On Saturday 29 November 2003 19:56, Michael Hauck wrote: > Hi everyone! > > I'm using XMail on my server and it runs very nicely. The only thing I > don't like is the output of the unencrypted password in the pop3 log and > when I use the userlist command in the CtrlClnt tool. I don't think the > admin has to know user passwords. Is there an easy way to change this? I > have had a look at the code but it's not very well documented (or I > simply missed the documentation...). I tried editing the CTRLDo_userlist > function but that didn't help. > > Thanks! > > mike >
Hi Mike, This was discussed at length on this list a few months ago. Many of us are concerned about XMail storing passwords in log files, particularly unencrypted ones. Davide's point is that the logs are only accessable by root so it doesn't make any difference if the log shows passwords. At this point my recommendation is: If you are concerned about this use Mike Howeth's system or any other configuration that gives those files additional protection. Jeff - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
