Mailbox vulnerable?
Jeff Vian
jvian10 at charter.net
Mon Jun 28 17:05:19 UTC 2004
On Mon, 2004-06-28 at 11:21, Hongwei Li wrote:
> I installed the new pine 4.60. When I try a test account's pine, the
> warning message is gone. Thanks!
>
> However, the system mail log (not message log) shows warning:
>
> Jun 28 11:13:03 morpheus ipop3d[1183]: pop3 service init from 128.252.85.189
> Jun 28 11:13:03 morpheus ipop3d[1183]: Mailbox vulnerable - directory
> /var/spool/mail must have 1777 protection
>
> after each pop3 user logs in (Outlook Express, etc.), but it seems no
> warning message after squirrelmail user logs in.
>
> Anything else is wrong? or should be changed. I have never touched the
> pop3 service, but just set iptables and open the port for it.
>
> Thanks!
>
> Hongwei
>
My FC2 box has default permissions and does not log these messages
drwxrwxr-x 2 root mail 4096 Jun 28 11:46 /var/spool/mail
The contents of /var/spool/mail are (for each user)
-rw-rw---- 1 user mail 7074 Jun 28 11:58 user
> > Leave the permissions as they are! Use the pine 4.60 RPM by Dag Wieers
> > which is made for FC1 and FC2 and contains some patches to cover locking
> > issues.
> >
> > http://dag.wieers.com/packages/pine/
> >
> > Alexander
> >
> >
>
More information about the fedora-list
mailing list