Hi Charles Hi list Hi all
Thank you for helping me, thanks to your great knowledge of roundcubemail yet I have used only packages in CentOS deposits. I quote : roundcubemail-0.2.1-1.el5.kb.noarch.rpm which corresponds to the stable version 0.2.1 roundcubemail.noarch 0.1.1-5.el5 which corresponds to the stable version 0.1.1 I trust the packager EPEL and packager karanbir singh the only version that works is that the depot EPEL when my mailboxes contained few messages I have my system analysis with reference to the vulnerability "html2text conversion script vulnerability" my system seems intact did you look at my post last Tuesday Tue, 17 Nov 2009 21:39:40 +0100 (CET) roundcubemail seems to be sensitive to the version of php and php-mcrypt, it seems that roundcubemail sends a password crypt imap server I currently installed in one of my vhosts roundcubemail 0.3.1, the installer told me that everything is ok, the log directories are ok and yet I still did not log there was a post of Tue, 10 Nov 2009 15:16:33 +0100 (CET) there was a email entitled [RCU] mcrypt issues In this email advice to change program/include/rcmail.php lin 993 to $iv =8; you think it is necessary to make the change indicated in the thread in question a email entitled [RCU] mcrypt issues to solve my problems authentication I'll try the driver syslogd to try to have the logs roundcubemail thanks for all your feedbacks nb : google est mon ami , et bein , pas dans ce cas la On Nov 12, 2009, at 5:08 AM, [email protected] wrote: >> Even if that means your server will be compromised ? > > my system did not seem to be compromised > and how do I know, yes or no compromise You may not know, that is one of the problems. A server can get compromised and it is difficult to find a trail that shows you. There was a message posted to the RoundCube Development list on 11 Nov titled " html2text conversion script vulnerability " you might want to read from the archives. I see from one of your later posts you upgraded, I am thankful. As for your problem : I would make sure the " logs " directory in the " roundcubemail " directory is writable by the web server process. That is where the logs are written, and if the web server process doesn't have permissions to write to that directory, you won't get logging. PHP errors should be written to the web server log, which should be at /var/log/httpd/error_log. You should make sure logging to that file is turned on in the /etc/ php.ini file. I would recommend you deploy RoundCube on a server not connected to the internet first. That way you could allow PHP to display errors on the web page. Then, once you get RoundCube working on a test server, you can deploy it on a public-facing internet server. -- Charles Dostale System Admin - Silver Oaks Communications http://www.silveroaks.com/ 824 17th Street, Moline IL 61265 _______________________________________________ List info: http://lists.roundcube.net/users/ ------------------------------------------------------- _______________________________________________ List info: http://lists.roundcube.net/users/
