On Dec 31, 2006, at 12:58 PM, [EMAIL PROTECTED] wrote:
I was wondering if there was a way to, or any plans to add a
way to disallow blank/empty passwords? Due to a lot of traveling I
like to use my qmail/vpopmail server as a relay, closed to the
world obviously, but open to anyone who can authenticate. A fair
amount of people use the system, some of which are not tech savvy.
I've had a few problems caused by people scanning for accounts
with blank passwords, finding one, and exploiting the account to
relay spam. I understand that this is really an administration
issue, but rather than have a cronjob that mails me a list of
accounts without a password, it would be nice if there was a way to
not accept a blank password. If anyone knows how to do this on a
vpopmail level as well, that would rock.
Good point. I had thought that QmailAdmin only allowed blank
passwords if "enable-learn-passwords" had been enabled in vpopmail.
I see now that it only does that when adding an account -- when
modifying it's possible to set a blank password at any time.
I'll look into changing it for an upcoming release.
--
Tom Collins - [EMAIL PROTECTED]
Vpopmail - virtual domains for qmail: http://vpopmail.sf.net/
QmailAdmin - web interface for Vpopmail: http://qmailadmin.sf.net/