Thank you so much, Tomas!
Problem solved. It was permissions. All my web stuff belongs to user
"nobody", and I have configured apache to use that. But the latest
distributions have gone to user "apache".
I had to chown /var/lib/php from root.apache to root.nobody. Poof!
Working Squirrelmail!
WRT security - my Squirrelmail is buried in a directory that requires
https to use it. And it talks to imap on the same machine via localhost.
So I could just go to plaintext authentication, since
the link is already encrypted anyway. The only time it becomes an issue
is if I want to support external mailers on the Internet.
I admit to some concern about having my password in a plaintext file in
/etc, but with chown 400, nobody can see it but root, and if an invader
gets root, I'm dead meat anyway.
The Internet has become a nasty place - I pine for the days when it was
just universities and networking nerds. People are constantly banging
on my linux box trying to get root.
I wrote a Perl script that constantly watches for failed login
attempts. It applies a leaky bucket algorithm to each IP with failed
attempts. If enough failed attempts occur in a short enough time (
causing a bucket overflow ), it blacklists the offending IP for a day,
dropping all its packets on the floor at the earliest possible
opportunity. At the present moment, there are 6 IPs blacklisted.
- Jerry Kaidor
>
>
> Jerome Kaidor wrote:
>>
>> Hello,
>>
>> I've been a happy Squirrelmail user for a few years now. It does
>> everything I need, no fuss, no muss.
>>
>> But my Linux server has been getting flaky, so I put together a new
>> server with the latest Slackware 13.0 distribution. It's been a few
>> days
>> getting everything working and the latest victim is Squirrelmail.
>>
>> Squirrelmail V1.4.15 just came along for the ride when I transferred
>> my
>> web
>> content. But the IMAP server did not.
>>
>> I compiled uw imap from source and set it up for CRAM-MD5
>> authentication.
>> I know the SM documentation says that you HAVE to use plaintext, but the
>> conf.pl script has a CRAM-MD5 choice, so I figured that the plaintext
>> requirement was Old News.
>>
>> Yet, it doesn't work. I type in my username and password at the SM
>> login
>> screen, and it immediately comes back:
>>
>> ERROR
>> You must be logged in to access this page.
>> Go to the login page
>>
>> However, if I type in a bad password, it says:
>>
>> ERROR
>> Unknown user or password incorrect.
>> Go to the login page
>>
>>
>> The imap does work OK with a mailer on a second PC ( Thunderbird
>> under
>> Windows ). I can see the imapd being started by watching
>> /var/log/debug,
>> but then when I take a look with "ps ax | grep pid" it's not there
>> anymore.
>> So it seems to die right after it starts up.
>>
>> Anybody have a hint or a clue, before I start diving into the uw
>> imapd
>> source?
>>
>
> 1. you can temporally switch off plaintext login restrictions in uw
> /etc/c-client.cf and check if SquirrelMail can login with LOGIN
> authentication.
>
> 2. create test php script with
> ---
> session_write_close();
> ini_set('error_reporting',E_ALL);
> ini_set('display_errors',1);
> var_dump(session_start())
> ---
> save it in SquirrelMail root directory, open in your browser
> (http://your-server/path-to-squirrelmail/scriptname.php) and check for any
> error messages.
>
> uw cram-md5 requires you to store all passwords in plain text. You want to
> protect things, consider using IMAPS.
>
> --
> View this message in context:
> http://old.nabble.com/SM-and-UW-Wont%27-Play-tp27544484p27544538.html
> Sent from the squirrelmail-users mailing list archive at Nabble.com.
>
>
> ------------------------------------------------------------------------------
> SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
> Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
> http://p.sf.net/sfu/solaris-dev2dev
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [email protected]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options):
> https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
>
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [email protected]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
