neomail-users Mailing List for NeoMail (Page 3)
Brought to you by:
neorants
You can subscribe to this list here.
2000 |
Jan
|
Feb
(5) |
Mar
(11) |
Apr
(10) |
May
(29) |
Jun
(12) |
Jul
(19) |
Aug
(34) |
Sep
(32) |
Oct
(74) |
Nov
(63) |
Dec
(153) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2001 |
Jan
(211) |
Feb
(117) |
Mar
(160) |
Apr
(79) |
May
(153) |
Jun
(140) |
Jul
(129) |
Aug
(128) |
Sep
(67) |
Oct
(129) |
Nov
(102) |
Dec
(110) |
2002 |
Jan
(147) |
Feb
(65) |
Mar
(72) |
Apr
(59) |
May
(47) |
Jun
(54) |
Jul
(75) |
Aug
(91) |
Sep
(58) |
Oct
(83) |
Nov
(34) |
Dec
(27) |
2003 |
Jan
(50) |
Feb
(38) |
Mar
(24) |
Apr
(60) |
May
(43) |
Jun
(64) |
Jul
(68) |
Aug
(50) |
Sep
(58) |
Oct
(57) |
Nov
(62) |
Dec
(17) |
2004 |
Jan
(18) |
Feb
(17) |
Mar
(21) |
Apr
(11) |
May
(11) |
Jun
(3) |
Jul
(13) |
Aug
(7) |
Sep
(3) |
Oct
(2) |
Nov
(10) |
Dec
(1) |
2005 |
Jan
(16) |
Feb
(13) |
Mar
(3) |
Apr
(5) |
May
(2) |
Jun
(3) |
Jul
(1) |
Aug
|
Sep
|
Oct
(2) |
Nov
(2) |
Dec
|
2006 |
Jan
(1) |
Feb
|
Mar
(3) |
Apr
|
May
(2) |
Jun
|
Jul
|
Aug
(3) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
2007 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2008 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
2013 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: support <su...@co...> - 2005-01-21 04:31:39
|
Hi, Warning suidperl is a highly easy and simple hackable exploit. You are endangering your server or hosting providers server by installing= =20 this perl access. We are waiting for neomail to release a secure non hackable (easy hack)=20 version of neomail as we have many clients that like the functions, but=20 since this neomail is on the top of the easy hack to root on a server we=20 cannot use and will not recommend such to any user. I hope neomail catches up with the times and patches the easy exploits. Richard \At 08:22 PM 1/20/2005 -0800, neo...@li...= =20 wrote: >Send NeoMail-users mailing list submissions to > neo...@li... > >To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/neomail-users >or, via email, send a message with subject or body 'help' to > neo...@li... > >You can reach the person managing the list at > neo...@li... > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of NeoMail-users digest..." > > >Today's Topics: > > 1. Re: Hi ! (Miguel !) > >--__--__-- > >Message: 1 >Date: Thu, 20 Jan 2005 11:20:24 -0600 (CST) >From: Miguel ! <mig...@ya...> >Subject: Re: [Neomail-users] Hi ! >To: Torsten Mueller <to...@ar...>, > Neo...@li... > >Hi again and thanks for your answer, > > >I'm trying to install suidperl now. > >I've perl 5.8.0 >perl -v >This is perl, v5.8.0 built for i586-linux, i install >this with CPAN. > >when i try to install this by rpm package. > >rpm -Uvh perl-suidperl-5.8.0-88.i386.rpm >error: failed dependencies: > perl =3D 2:5.8.0-88 is needed by perl-suidperl-5.8.0-88 > >My question is why is this error? > >Thanks for your help, >Miguel ! > > --- Torsten Mueller <to...@ar...> escribi=F3: > > Miguel ! schrieb: > > > > > Thanks for your answer !!!! > > > > > > Yeah i don't have suidperl but i have a question, > > perl > > > 5.0.8 does it have this (suidperl) ? Because when > > i > > > make upgrade to 5.8.3 it couldn't find this on my > > > system. > > > > Depending of the packaging system of your > > distribution suidperl can be in a different package > > (or it can't be available as a package at all). > > > > Possibly you can compile your perl yourself. > > > > Torsten > > > > > > > > Thanks, > > > Miguel! > > > > > > --- Torsten Mueller <to...@ar...> > > escribi=F3: > > > > > >>Possibly you don't have suidperl now ? > > >> > > >>Torsten > > >> > > >>Miguel =FFffffc1ngel M. Albores schrieb: > > >> > > >> > > >>>i have a Qube3 of Cobalt. > > >>> > > >>>I try to install SpamAssassin from this article: > > >>> > > >>> > > >> > > > > > >http://www.depopo.net/content/howto/cobalt-qube3-spamassassin.htm > > > > > >>>and i upgrade to perl 5.8.0 for having success on > > >>>instalation. > > >>> > > >>>But since i was this upgrade i get this error in > > >> > > >>my > > >> > > >>>web page. > > >>> > > >>>Software error: > > >>>Can't locate neomail.conf in @INC (@INC contains: > > >>>/usr/lib/perl5/5.8.0/i586-linux > > >> > > >>/usr/lib/perl5/5.8.0 > > >> > > >>>/usr/lib/perl5/site_perl/5.8.0/i586-linux > > >>>/usr/lib/perl5/site_perl/5.8.0 > > >>>/usr/lib/perl5/site_perl /var/neomail) at > > >>>/home/www/cgi-bin/neomail.pl line 37. > > >>> > > >>>I copy neomail.conf in ALL directories that > > >> > > >>appears > > >> > > >>>top without success :( > > >>> > > >>>I make sure that neomail.pl and neomail-prefs.pl > > >> > > >>have > > >> > > >>>the proper permissions to read the /var/neomail > > >>>directory, they have permissions: > > >>>root mail > > >>> > > >>>If somebody can help me :( > > >>>Thanks, > > >>>Miguel! > > >> > > >> > > >> > > >> > > > > > >------------------------------------------------------- > > > > > >>This SF.Net email is sponsored by: IntelliVIEW -- > > >>Interactive Reporting > > >>Tool for open source databases. Create drag-&-drop > > >>reports. Save time > > >>by over 75%! Publish reports on the web. Export to > > >>DOC, XLS, RTF, etc. > > >>Download a FREE copy at > > >>http://www.intelliview.com/go/osdn_nl > > >>_______________________________________________ > > >>NeoMail-users mailing list > > >>Neo...@li... > > >> > > > > > > > > >https://lists.sourceforge.net/lists/listinfo/neomail-users > > > > > >> > > > > > > > > > > > >_________________________________________________________ > > > Do You Yahoo!? > > > Informaci=F3n de Estados Unidos y Am=E9rica Latina, en > > Yahoo! Noticias. > > > Vis=EDtanos en http://noticias.espanol.yahoo.com > > > > > > > > > > > > > > > > > >------------------------------------------------------- > > This SF.Net email is sponsored by: IntelliVIEW -- > > Interactive Reporting > > Tool for open source databases. Create drag-&-drop > > reports. Save time > > by over 75%! Publish reports on the web. Export to > > DOC, XLS, RTF, etc. > > Download a FREE copy at > > http://www.intelliview.com/go/osdn_nl > > _______________________________________________ > > NeoMail-users mailing list > > Neo...@li... > > >https://lists.sourceforge.net/lists/listinfo/neomail-users > > > >_________________________________________________________ >Do You Yahoo!? >Informaci=F3n de Estados Unidos y Am=E9rica Latina, en Yahoo! Noticias. >Vis=EDtanos en http://noticias.espanol.yahoo.com > > > >--__--__-- > >_______________________________________________ >NeoMail-users mailing list >Neo...@li... >https://lists.sourceforge.net/lists/listinfo/neomail-users > > >End of NeoMail-users Digest |
From: Miguel ! <mig...@ya...> - 2005-01-20 17:20:32
|
Hi again and thanks for your answer, I'm trying to install suidperl now. I've perl 5.8.0 perl -v This is perl, v5.8.0 built for i586-linux, i install this with CPAN. when i try to install this by rpm package. rpm -Uvh perl-suidperl-5.8.0-88.i386.rpm error: failed dependencies: perl = 2:5.8.0-88 is needed by perl-suidperl-5.8.0-88 My question is why is this error? Thanks for your help, Miguel ! --- Torsten Mueller <to...@ar...> escribió: > Miguel ! schrieb: > > > Thanks for your answer !!!! > > > > Yeah i don't have suidperl but i have a question, > perl > > 5.0.8 does it have this (suidperl) ? Because when > i > > make upgrade to 5.8.3 it couldn't find this on my > > system. > > Depending of the packaging system of your > distribution suidperl can be in a different package > (or it can't be available as a package at all). > > Possibly you can compile your perl yourself. > > Torsten > > > > > Thanks, > > Miguel! > > > > --- Torsten Mueller <to...@ar...> > escribió: > > > >>Possibly you don't have suidperl now ? > >> > >>Torsten > >> > >>Miguel ÿffffc1ngel M. Albores schrieb: > >> > >> > >>>i have a Qube3 of Cobalt. > >>> > >>>I try to install SpamAssassin from this article: > >>> > >>> > >> > > > http://www.depopo.net/content/howto/cobalt-qube3-spamassassin.htm > > > >>>and i upgrade to perl 5.8.0 for having success on > >>>instalation. > >>> > >>>But since i was this upgrade i get this error in > >> > >>my > >> > >>>web page. > >>> > >>>Software error: > >>>Can't locate neomail.conf in @INC (@INC contains: > >>>/usr/lib/perl5/5.8.0/i586-linux > >> > >>/usr/lib/perl5/5.8.0 > >> > >>>/usr/lib/perl5/site_perl/5.8.0/i586-linux > >>>/usr/lib/perl5/site_perl/5.8.0 > >>>/usr/lib/perl5/site_perl /var/neomail) at > >>>/home/www/cgi-bin/neomail.pl line 37. > >>> > >>>I copy neomail.conf in ALL directories that > >> > >>appears > >> > >>>top without success :( > >>> > >>>I make sure that neomail.pl and neomail-prefs.pl > >> > >>have > >> > >>>the proper permissions to read the /var/neomail > >>>directory, they have permissions: > >>>root mail > >>> > >>>If somebody can help me :( > >>>Thanks, > >>>Miguel! > >> > >> > >> > >> > > > ------------------------------------------------------- > > > >>This SF.Net email is sponsored by: IntelliVIEW -- > >>Interactive Reporting > >>Tool for open source databases. Create drag-&-drop > >>reports. Save time > >>by over 75%! Publish reports on the web. Export to > >>DOC, XLS, RTF, etc. > >>Download a FREE copy at > >>http://www.intelliview.com/go/osdn_nl > >>_______________________________________________ > >>NeoMail-users mailing list > >>Neo...@li... > >> > > > > > https://lists.sourceforge.net/lists/listinfo/neomail-users > > > >> > > > > > > > _________________________________________________________ > > Do You Yahoo!? > > Información de Estados Unidos y América Latina, en > Yahoo! Noticias. > > Visítanos en http://noticias.espanol.yahoo.com > > > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IntelliVIEW -- > Interactive Reporting > Tool for open source databases. Create drag-&-drop > reports. Save time > by over 75%! Publish reports on the web. Export to > DOC, XLS, RTF, etc. > Download a FREE copy at > http://www.intelliview.com/go/osdn_nl > _______________________________________________ > NeoMail-users mailing list > Neo...@li... > https://lists.sourceforge.net/lists/listinfo/neomail-users > _________________________________________________________ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com |
From: Torsten M. <to...@ar...> - 2005-01-19 21:00:44
|
Miguel ! schrieb: > Thanks for your answer !!!! > > Yeah i don't have suidperl but i have a question, perl > 5.0.8 does it have this (suidperl) ? Because when i > make upgrade to 5.8.3 it couldn't find this on my > system. Depending of the packaging system of your distribution suidperl can be in a different package (or it can't be available as a package at all). Possibly you can compile your perl yourself. Torsten > > Thanks, > Miguel! > > --- Torsten Mueller <to...@ar...> escribió: > >>Possibly you don't have suidperl now ? >> >>Torsten >> >>Miguel ÿffffc1ngel M. Albores schrieb: >> >> >>>i have a Qube3 of Cobalt. >>> >>>I try to install SpamAssassin from this article: >>> >>> >> > http://www.depopo.net/content/howto/cobalt-qube3-spamassassin.htm > >>>and i upgrade to perl 5.8.0 for having success on >>>instalation. >>> >>>But since i was this upgrade i get this error in >> >>my >> >>>web page. >>> >>>Software error: >>>Can't locate neomail.conf in @INC (@INC contains: >>>/usr/lib/perl5/5.8.0/i586-linux >> >>/usr/lib/perl5/5.8.0 >> >>>/usr/lib/perl5/site_perl/5.8.0/i586-linux >>>/usr/lib/perl5/site_perl/5.8.0 >>>/usr/lib/perl5/site_perl /var/neomail) at >>>/home/www/cgi-bin/neomail.pl line 37. >>> >>>I copy neomail.conf in ALL directories that >> >>appears >> >>>top without success :( >>> >>>I make sure that neomail.pl and neomail-prefs.pl >> >>have >> >>>the proper permissions to read the /var/neomail >>>directory, they have permissions: >>>root mail >>> >>>If somebody can help me :( >>>Thanks, >>>Miguel! >> >> >> >> > ------------------------------------------------------- > >>This SF.Net email is sponsored by: IntelliVIEW -- >>Interactive Reporting >>Tool for open source databases. Create drag-&-drop >>reports. Save time >>by over 75%! Publish reports on the web. Export to >>DOC, XLS, RTF, etc. >>Download a FREE copy at >>http://www.intelliview.com/go/osdn_nl >>_______________________________________________ >>NeoMail-users mailing list >>Neo...@li... >> > > https://lists.sourceforge.net/lists/listinfo/neomail-users > >> > > > _________________________________________________________ > Do You Yahoo!? > Información de Estados Unidos y América Latina, en Yahoo! Noticias. > Visítanos en http://noticias.espanol.yahoo.com > > > |
From: Torsten M. <to...@ar...> - 2005-01-19 18:12:10
|
Possibly you don't have suidperl now ? Torsten Miguel ÿffffc1ngel M. Albores schrieb: > i have a Qube3 of Cobalt. > > I try to install SpamAssassin from this article: > > http://www.depopo.net/content/howto/cobalt-qube3-spamassassin.htm > > and i upgrade to perl 5.8.0 for having success on > instalation. > > But since i was this upgrade i get this error in my > web page. > > Software error: > Can't locate neomail.conf in @INC (@INC contains: > /usr/lib/perl5/5.8.0/i586-linux /usr/lib/perl5/5.8.0 > /usr/lib/perl5/site_perl/5.8.0/i586-linux > /usr/lib/perl5/site_perl/5.8.0 > /usr/lib/perl5/site_perl /var/neomail) at > /home/www/cgi-bin/neomail.pl line 37. > > I copy neomail.conf in ALL directories that appears > top without success :( > > I make sure that neomail.pl and neomail-prefs.pl have > the proper permissions to read the /var/neomail > directory, they have permissions: > root mail > > If somebody can help me :( > Thanks, > Miguel! |
From: <mig...@ya...> - 2005-01-18 03:36:12
|
i have a Qube3 of Cobalt. I try to install SpamAssassin from this article: http://www.depopo.net/content/howto/cobalt-qube3-spamassassin.htm and i upgrade to perl 5.8.0 for having success on instalation. But since i was this upgrade i get this error in my web page. Software error: Can't locate neomail.conf in @INC (@INC contains: /usr/lib/perl5/5.8.0/i586-linux /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i586-linux /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /var/neomail) at /home/www/cgi-bin/neomail.pl line 37. I copy neomail.conf in ALL directories that appears top without success :( I make sure that neomail.pl and neomail-prefs.pl have the proper permissions to read the /var/neomail directory, they have permissions: root mail If somebody can help me :( Thanks, Miguel! _________________________________________________________ Do You Yahoo!? Información de Estados Unidos y América Latina, en Yahoo! Noticias. Visítanos en http://noticias.espanol.yahoo.com |
From: Torsten M. <to...@ar...> - 2005-01-07 02:25:17
|
Poubelle schrieb: > Hi, > > i have a big problem with neomail : how to export the 300 addresses book > of my customers ? > I did not find answers to this on this list or other ressources on the web. > I'm afraid it's not natively possible. Is there a patch, a script wich > can recover the neomail address book somewhere ? Well, i don't know, what you mean with recover. The format of the addressbook is simple, so you should be able to manually "export" for some costumers. > This function should exists in neomail. You mean to export the addressbook to a flat text file with a button inside neomail ? Should not be a problem. I don't know, if such a patch exists, but it should be possible to code it. Torsten |
From: Poubelle <pou...@la...> - 2005-01-06 16:41:10
|
Hi, i have a big problem with neomail : how to export the 300 addresses book = of my customers ? I did not find answers to this on this list or other ressources on the = web. I'm afraid it's not natively possible. Is there a patch, a script wich = can recover the neomail address book somewhere ? This function should exists in neomail. Thx for help. Denis |
From: Rogelio A. A. <ral...@cl...> - 2004-12-27 20:00:55
|
Hello. I set up neomail and I can logon correctly, but, when I log, it says it's my first login.. it's ok because it is true, after that it prompts me with some configuration options and after that it comes up with an error saying that it couldn't block write permission on /var/spool/mail//user It is strange to me that it has the double // on the message, or maybe it could be a permission or group issue. Could you please help me? Rogelio Alvarado Anchisi Galaxy Communications Corp Tel: +507-2000128 Tel: +507-2000100 Cel: +507-6744093 Fax: +507-2000132 |
From: <la...@te...> - 2004-11-30 16:02:46
|
The access to my dns service or my bank account are protected by a login/password and the back button doesn't resend my data, it send to a login page. I don't know how they do it. Google adsense, for instance, show this behavior: back button resend data. This is not a security bug of Neomail, and I don't know how to avoid it, that's the reason I've proposed this question. I think browsers shouldn't save any page with no-cache pragma in its history. It's absurd that, in expired page, the message say that it doesn't send data for security reasons and allow user refresh page to send this data. Illogical, I can see the security in browser. Regards ----- Original Message ----- From: "Ernie Miller" <ern...@ne...> To: <la...@te...>; <neo...@li...> Sent: Monday, November 29, 2004 6:27 PM Subject: Re: [Neomail-users] Neomail security > Give an example of another program that is capable of overriding this > browser-side behavior. The only scenario I could imagine is where there is > an auto-redirect after login. Even then, however, this is security through > obscurity as if the user is fast enough they could refresh the page after > clicking back to the auto-redirect page. > > ----- Original Message ----- > From: <la...@te...> > To: <neo...@li...> > Sent: Monday, November 29, 2004 12:10 PM > Subject: Re: [Neomail-users] Neomail security > > > > If yout read a message the resend of login data ocurs after push the back > > button twice or more. As you say the page of login is always in browser > > history. > > And this is not a bug, others program has the same behavior, but in other > > protected pages the behavior is right and if you back you reach a login > > page > > (without resend data). So there must be a method to autenticate users > > without this "fail". > > And of course the most secure method is to close the browser, but not all > > users are secure users : ( > > In this sense the logout could call a javascript to close the page, but > > this > > is not infallible. > > > > I'll go on investigating > > > > Thanks > > > > > > > > > > > > ----- Original Message ----- > > From: "Ernie Miller" <ern...@ne...> > > To: <la...@te...>; <neo...@li...> > > Sent: Monday, November 29, 2004 5:29 PM > > Subject: Re: [Neomail-users] Neomail security > > > > > >> This only happens on the very first page viewed after login -- this is > >> because your browser resends the login and password. If you click to > >> view > > a > >> message and then log out, or perform any other action, then when you > > logout > >> your session is deleted. As with all web based authentication > >> mechanisms, > >> it's always best to close the browser to be safe after a logout. There > > will > >> always be a page in the browser history that was generated by sending > >> your > >> login and pass and if a user is able to go back to it they will get in. > >> > >> To confirm this is the case note that the "bug" you mention results in > >> you > >> being assigned a new session id, which is viewable in the URL of the > >> pages > >> returned. > >> > >> ----- Original Message ----- > >> From: <la...@te...> > >> To: <neo...@li...> > >> Sent: Monday, November 29, 2004 11:18 AM > >> Subject: [Neomail-users] Neomail security > >> > >> > >> In neomail th logout is not a real logout. > >> Try to login in neomail, and then make logout. You are sent to the login > >> screen, but if you puch back button on explorer you'll get the message of > >> page expired, then you update the page and you are inside neomail again, > > but > >> you have not write yout login pass again!!!. > >> So, if anybody logout from neomail and leave the computer on (with the > >> explorer open), another person could enter in his neomail account using > > the > >> pages stored in history of browser. > >> > >> I think neomail would have to accept the login from a refreshed expired > >> page. The only way I've found is add a "time mark" in the login form and > >> compare this time mark with a time mark calculated in the moment of > >> login, > >> if the difference is a few seconds the login is processed, but if the > >> difference is too high the login is not processed. But there is a > >> problem, > >> if the user delays too time writing his login data the login is rejected > >> too. > >> > >> Regards > >> > >> > > > > > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://productguide.itmanagersjournal.com/ > > _______________________________________________ > > NeoMail-users mailing list > > Neo...@li... > > https://lists.sourceforge.net/lists/listinfo/neomail-users > > > > |
From: Ernie M. <ern...@ne...> - 2004-11-29 17:28:49
|
Give an example of another program that is capable of overriding this browser-side behavior. The only scenario I could imagine is where there is an auto-redirect after login. Even then, however, this is security through obscurity as if the user is fast enough they could refresh the page after clicking back to the auto-redirect page. ----- Original Message ----- From: <la...@te...> To: <neo...@li...> Sent: Monday, November 29, 2004 12:10 PM Subject: Re: [Neomail-users] Neomail security > If yout read a message the resend of login data ocurs after push the back > button twice or more. As you say the page of login is always in browser > history. > And this is not a bug, others program has the same behavior, but in other > protected pages the behavior is right and if you back you reach a login > page > (without resend data). So there must be a method to autenticate users > without this "fail". > And of course the most secure method is to close the browser, but not all > users are secure users : ( > In this sense the logout could call a javascript to close the page, but > this > is not infallible. > > I'll go on investigating > > Thanks > > > > > > ----- Original Message ----- > From: "Ernie Miller" <ern...@ne...> > To: <la...@te...>; <neo...@li...> > Sent: Monday, November 29, 2004 5:29 PM > Subject: Re: [Neomail-users] Neomail security > > >> This only happens on the very first page viewed after login -- this is >> because your browser resends the login and password. If you click to >> view > a >> message and then log out, or perform any other action, then when you > logout >> your session is deleted. As with all web based authentication >> mechanisms, >> it's always best to close the browser to be safe after a logout. There > will >> always be a page in the browser history that was generated by sending >> your >> login and pass and if a user is able to go back to it they will get in. >> >> To confirm this is the case note that the "bug" you mention results in >> you >> being assigned a new session id, which is viewable in the URL of the >> pages >> returned. >> >> ----- Original Message ----- >> From: <la...@te...> >> To: <neo...@li...> >> Sent: Monday, November 29, 2004 11:18 AM >> Subject: [Neomail-users] Neomail security >> >> >> In neomail th logout is not a real logout. >> Try to login in neomail, and then make logout. You are sent to the login >> screen, but if you puch back button on explorer you'll get the message of >> page expired, then you update the page and you are inside neomail again, > but >> you have not write yout login pass again!!!. >> So, if anybody logout from neomail and leave the computer on (with the >> explorer open), another person could enter in his neomail account using > the >> pages stored in history of browser. >> >> I think neomail would have to accept the login from a refreshed expired >> page. The only way I've found is add a "time mark" in the login form and >> compare this time mark with a time mark calculated in the moment of >> login, >> if the difference is a few seconds the login is processed, but if the >> difference is too high the login is not processed. But there is a >> problem, >> if the user delays too time writing his login data the login is rejected >> too. >> >> Regards >> >> > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > NeoMail-users mailing list > Neo...@li... > https://lists.sourceforge.net/lists/listinfo/neomail-users > |
From: <la...@te...> - 2004-11-29 17:11:26
|
If yout read a message the resend of login data ocurs after push the back button twice or more. As you say the page of login is always in browser history. And this is not a bug, others program has the same behavior, but in other protected pages the behavior is right and if you back you reach a login page (without resend data). So there must be a method to autenticate users without this "fail". And of course the most secure method is to close the browser, but not all users are secure users : ( In this sense the logout could call a javascript to close the page, but this is not infallible. I'll go on investigating Thanks ----- Original Message ----- From: "Ernie Miller" <ern...@ne...> To: <la...@te...>; <neo...@li...> Sent: Monday, November 29, 2004 5:29 PM Subject: Re: [Neomail-users] Neomail security > This only happens on the very first page viewed after login -- this is > because your browser resends the login and password. If you click to view a > message and then log out, or perform any other action, then when you logout > your session is deleted. As with all web based authentication mechanisms, > it's always best to close the browser to be safe after a logout. There will > always be a page in the browser history that was generated by sending your > login and pass and if a user is able to go back to it they will get in. > > To confirm this is the case note that the "bug" you mention results in you > being assigned a new session id, which is viewable in the URL of the pages > returned. > > ----- Original Message ----- > From: <la...@te...> > To: <neo...@li...> > Sent: Monday, November 29, 2004 11:18 AM > Subject: [Neomail-users] Neomail security > > > In neomail th logout is not a real logout. > Try to login in neomail, and then make logout. You are sent to the login > screen, but if you puch back button on explorer you'll get the message of > page expired, then you update the page and you are inside neomail again, but > you have not write yout login pass again!!!. > So, if anybody logout from neomail and leave the computer on (with the > explorer open), another person could enter in his neomail account using the > pages stored in history of browser. > > I think neomail would have to accept the login from a refreshed expired > page. The only way I've found is add a "time mark" in the login form and > compare this time mark with a time mark calculated in the moment of login, > if the difference is a few seconds the login is processed, but if the > difference is too high the login is not processed. But there is a problem, > if the user delays too time writing his login data the login is rejected > too. > > Regards > > |
From: Ernie M. <ern...@ne...> - 2004-11-29 16:30:38
|
This only happens on the very first page viewed after login -- this is because your browser resends the login and password. If you click to view a message and then log out, or perform any other action, then when you logout your session is deleted. As with all web based authentication mechanisms, it's always best to close the browser to be safe after a logout. There will always be a page in the browser history that was generated by sending your login and pass and if a user is able to go back to it they will get in. To confirm this is the case note that the "bug" you mention results in you being assigned a new session id, which is viewable in the URL of the pages returned. ----- Original Message ----- From: <la...@te...> To: <neo...@li...> Sent: Monday, November 29, 2004 11:18 AM Subject: [Neomail-users] Neomail security In neomail th logout is not a real logout. Try to login in neomail, and then make logout. You are sent to the login screen, but if you puch back button on explorer you'll get the message of page expired, then you update the page and you are inside neomail again, but you have not write yout login pass again!!!. So, if anybody logout from neomail and leave the computer on (with the explorer open), another person could enter in his neomail account using the pages stored in history of browser. I think neomail would have to accept the login from a refreshed expired page. The only way I've found is add a "time mark" in the login form and compare this time mark with a time mark calculated in the moment of login, if the difference is a few seconds the login is processed, but if the difference is too high the login is not processed. But there is a problem, if the user delays too time writing his login data the login is rejected too. Regards |
From: <la...@te...> - 2004-11-29 16:19:06
|
In neomail th logout is not a real logout. Try to login in neomail, and then make logout. You are sent to the login = screen, but if you puch back button on explorer you'll get the message = of page expired, then you update the page and you are inside neomail = again, but you have not write yout login pass again!!!. So, if anybody logout from neomail and leave the computer on (with the = explorer open), another person could enter in his neomail account using = the pages stored in history of browser.=20 I think neomail would have to accept the login from a refreshed expired = page. The only way I've found is add a "time mark" in the login form and = compare this time mark with a time mark calculated in the moment of = login, if the difference is a few seconds the login is processed, but if = the difference is too high the login is not processed. But there is a = problem, if the user delays too time writing his login data the login is = rejected too. Regards |
From: Phil H. <ph...@ka...> - 2004-11-19 22:59:00
|
Hello, I have a strange issue that I'm wondering if any of you could shed some = light on. First of all we're using version 1.26 in case you are = wondering. The issue occurs whenever I try to delete 20 messages at a time by = checking the box to select all emails and then clicking on the Move = button while the neomail-trash is selected. I then receive the old = browser error page: "The page cannot be displayed. The page you are = looking for is currently unavailable. The Web site might be experiencing = technical difficulties, or you may need to adjust your browser = settings."=20 But if I select 19 messages instead and follow the same steps there is = no problem at all? I realize that it's not that big of a deal but it is = a pain in the neck. Anybody have any ideas? Thanks for your time, Phil ph...@ka... |
From: Nitesh B. <nit...@re...> - 2004-11-19 10:02:58
|
=A0=0AHi,=0A=0AI am facing problem after installation of Neomail. I am not= able to see Inbox and when ever i click any other link like send etc. blan= d page dispalys having backgroung Image of Envelop. Another problem i am fa= cing is that only one user is able to loogged into Neomail and see the Inbo= x page. If some one is having answer about this then please reply me as soo= n as possible. Its very urgent.=0A=0AThanks with Best Regards=0A=0ANitesh B= ansal |
From: Deeptish D. <dee...@lo...> - 2004-11-03 12:37:42
|
Install suid-perl package, will be available in your distribution disk On Wed, 3 Nov 2004, support wrote: > Hi, > > Neomail installed. > When I try to run the script thru the domain I get this in the httpd error > log: Can't do setuid > Someone please help me. > > Richard > 800-860-0044 > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Sybase ASE Linux Express Edition - download now for FREE > LinuxWorld Reader's Choice Award Winner for best database on Linux. > http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click > _______________________________________________ > NeoMail-users mailing list > Neo...@li... > https://lists.sourceforge.net/lists/listinfo/neomail-users > |
From: support <su...@co...> - 2004-11-03 11:08:30
|
Hi, Neomail installed. When I try to run the script thru the domain I get this in the httpd error log: Can't do setuid Someone please help me. Richard 800-860-0044 |
From: support <su...@co...> - 2004-11-01 02:52:34
|
Hi, Neomail installed. When I try to run the script thru the domain I get this in the httpd error log: Can't do setuid Someone please help me. Richard 800-860-0044 |
From: Kurt F. <kb...@ho...> - 2004-10-16 03:47:59
|
I am looking for someone to setup my neomail server, I am willing to pay someone to do it. I am running Postfix and Whitebox Linux, (RHEL) Anyone interested contact me at kur...@wa... -Thanks _________________________________________________________________ Check out Election 2004 for up-to-date election news, plus voter tools and more! http://special.msn.com/msn/election2004.armx |
From: Operations <cs...@pr...> - 2004-10-08 19:03:01
|
Hello All, I am having a problem with Neomail 1.27, using mandrake 9.2, Apache 2, = and Postfix 2 adn Perl 5.8.0. it is working in all respects except with = logging out and making additions to the address book and adding folders. = When you log out you get a page can't be displayed error. the same when = you try to make an addition to the address book or add or remove = folders.=20 The fuctions are working, as in when you add an address, you get the = display error, but when you log back in, the entry is there,. same with = the folders. Any ideas would be greatly appreciated. Thanks Bill |
From: simonegremmo <sim...@li...> - 2004-09-14 09:19:27
|
I've a webspace with neomail 1.25. I can't move message from sent to inbo= x folder... My provider apparently don't want upgrade to 1.26 so after= reading this mailing list I think to have only two easy way and I need t= wo answers: 1 - If my provider decide to upgrade from 1.25 to 1.26 or = 1.27 the message in sent folder of 1.25 are loosed or can be retrieved in= new version and so moved to inbox folder to be popped? 2 - Another pr= ovider can give me a webspace with neomail 1.26. Is there one file (or mo= re files) to ask at first provider to give to second provider to put on m= y new webspace. With this file and 1.26 I can finally download sented mes= sage? If exist a third way more easy I appreciate your message. Tha= nk Simone |
From: Phil E. - 43 P. <phi...@43...> - 2004-09-13 10:26:32
|
Hi All, I have just installed Neomail on Redhat Fedora 1 and get the following error when logging in... Couldn't get write lock on /var/spool/mail/[mailbox]! I have checked all the permissions/ownership as per the INSTALL readme and now need some help in getting this working. TIA - Phil. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.742 / Virus Database: 495 - Release Date: 19/08/2004 |
From: Pedro C. <ped...@ac...> - 2004-09-02 12:53:48
|
Hi all, Some users are pressuring to be able to save messages stored in neomail folders locally, so I decided to change the code to allow it. I was able = to get the INBOX listed in the dropdown, but now I get a message saying "Destination folder INBOX.folder doesn't exist!" When trying to move messages there. All I did was=20 change in sub movemessage=20 from (($folder eq $destination) || ($destination eq 'INBOX')); =20 to ($folder eq $destination); And changed twice=20 from=20 unless ( ($checkfolder eq 'INBOX') || ($checkfolder eq $folder) ) To=20 unless ($checkfolder eq $folder)=20 I read in another post http://sourceforge.net/mailarchive/forum.php?forum_id=3D7155&max_rows=3D2= 5&style =3Dflat&viewmonth=3D200203 " Then there was a section in the "movemessage" routine that was moving = the mail to a folder called /var/neomail/users/INBOX instead of /var/mail/username So I added a couple lines: =20 if ( $destination eq "INBOX" ) { $filedir =3D "/var/mail"; $destination =3D $user " But this part I was unable to figure out, as these variables seem = strange to me and I couldn't find them in the code. I appreciate your comments Pedro |
From: Krzysztof K. Jr. <py...@ka...> - 2004-08-18 22:54:09
|
On 18/08/2004 at 17:12, Lane wrote: >> Nope, did not help. I also tried reinstalling MD5 module and apache, it >> did not help. Do you have any other suggestions? (it worked just fine with >> perl5.6.1, I also found in README, that Neomail has not been tested with >> perl5.8 yet) > I had the same problem with Neomail after I upgraded Perl. After I futzed > around with suexec and rebuilding perl and fretting and worrying and gnashing > my teeth, I converted over to OpenMail and ... now I wonder why it took me so > long. So you are saying that OWB works fine with perl 5.8? > NeoMail is a really fine tool, but OpenMail beats it in every regard! The best > thing is that the storage formats are apparenly identical. None of my users > lost anything after the conversion. Neomail IMHO is the best, also OWB is good, but remember, that OWB is based on Neomail :-) I would even dare to say, that OWB is just an extension of Neomail. -- Best regards, Krzysztof Kowalewski. |
From: Lane <lho...@jo...> - 2004-08-18 22:12:11
|
On Wed August 18 2004 04:18 pm, Krzysztof Kowalewski, Jr. wrote: > On 18/08/2004 at 16:30, Ernie Miller wrote: > > Apache's suexec can also get in the way -- might try disabling that. > > It is disabled. > > >> Maybe this -64int is causing some problems? I remember some warning > >> being displayed about this option. I will try to rebuild perl without > >> this option and I will write here to let you know if it solved this > >> problem. > > Nope, did not help. I also tried reinstalling MD5 module and apache, it > did not help. Do you have any other suggestions? (it worked just fine with > perl5.6.1, I also found in README, that Neomail has not been tested with > perl5.8 yet) I had the same problem with Neomail after I upgraded Perl. After I futzed around with suexec and rebuilding perl and fretting and worrying and gnashing my teeth, I converted over to OpenMail and ... now I wonder why it took me so long. NeoMail is a really fine tool, but OpenMail beats it in every regard! The best thing is that the storage formats are apparenly identical. None of my users lost anything after the conversion. lane |