[33379] in bugtraq
Re: sqwebmail web login
daemon@ATHENA.MIT.EDU (Antonio Messina)
Wed Feb 4 01:47:53 2004
Message-ID: <401F61EE.CF48EC27@retiesistemi.it>
Date: Tue, 03 Feb 2004 09:55:10 +0100
From: Antonio Messina <messina@retiesistemi.it>
MIME-Version: 1.0
To: Marco Marabelli <mm@smrt.it>
Cc: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
> platform:
> linux 2.4 i386
> pachages: qmail+sqwebmail+qmailadmin+vpopmail-vchkpw-auth.
NOT with FreeBSD 4.5, kernel GENERIC, sqwebmail 3.3.3, vpopmail 5.2
However, I think it's due to a misconfiguration. Root mailbox does NOT
exist in default qmail installation: it's just an alias, not a real
valid user.
Mail for root is usually handled by the "alias" pseudo-user.
And with vpopmail you must create such user by hand (or via qmailadmin).
> I think this should be a good method for guessing root password, in fact
> failure logging in on the sqewebmail are not logged (generally!).
Failures are logged by vpopmail. Check your configuration.
> Regards,
> Marco Marabelli
ciao
