Re: [SM-USERS] Squirrellmail user account compromised
Le 09/01/2016 06:39, amutoti a écrit : > I am using SquirrelMail version 1.4.8-21.el5.centos for webmail and one of my > users when trying to send email via webmail it does not send using his real > account but instead the is what his recipients will receive in their inbox; > > > Email address: Mrs.Lola Sanchez > > > Message body: > > > Dear Respected > > > I am Mrs.Lola Sanchez,manager bills and exchange at the foreign remittance > department of La_caixa bank Madrid.I have a business suggestion for you.It > involve the transfer of($ 15.2 million US Dollar).if interested please reach > me on(mrslolasan...@qq.com) with more details of this operation. > Kind Regards, > > > Mrs Lola Sanchez. > > > However this does not happen when he is using Microsoft Outlook > > > > > -- > View this message in context: > http://squirrelmail.5843.n7.nabble.com/Squirrellmail-user-account-compromised-tp26228.html > Sent from the squirrelmail-users mailing list archive at Nabble.com. > > -- > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > - > squirrelmail-users mailing list > Posting guidelines: http://squirrelmail.org/postingguidelines > List address: squirrelmail-users@lists.sourceforge.net > List archives: http://news.gmane.org/gmane.mail.squirrelmail.user > List info (subscribe/unsubscribe/change options): > https://lists.sourceforge.net/lists/listinfo/squirrelmail-users > Hi, You need to find where the malware is operating. Here are a few stuff to verify (without any order): - Is the end user's computer clean? - Try to send out a message from another account, and from another client computer; - (In case of Windows client) Reset the user's Windows profile; - Don't you have a malicious SM plugin installed? - Was your SM installation altered by a malware? Check files timestamps and/or md5 sums. - Install a new SM instance and ask the user to use it. - (In case of Unix authentication) Is the user's Unix account healthy? Regards, Julien -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6
On 1/3/16, Dmitry Katsubo wrote:
> On 26/12/2015 22:52, Paul Lesniewski wrote:
>> On 12/14/15, Julien Métairie wrote:
>>> Hi list,
>>>
>>> I am trying to upgrade my server running Squirrelmail from Debian Wheezy
>>> to Jessie.
>>>
>>> IMAP server is Courier-ssl using a self-signed certificate.
>>>
>>> Also note that Squirrelmail connects to 192.168.xx.xx, while the
>>> certificate is (auto-)issued to mail.mydomain.com.
>>>
>>> After upgrading, configtest.php complains that it couldn't connect to
>>> IMAP server because of a "Server error: (0)".
>>>
>>> The following is logged on the web server running Squirrelmail:
>>>
>>> PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
>>> Error message:\nerror:14090086:SSL
>>> routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
>>> /usr/share/squirrelmail/src/configtest.php on line 431.
>>>
>>> And on the IMAP mail server:
>>>
>>> couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
>>> alert unknown ca
>>>
>>> As far as I understand, PHP 5.6 enforces certificate checking. SM allows
>>> tweaking this checks with $imap_stream_options, but I can't manage to
>>> use it. For testing purpose, I added the following to
>>> /etc/squirrelmail/config_local.php :
>>>
>>> $imap_stream_options = array(
>>>
>>> 'ssl' => array(
>>>
>>> 'verify_peer' => false,
>>>
>>> ),
>>>
>>> );
>>>
>>> But there is no change with or without this option. I also tried to turn
>>> 'allow_self_signed' on, without success.
>>
>> You might insert something like this:
>>
>> sm_print_r('STREAM OPTIONS:', $stream_options);
>>
>> Around line 763 of functions/imap_general.php
>>
>> Make sure your settings are being used.
>>
>> Otherwise, it sounds a little to me like your PHP installation isn't
>> functioning properly. Check here for the available options:
>>
>> http://php.net/manual/en/context.ssl.php
>>
>>> Squirrelmail 1.4.23, PHP version 5.6.14-0+deb8u1, Courier 4.15-1.6, all
>>> software are installed from Debian repository.
>>>
>>> I went through this thread [1] but didn't understood any final solution.
>>>
>>> What did I miss ?
>>>
>>> Regards,
>>>
>>> Julien
>>>
>>> [1]
>>> http://squirrelmail.5843.n7.nabble.com/svn-14501-TLS-handshaking-SSL-accept-failed-error-alert-unknown-ca-SSL-alert-number-48-td26087.html
>
> I had the same problem and I have created a patch (090_ssl.dpatch) for
> squirrelmail v1.5.1. If you don't use self-signed certificate on Cyrus,
> then you don't need allow_self_signed=true.
>
> I also attach few other patches (which perhaps are already this way or
> another present in upstream):
Dmitry, thanks for submitting your patches, but version 1.5.1 is very
outdated and all these issues are fixed in 1.5.2, which I strongly
recommend if you want to run the development stream.
> 080_global.php_session.dpatch: Fixes PHP warning about session usage.
> 081_mail_fetch.functions.php_hex2bin.dpatch: hex2bin() function is
> present in PHP
> 090_ssl.dpatch: Fixes SSL and adds support for self-signed certificates.
> 091_abook_preg.dpatch: Fixes PHP warning concerning eregi()
> 099_warnings.dpatch: Fixes other PHP warnings (I am not sure I've done
> it right)
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6
On 1/8/16, Julien Métairie wrote:
> Message original
> Sujet : Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server
> after upgrading to PHP 5.6
> De : Dmitry Katsubo
> Pour : Squirrelmail User Support Mailing List
>
> Copie à : Julien Métairie
> Date : 03/01/2016 22:05
>
>> On 26/12/2015 22:52, Paul Lesniewski wrote:
>>> On 12/14/15, Julien Métairie wrote:
[...]
The following is logged on the web server running Squirrelmail:
PHP Warning: fsockopen(): SSL operation failed with code 1. OpenSSL
Error message:\nerror:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed in
/usr/share/squirrelmail/src/configtest.php on line 431.
And on the IMAP mail server:
couriertls: accept: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1
alert unknown ca
As far as I understand, PHP 5.6 enforces certificate checking. SM allows
tweaking this checks with $imap_stream_options, but I can't manage to
use it. For testing purpose, I added the following to
/etc/squirrelmail/config_local.php :
$imap_stream_options = array(
'ssl' => array(
'verify_peer' => false,
),
);
But there is no change with or without this option. I also tried to turn
'allow_self_signed' on, without success.
>>>
>>> You might insert something like this:
>>>
>>> sm_print_r('STREAM OPTIONS:', $stream_options);
>>>
>>> Around line 763 of functions/imap_general.php
>>>
>>> Make sure your settings are being used.
>>>
>>> Otherwise, it sounds a little to me like your PHP installation isn't
>>> functioning properly. Check here for the available options:
>>>
>>> http://php.net/manual/en/context.ssl.php
>>>
>
> Line 763 is in the middle of function sqimap_get_delimiter() (probably
> because we are running different versions of SM), I see no point
> checking stream options here.
If you are using some version provided by Debian, please direct your
inquiry to them.
> I tracked stream options in sqimap_login(), just before fsockopen(), but
> $stream_options and $imap_stream_options were *not* defined.
>
> Moreover, it appears that no context is passed to fsockopen() :
>
> $imap_stream = @fsockopen($imap_server_address, $imap_port,
> $error_number, $error_string, 15);
>
>
>
> As far as I understand, stream_socket_client() should be used instead of
> fsockopen() and a context should be passed as 6th argument.
Yes, and if you do not find stream_socket_client() inside a function
called sqimap_create_stream() that is used as an alternative to
fsockopen(), then you are certainly using outdated code that we here
do not support.
> That's why I tried the following :
>
> $imap_stream_options = array(
> 'tls' => array(
> 'verify_peer' => false,
> ),
> 'ssl' => array(
> 'verify_peer' => false,
> ),
> );
> $context = stream_context_create($imap_stream_options);
> $imap_stream = @stream_socket_client($imap_server_address . ":" .
> $imap_port, $error_number, $error_string, 15, STREAM_CLIENT_CONNECT,
> $context) or die ("$php_errormsg");
>
>
>
> Here is the result :
>
> stream_socket_client(): unable to connect to tls://192.168.218.12:993
> (Unknown error)
Your code looks reasonable. If it didn't work, check all inputs to
each function and if it looks proper, it would seem you have some
issue with your PHP installation or the server you are connecting to.
--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options):
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6
On 08/01/2016 18:32, Julien Métairie wrote: > As far as I understand, stream_socket_client() should be used instead of > fsockopen() and a context should be passed as 6th argument. That's why I > tried the following : > > $imap_stream_options = array( > 'tls' => array( > 'verify_peer' => false, > ), > 'ssl' => array( > 'verify_peer' => false, > ), > ); > $context = stream_context_create($imap_stream_options); > $imap_stream = @stream_socket_client($imap_server_address ...); I haven't checked the complete sources (and I am neither king on PHP), but as far as I see from my patch, the options should be set on the stream. You basically need to apply the function which I define in my patch on the stream (hence you don't need $imap_stream_options): $imap_stream = @stream_socket_client($imap_server_address ...); sqenable_ssl($imap_stream); > Thank you for this work. Unfortunately, these patchs are designed for SM > 1.5, whereas I run Squirrelmail 1.4 (which seems to be very different). > I didn't manage to make any suitable patch for SM 1.4. > That said, you may want to push them to SourceForge repos. :) That was one of the reasons why I stopped using SquirrelMail: v1.5.x was in Debian experimental repo, but not developing. Maybe SSL was backported to 1.4.x since then, but at that moment it was the only version that supported SSL for IMAP. -- With best regards, Dmitry -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Re: [SM-USERS] Squirrelmail does not connect to SSL IMAP server after upgrading to PHP 5.6
On 1/9/16, Dmitry Katsubo wrote: > On 08/01/2016 18:32, Julien Métairie wrote: >> As far as I understand, stream_socket_client() should be used instead of >> fsockopen() and a context should be passed as 6th argument. That's why I >> tried the following : >> >> $imap_stream_options = array( >> 'tls' => array( >> 'verify_peer' => false, >> ), >> 'ssl' => array( >> 'verify_peer' => false, >> ), >> ); >> $context = stream_context_create($imap_stream_options); >> $imap_stream = @stream_socket_client($imap_server_address ...); > > I haven't checked the complete sources (and I am neither king on PHP), > but as far as I see from my patch, the options should be set on the > stream. You basically need to apply the function which I define in my > patch on the stream (hence you don't need $imap_stream_options): No patch is needed unless one is running outdated code. > $imap_stream = @stream_socket_client($imap_server_address ...); > sqenable_ssl($imap_stream); > >> Thank you for this work. Unfortunately, these patchs are designed for SM >> 1.5, whereas I run Squirrelmail 1.4 (which seems to be very different). >> I didn't manage to make any suitable patch for SM 1.4. >> That said, you may want to push them to SourceForge repos. :) > > That was one of the reasons why I stopped using SquirrelMail: v1.5.x was > in Debian experimental repo, but not developing. Maybe SSL was > backported to 1.4.x since then, but at that moment it was the only > version that supported SSL for IMAP. Yes, 1.4.x has SSL support, but your use of 1.5.1 is highly discouraged. Please upgrade to 1.5.2 if you want to use 1.5.x. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php -- Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 - squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@lists.sourceforge.net List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
