![]() I (think I) did everything I found there, but it still does not work. I know this is not the squirrelmail site, but I cannot find a forum there. Timezone - Webmail users can change their time zone settings.Ĭongratulations, your SquirrelMail setup looks fine to me! Recode - Recode functions are unavailable. Mbstring - Mbstring functions are available. On some systems you must have appropriate system locales compiled. Gettext - Gettext functions are available. SMTP server OK (220 HELO FROM *** REMOVED ***)Ĭapabilities: * CAPABILITY IMAP4 IMAP4rev1 CHILDREN IDLE QUOTA SORTĬhecking internationalization (i18n) settings. Dynamic loading is enabled.īase URL detected as: *** removed *** (location base autodetected) You need to go run in the config/ directory first before you run this script.Ĭonfig file last modified: 18 October 2008 09:08:31 This script will try to check some aspects of your SquirrelMail configuration and point you to errors whereever it can find them. OS, IIS and PHP versions, used PHP setup (ISAPI, CGI or other). Please provide more details about your setup. They have people on IRC and mailing lists. Please note that this is not SquirrelMail support forum. It is CGI or ISAPI and usually applies only to IIS. It is possible that Abyss has same $_SERVER issue as the one with IIS, but I can't be sure about it, because I haven't tested Abyss web server and have never seen phpinfo() output in Abyss+PHP setup.ĬGI and ISAPI are not used together. These changes can trigger some issues and I have information about two possible issues with IIS and with IE for Mac. 1.4.16 includes security fixes that change the way cookies are used. Maybe someone's solved this since the last post?Ĭould you check SquirrelMail configuration with configtest.php utility. I still get "You must be logged in to access this page." All that checks out, and I ran the configtest.php with no errors other than 6153. I made sure my session folder is writable by the web server by putting it in my htdocs directory, and I checked to make sure cookies weren't the issue by installing the cookie plugin for Squirrelmail. squirrelmail 1.4.16 (installed manually). ![]() The only differences in setup are that I have Abyss web server instead of IIS. So: if anyone has a comparable configuration and has written an installation instruction for this - would be great to post the link here.Īdamvan2000 wrote:I've got the same problem with logging in. I am also not the type to fight religious wars. Everything I found did not really work or was something like: "Don't install SquirrelMail on Windows, don't install PHP on IIS, because everything from Redmond is crap." (or something like this). That's why I need a Webmail program - and I know what I am talking yes I did. The "problem" is: Sometimes you need web access to your mail account, because there is no other way to get an important email (when you're at your customer's office, and there is no UMTS connection available, when you are on holidays and have to go to an Internet Café etc.). I know Thunderbird as well, means: I am not an expert in PHP and mySQL, but I am an IT guy, so I know some things. For exploitation, the attacker must upload a sendmail.cf file as an email attachment, and inject the sendmail.cf filename with the -C option within the "Options > Personal Informations > Email Address" setting.Thanks for the Every user (that uses my server) has a locally installed email application. Hence, if the target server uses sendmail and SquirrelMail is configured to use it as a command-line program, it's possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command. The problem is in -f$envelopefrom within the sendmail command line. The use of escapeshellcmd() is not correct in this case since it doesn't escape whitespaces, allowing the injection of arbitrary command parameters. The problem is in the Deliver_ with the initStream function that uses escapeshellcmd() to sanitize the sendmail command before executing it. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |