Squirrelmail mixing up user profiles

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Squirrelmail mixing up user profiles

Andrea
Hi all.

I have a SquirrelMail version 1.4.23 [SVN] running on Debian 7.11 with PHP
5.4.45-0+deb7u6 / Apache 2.2.22 .
This is the relevant section of config.php

> $data_dir                 = '/var/lib/squirrelmail/data/';
> $attachment_dir           = '/var/spool/squirrelmail/attach/';
> $dir_hash_level           = 0;
> $default_left_size        = '150';
> $force_username_lowercase = false;
> $default_use_priority     = true;
> $hide_sm_attributions     = false;
> $default_use_mdn          = true;
> $edit_identity            = false;
> $edit_name                = true;
> $hide_auth_header         = false;
> $allow_thread_sort        = false;
> $allow_server_sort        = false;
> $allow_charset_search     = true;
> $uid_support              = true;
>
> $plugins[0] = 'translate';
> $plugins[1] = 'squirrelspell';
> $plugins[2] = 'spamcop';
> $plugins[3] = 'filters';
> $plugins[4] = 'calendar';
> $plugins[5] = 'abook_take';
> $plugins[6] = 'administrator';
> $plugins[7] = 'newmail';
> $plugins[8] = 'bug_report';
> $plugins[9] = 'sent_subfolders';
> $plugins[10] = 'mail_fetch';
> $plugins[11] = 'listcommands';
> $plugins[12] = 'message_details';
> $plugins[13] = 'delete_move_next';
> $plugins[14] = 'attachment_tnef';
> $plugins[15] = 'empty_folders';
> $plugins[16] = 'html_mail';
> $plugins[17] = 'view_as_html';
> $plugins[18] = 'info';
> $plugins[19] = 'change_sqlpass';
> $plugins[20] = 'quicksave';
> $plugins[21] = 'squirrel_logger';

About a few moths ago I was notified that one user was having an issue where
his outgoing emails displayed another user¹s details (From:, Reply-To:). The
two users log in from the same computer with the same OS account but their
mailboxes belong to different domains.
The same behaviour also happens on another computer.

These are the headers of the outgoing message:

> Received: from XXX ([XXX])
>         (SquirrelMail authenticated user [hidden email])
>         by webmail.domain.con with HTTP;
>         Mon, 15 Aug 2016 23:11:50 +0200
> Message-ID: <[hidden email]>
> Date: Mon, 15 Aug 2016 23:11:50 +0200
> Subject: Re: Ris: Invio documenti come da accordi
> From: ³USER_2² <[hidden email]>
> To: ³XXX² <[hidden email]>
> Cc: YYY
> Reply-To: [hidden email]
> User-Agent: SquirrelMail/1.4.23 [SVN]
> MIME-Version: 1.0
> Content-Type: multipart/mixed;boundary="----=_20160815231150_40101"
> X-Priority: 3 (Normal)
> Importance: Normal
>

The authentication string is indeed correct but all the details belong to
USER_2.
There is no SMTP authentication from the webmail but I do check the MAIL
FROM: on a list of addresses that the user is permitted to send mail as.
Both USER_1 and USER_2 only have their respective accounts so if
SquirrelMail had used USER_2 during the SMTP transaction, it would have been
refused.

Has anyone experienced this issue before? How can I fix it without having to
delete and recreate the profiles?

Thank you.




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Squirrelmail mixing up user profiles

Alan in Toronto-3
On Sat, December 17, 2016 5:15 am, Andrea wrote:
> Hi all.
>
> I have a SquirrelMail version 1.4.23 [SVN] running on Debian 7.11 with PHP
> 5.4.45-0+deb7u6 / Apache 2.2.22 .
> This is the relevant section of config.php

> About a few moths ago I was notified that one user was having an issue where
> his outgoing emails displayed another user¹s details (From:, Reply-To:). The
> two users log in from the same computer with the same OS account but their
> mailboxes belong to different domains.
> The same behaviour also happens on another computer.

> Has anyone experienced this issue before? How can I fix it without having to
> delete and recreate the profiles?


IIRC, user accounts can get mixed up if user1 neglects to logout before user2 logs
in on the same computer in the same browser. If they used different browsers then it
wouldn't be a problem, and if user1 logged out it wouldn't happen.




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: Squirrelmail mixing up user profiles

Paul Lesniewski


On 2016年12月18日 05:31, Alan in Toronto wrote:

> On Sat, December 17, 2016 5:15 am, Andrea wrote:
>> Hi all.
>>
>> I have a SquirrelMail version 1.4.23 [SVN] running on Debian 7.11 with PHP
>> 5.4.45-0+deb7u6 / Apache 2.2.22 .
>> This is the relevant section of config.php
>
>> About a few moths ago I was notified that one user was having an issue where
>> his outgoing emails displayed another user¹s details (From:, Reply-To:). The
>> two users log in from the same computer with the same OS account but their
>> mailboxes belong to different domains.
>> The same behaviour also happens on another computer.
>
>> Has anyone experienced this issue before? How can I fix it without having to
>> delete and recreate the profiles?
>
>
> IIRC, user accounts can get mixed up if user1 neglects to logout before user2 logs
> in on the same computer in the same browser. If they used different browsers then it
> wouldn't be a problem, and if user1 logged out it wouldn't happen.

This is well documented in the mailing list archives.  Remember to
search before you post.  Also note that the Login Check plugin was
created to help mitigate this problem.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users