[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD

Subject: Re: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
From: Rus Berrett <rberrett@xxxxxxxxx>
Date: Wed, 22 Jul 2009 20:59:33 -0700

On Wed, Jul 22, 2009 at 07:26:07PM -0400, Stormer's Cgi-Archive wrote:
>
> Subject: Re: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
>
> Rus,
> 
> I can reproduce it on any vps/mps I have.   They need to have dovecot
> in order to pass pci scans. All I have to do is login as the domain
> administrator.  Click on the mail tab in upper left.  Then click on
> Folder List.  You have now just created a bunch of .imap folders in
> the /www/domain.com folders of that domain administrator's account.  I
> did duplicate this with a viaverio tech.

James,

I can't reproduce this on my dev boxes (Dovecot 1.1.11, CPX 2.0).  
You'll have to send me your account info... or just send me your 
cell phone and I'll call you tomorrow.

cheers.

--rus.


> 
> Because the domain administrator must have "webmail" access in order
> to give end users access to webmail, the likelihood of duplicating
> this problem is high.
> 
> In cpx, if it could be prevented from accessing /www directory when
> you click on Folder List, it would solve the problem of these .imap
> folders from being created.  OR, simply make it so the domain
> administrator does not have webmail access via cpx.
> 
> James
> 
> 
> 
> On Wed, Jul 22, 2009 at 11:45 AM, Rus Berrett<rberrett@xxxxxxxxx> wrote:
> > On Tue, Jul 21, 2009 at 08:58:23PM -0400, Stormer's Cgi-Archive wrote:
> >>
> >> Subject: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
> >>
> >> This is just a heads up...
> >>
> >> Had a client today who has squirrelcart installed on a freebsd v3 mps.
> >>
> >> They had logged into cpx as the domain administrator.   They clicked
> >> on the Mail tab at the top.  Then they clicked on the Folder List.
> >>
> >> viola... this parsed every file in the /www/domain.com folder and
> >> created .imap folders in every directory and ... it created thousands
> >> of individual directories all named the same as the files in the
> >> respective directories... grief.  Trust me, if this were a vps3
> >> viaverio would have sent me a cpu hog notice!  Because it was an mps
> >> it handled it fairly good.
> >>
> >> Because the squirrellcart parses certain directories for images and
> >> such and the .imap folders did not have permissions that were
> >> readable, it instantly took their cart off line with multiple visible
> >> php errors.
> >>
> >> After I removed all the .imap folders it fixed the cart.
> >>
> >> Is this a cart problem?   No.  This is a cpx problem.  It should not
> >> allow mail folders in the /www directory "at all".
> >>
> >> I explained to my client what happened and how they can prevent this
> >> in the future.  But really...  cpx needs to be idiot proofed.  If a
> >> client can click on it.. "they will".
> >>
> >> Heads up!
> >>
> >> James
> >
> > James,
> >
> > I'm fairly certain that Dovecot creates those ".imap" directories.  I
> > would start your investigation (with the assistance of support if
> > necessary) looking at which folders your user is subscribed to via
> > Dovecot/maildir.  It may be that the user has inadvertently subscribed
> > to a folder that is not in his or her "Mail" directory.  (Note: It is
> > impossible to subscribe to a folder outside of the Mail directory using
> > CPX.  But obviously, CPX is not the only IMAP mail client out there.)
> >
> > HTH.
> >
> > cheers.
> >
> > --rus.
> >
> >
> >
> >>
> >> --
> >>
> >> Stormer's Cgi-Archive
> >> http://www.stormer.org
> >> ======================================================================
> >> This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
> >> Before posting a question, please search the archives (see above URL).
> >
> > --
> > ========================================================================
> > Rus Berrett                                                    NTT/Verio
> >                 See Perl. See Perl Run. Run Perl, Run!
> >
> > ======================================================================
> > This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
> > Before posting a question, please search the archives (see above URL).
> >
> 
> 
> 
> -- 
> 
> Stormer's Cgi-Archive
> http://www.stormer.org
> 
> ======================================================================
> This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
> Before posting a question, please search the archives (see above URL).

-- 
========================================================================
Rus Berrett                                                    NTT/Verio
                 See Perl. See Perl Run. Run Perl, Run!

======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- RE: [cpx] cpx - creates .imap folders in the /www/domain.comdirectory. = BAD
  - From: Steve Yates

References:
- [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
  - From: Stormer's Cgi-Archive
- Re: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
  - From: Rus Berrett
- Re: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
  - From: Stormer's Cgi-Archive

Prev by Date: Re: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
Next by Date: RE: [cpx] cpx - creates .imap folders in the /www/domain.comdirectory. = BAD
Previous by thread: Re: [cpx] cpx - creates .imap folders in the /www/domain.com directory. = BAD
Next by thread: RE: [cpx] cpx - creates .imap folders in the /www/domain.comdirectory. = BAD
Index(es):
- Date
- Thread

Home | Main Index | Thread Index