default$.junkmail. Just wanted to confirm it goes there and not global.cfg. That is correct. The WHITELISTFILE option is designed for incoming mail only, and only applies to the \IMail\Declude\$default$.JunkMail and per-user/per-domain files. -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.