LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 01-17-2005, 01:46 AM   #1
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Rep: Reputation: 30
Qmail - Encrypted Passwords


Hi everyone,

I have been running a Qmail mail server for a few months already but now boss wants passwords and emails encrypted and not plain text.

Does anyone have any ideas how to do this? I am not really worried about the emails at this stage because we have told users to not store on the server anyways but the passwords I can understand is insecure. I have installed VqAdmin and it will show the text passwords for all users.

Any help would be great.

Ta
Chris
 
Old 01-17-2005, 04:42 AM   #2
Draygo
Member
 
Registered: May 2004
Location: Frisco, TX
Distribution: Debian Unstable
Posts: 73

Rep: Reputation: 15
If you are asking how to encrypt authentication and sending of email then all you have to do is get/generate a SSL cert and enable TLS.

Are you using pop or imap? Which prog are you using for this?
 
Old 01-17-2005, 08:04 PM   #3
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Original Poster
Rep: Reputation: 30
no not really. When I go into Vqadmin I can see everyones passwords. They are stored somewhere in plain text. This concerns me as Im about to handover knowledge to somebody else and im not 100% sure if I want them to have access to everyones password. What I want is that those mail passwords be encrypted.
 
Old 01-17-2005, 09:28 PM   #4
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Original Poster
Rep: Reputation: 30
Ok I think im able to refine my question a bit more now after some looking around.

My server has the following file

/home/vpopmail/domains/etc.com/vpasswd
this file contain plain text passwords in them. eg password12

no encryption. How can I make sure these passwords are encrypted?

THanks for any help
 
Old 01-21-2005, 04:58 PM   #5
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
When you run --configure on vpopmail, you can pass an argument that will tell vpopmail whether you want plain-text passwords or not.

./configure --enable-clear-passwd=n

Check here for more info...

http://www.inter7.com/vpopmail/install.txt
 
Old 01-21-2005, 05:11 PM   #6
DaHammer
Member
 
Registered: Oct 2003
Location: Planet Earth
Distribution: Slackware, LFS
Posts: 561

Rep: Reputation: 30
Keep in mind though, that if this person whom you do not fully trust has direct access, especially root access, to the server then they can read everyone's email manually directly out of the vpopmail mailboxes. If you are truly paranoid about this, then the best thing to do is too encrypt the actual email using something like GnuPGP. That way nobody, no matter what access they have to the server, can read the email except the person with the key.
 
Old 01-23-2005, 07:50 PM   #7
chrisfirestar
Member
 
Registered: Sep 2003
Location: Adelaide, Australia
Distribution: Fedora/RH
Posts: 231

Original Poster
Rep: Reputation: 30
Hi thanks for your replies. Yes im aware of this DaHammer but must do what boss wants right

What are the side affects of recompiling like this? Will I need to re-create the domain users etc?
 
Old 01-23-2005, 08:12 PM   #8
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
No. If you recompile and run make, make install-strip, it will not mess up anything that you have running now. However, you may want to review all of the available options for configure to see what other features you may want to adjust. For vpopmail, there are a bunch. Just run ./configure --help to see them all. Some of these options have a default value that you may not want. Post back here if you have questions about what these do.

But no, there are no side effects, but you may want to consider stopping qmail while you run the make commands.
 
Old 01-23-2005, 08:13 PM   #9
Donboy
Member
 
Registered: Aug 2003
Location: Little Rock, Arkansas
Distribution: RH, Fedora, Suse, AIX
Posts: 736

Rep: Reputation: 31
You know what... I may have spoken too soon. I seem to remember once upon a time, I changed mine from being encrypted to unencrypted and I seem to remember the ones I already had stored did not change. I think it's only done on the new accounts that are made afterwards. But don't quote me on that. It's been over a year ago.
 
Old 06-25-2013, 03:11 AM   #10
samrocks1011
LQ Newbie
 
Registered: Jun 2013
Location: India
Distribution: Ubuntu
Posts: 1

Rep: Reputation: Disabled
Hide the Password in vqadmin Web Panel

Running the below command will not effect the current configuration. It will remove the password coloum from vqadmin web panel.
Step 1) go to Vqadmin Setup folder
Step 2) Vim user.c
Comment the below line
#ifdef CLEAR_PASS
printf("<th><FONT face=%s color=\"%s\">Password</FONT></th>\n",face, fgcolor);
#ifdef CLEAR_PASS
printf("<td align=middle><FONT face=%s color=\"%s\">%s</FONT></td>\n",face, fgcolor, vpw->pw_clear_passwd);

Step 3)
./configure --enable-cgibindir=/var/www/cgi-bin --enable-htmldir=/var/www/html

Step 4)
make && make install-strip
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Encrypted passwords on Cisco 2500 siawash Linux - Networking 5 08-10-2005 06:38 PM
.htaccess not accepting encrypted passwords. Braytac Linux - Distributions 1 04-28-2005 01:55 AM
Encrypted Passwords, how could I tell? wardialer Linux - Security 13 10-12-2004 03:14 PM
Moving encrypted passwords to a new host paulsm4 Linux - Software 1 09-17-2004 02:40 AM
creating encrypted passwords kidwired Linux - Security 3 01-12-2003 05:34 PM


All times are GMT -5. The time now is 04:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration