lockout plugin configuration problems

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

lockout plugin configuration problems

Alex-325
Hi,
I'm using a squirrelmail 1.4.23SVN snapshot and having trouble with
the lockout plugin. I had it configured on a test system many months
ago, and I thought it was working properly, but now it's not.

There are no php errors in the logs, and my configtest.php looks okay.
Squirrelmail otherwise works fine. I'm not sure how to further debug
this, and really hoped someone could help. I've configured
locked_out.php with my own text, and it's never printed. I've also
installed and enabled the compatibility plugin. The
lockout_plugin_login_failure_ information.pref has old entries in it
where it once worked properly. squirrelmail_access_log has the failed
login entries, but there are no new entries in the
lockout_plugin_login_failure_information.pref file after trying and
failing to login $max_login_attempts times.

If I include the following in lockout_table.php, assuming my domain is
example.com and my webmail host is webstage.example.com, it locks
everyone out regardless of the number of tries.

domain:   example.com   locked_out.php

It also doesn't seem to be writing anything to
/var/lib/squirrelmail/data/lockout_plugin_login_failure_information.pref
even though it appears to rewrite the file every time an invalid
password is entered (with the domain: entry enabled). Assuming my test
user is "alex", there are never any entries written to the
lockout_plugin_login_failure file.

I've included my config.php below (using example.com)

$use_lockout_rules = 1;
$reverseLockout = '';
$at = '@';
$obey_x_forwarded_headers = 0;
$max_login_attempts = '6:10:30';
$max_login_attempts_per_IP = '';
$activate_CAPTCHA_after_failed_attempts = '';
$lockout_notification_addresses = '[hidden email]';
$log_violated_lockout_rules = 1;
$log_violated_max_user_logins = 1;
$log_violated_max_IP_logins = 0;
$log_CAPTCHA_enabled = 0;
$lockout_useSendmail = NULL;
$lockout_smtpServerAddress = NULL;
$lockout_smtpPort = NULL;
$lockout_sendmail_path = NULL;
$lockout_sendmail_args = NULL;
$lockout_pop_before_smtp = NULL;
$lockout_encode_header_key = NULL;
$lockout_smtp_auth_mech = NULL;
$lockout_smtp_sitewide_user = NULL;
$lockout_smtp_sitewide_pass = NULL;

Thanks,
Alex

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: lockout plugin configuration problems

Alex-325
Hi,

> If I include the following in lockout_table.php, assuming my domain is
> example.com and my webmail host is webstage.example.com, it locks
> everyone out regardless of the number of tries.
>
> domain:   example.com   locked_out.php
>
> It also doesn't seem to be writing anything to
> /var/lib/squirrelmail/data/lockout_plugin_login_failure_information.pref
> even though it appears to rewrite the file every time an invalid

Okay, I figured out I was misinterpreting the function of the
lockout_table, but even if I disable the use of the lockout_table, it
still doesn't ever lock out any user according to the vales set in the
$max_login_attempts variable.

Nothing is ever written to the
lockout_plugin_login_failure_information.pref file any longer and I
can't figure out why.

Thanks,
Alex

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: lockout plugin configuration problems

Alex-325
Hi,

Does anyone have any ideas what I might be doing wrong to explain why
the lockout plugin isn't working for me?

Anyone have any ideas how to further debug a plugin that's silently
being ignored?

Thanks,
Alex

On Mon, Nov 3, 2014 at 9:48 PM, Alex <[hidden email]> wrote:

> Hi,
>
>> If I include the following in lockout_table.php, assuming my domain is
>> example.com and my webmail host is webstage.example.com, it locks
>> everyone out regardless of the number of tries.
>>
>> domain:   example.com   locked_out.php
>>
>> It also doesn't seem to be writing anything to
>> /var/lib/squirrelmail/data/lockout_plugin_login_failure_information.pref
>> even though it appears to rewrite the file every time an invalid
>
> Okay, I figured out I was misinterpreting the function of the
> lockout_table, but even if I disable the use of the lockout_table, it
> still doesn't ever lock out any user according to the vales set in the
> $max_login_attempts variable.
>
> Nothing is ever written to the
> lockout_plugin_login_failure_information.pref file any longer and I
> can't figure out why.
>
> Thanks,
> Alex

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: lockout plugin configuration problems

Paul Lesniewski
Answered on the plugins mailing list.


On 11/6/14, Alex <[hidden email]> wrote:

> Hi,
>
> Does anyone have any ideas what I might be doing wrong to explain why
> the lockout plugin isn't working for me?
>
> Anyone have any ideas how to further debug a plugin that's silently
> being ignored?
>
> Thanks,
> Alex
>
> On Mon, Nov 3, 2014 at 9:48 PM, Alex <[hidden email]> wrote:
>> Hi,
>>
>>> If I include the following in lockout_table.php, assuming my domain is
>>> example.com and my webmail host is webstage.example.com, it locks
>>> everyone out regardless of the number of tries.
>>>
>>> domain:   example.com   locked_out.php
>>>
>>> It also doesn't seem to be writing anything to
>>> /var/lib/squirrelmail/data/lockout_plugin_login_failure_information.pref
>>> even though it appears to rewrite the file every time an invalid
>>
>> Okay, I figured out I was misinterpreting the function of the
>> lockout_table, but even if I disable the use of the lockout_table, it
>> still doesn't ever lock out any user according to the vales set in the
>> $max_login_attempts variable.
>>
>> Nothing is ever written to the
>> lockout_plugin_login_failure_information.pref file any longer and I
>> can't figure out why.
>>
>> Thanks,
>> Alex

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users