Funny but true

[knocx]

Strangely one of our clients has reported that they can not sent email to remote adresses, but can sent in between the internal users a, b, c and d

surprisingly the only account they have created on plesk was a , but they claim that a,b,c,d can sent email to each other so i have go ahead checked qmail

interestingly i see such entries

file : /var/qmail/users/poppasswd


info:$1$c5Jv1dxE$xj6XfoNuz1AIBG9TOldvX0opuser:/var/qmail/mailnames/domain.com/info
info:$1$iczMvN4l$tB4Tyq6PzA0gpbEnMZm/y1opuser:/var/qmail/mailnames/domain.com/info
info:$1$pXj1KgkK$yRPb18VUzyeSa1w5VqCcg.opuser:/var/qmail/mailnames/domain.com/info
info:$1$UInRVbzk$cTWmI2ORhjad3XkzaqW3v0opuser:/var/qmail/mailnames/domain.com/info
info:$1$J62yPgaE$JGp5BVpklyIwn02HddGs80opuser:/var/qmail/mailnames/domain.com/info


there were no accounts defined named info on plesk... how can such an antry be here, there are also other entries present for the users that were not listed in plesk , but in file : /var/qmail/users/poppasswd

and client says that they all can email to each other



how on earth these can be true? also why there are 5 entries for the info user?


can anyone check this and confirm such an inconsistency, or advice if something similar happened ever.


regards
knocx

 

[jamesyeeoc]

I've never seen that happen myself. My file only has the legitimate defined users for the domains, no extras, no duplicates.

Try and restore the directory structure from a recent backup.

Check to make sure your server has not been compromised (check /tmp, run RKHunter, Chkrootkit, etc). Check all your logs.

 

[knocx]

get calm... there is no compromise , Using 7.5.2

> Try and restore the directory structure from a recent backup.
this has no relation with directory structure, the difference is coming from the hash values

the problem is like something related to a bug with PLESK;

i had checked our 4 other PLESK servers they are all the same i mean;

/var/qmail/users/poppasswd contains duplicate (or more entries)

so i have tested the same thing; create a user , than change the password for the user...Bingo! now you have duplicate entry in
/var/qmail/users/poppasswd ...for that account with different hash

Congrats PLESK version 7.5 has come still has silly bugs...


Hope they consider fixing this asap.


knocx , Ph.D , CCNP, CISSP
Pointer is Power

 

[jamesyeeoc]

ah, then it must be from 7.5.2

I don't run that version on any of mine, and have never seen that on 7.5.3, but I'll double check on a test server (didn't notice your mentioning it happening with changing passwords)

Ok, I verified it on a 7.5.3 server, changing passwords on existing users does *not* create multiple entries for the user in poppasswd, so I guess they did fix it for 7.5.3

My comments about checking for compromise was meant as a general precautionary, good to hear your server is not. Lack of sleep has made me 'loopy' and I'm giving general advice for everyone on most of my posts on different support boards. Good night from me

 

[knocx]

we are waiting for 7.5.4, 7.5.3 had several problems as we had tracked from the forums so we had delayed the ugrade process since we currently have a stable version.

it is weird that they had fixed this issue in 7.5.3 , since they are usually not good at finding the issues themselves.. But nice to hear this...

thanks for the comments

take care

 

[jamesyeeoc]

Always glad to help out.

since they are usually not good at finding the issues themselves

Possibly some others found the problem and reported it directly to Plesk support (via ticket), which usually gets more priority than posts on these forums.