[Dovecot] Authentication and the wrong mailbox?

Rich West Rich.West at wesmo.com
Sat Apr 9 18:21:42 EEST 2005

I just migrated from UW-imap to dovecot last night.  After some tweaking 
of the dovecot.conf file, disabling xinetd's entries, firing up the 
dovecot daemon, and copying the .mailboxlist to .subscriptions for all 
users, things looked to be going just fine!

I received a call this morning from a user stating that they had all of 
*my* emails in *their* inbox!  They don't know when it happened as their 
machine POP's email off every 5-10 minutes or so, but we were able to 
isolate it to a 8hr period last night.

Further investigation showed that at some time through the evening, 
dovecot freaked out during the authentication phase and for some bizzare 
reason, when the user connected via POP3, they were able to download all 
of my inbox!

Additionally, by the time I was looking in to it, NO users could 
authenticate via dovecot, and, hence, no one had access to email.

Restarting dovecot resolved the issue, but I have my doubts about it 
being truly resolved.

I'm going to run some tests (what little I can think of), but this is 
the first time I have ever experienced a situation such as this.  One 
thing for UW is that this situation never happened, and I've only had 
dovecot running for about 13hrs.

Any ideas as to how or why this may have happened, and how it can be 
prevented, would be wonderful.


Richard West               $14.95 Registrations    mailto:rwest at wesmo.com
Wesmo Computer Services    .com .net .org .tv .cc  http://www.wesmo.com
Full Domain & Web Hosting  .BIZ .INFO & MORE!!      

More information about the dovecot mailing list