Scalix Forums

Skip to content

deleted user still successfully polling for mail (!)

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

Post Reply
russh
Posts: 79
Joined: Fri Jun 16, 2006 11:14 am
Contact:
Contact russh

deleted user still successfully polling for mail (!)

Postby russh » Thu Jan 03, 2008 7:25 am

I have a small scalix installation, and a premium user (USER1) (but just using pop3 access) that is now deleted. I aliased their old email address to one of their colleagues, (USER2) but the USER1 PC is still successfully polling for email - and therefore it's not redirecting USER1 mail through to USER2.

Ohh, it's not the most recent install - the packages are showing as scalix-server-11.0.4.10790-1.sles10

I deleted the user and added the alias via the web-based admin console rather than the command line.

Is/was this a known issue with that release? Any advice much appreciated.

Russ.

<update> I've had the USER2 pc amended to stop polling for now - but still very worrying behaviour nonetheless.
Top
kanderson

Postby kanderson » Mon Jan 07, 2008 4:23 pm

There have been issues with people not correctly using their Auth ID to connect to the server for a while, and a really simple solution for that was to simply allow people to connect using the email address as well as the auth ID. I suspect that what has happened is that user1 and user2 both have the same (default) password. When User1 was deleted, it worked fine, but when the alias was added for user2, then user1 was again able to authenticate because they authenticated using the email address and the password. This would actually be REALLY bad, because it would have the PC for user1 taking the email from user2.

It sounds like you've fixed it now, but I'd recommend the best solution would be to have User2 change his password. Maybe make sure that everyone, company wide changes their passwords so that this doesn't happen again.

Kev.
Top
russh
Posts: 79
Joined: Fri Jun 16, 2006 11:14 am
Contact:
Contact russh

Postby russh » Mon Jan 07, 2008 5:39 pm

Thanks - that was exactly the situation. They did have the same password. I'll ensure everyone has unique passwords going forward..

Still a worrying situation to have occurred though!

Russ.
Top
kanderson

Postby kanderson » Mon Jan 07, 2008 5:46 pm

It's not really a problem if the users have different passwords.

If you want to create all the user accounts with the same password, that's fine, but use a default password that's hideous, so that people WILL change it.

I'd recommend something like:

B1![[kNwH23bD37PL8b44hQaW8H23jk5k*

Stay away from zeros and ohs as well as ones and ells, as they are easily confused and will result in too many help desk calls.

Believe me. People WILL change it. Include instructions on changing it with their initial network documentation.
Top
Post Reply

Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 2 guests

Powered by phpBB® Forum Software © phpBB Limited
 

 

cron