How do I change SqirrelMail passwords?

[cnm]

I have an admin@mydomain Webmail account that I would like to change the password for. But I don't see how to do it.

I can't delete and recreate it because it is the default mail account for admin.

Hope someone can help.

 

[nobaloney]

Your main email account for your domain is the same login as your site administration account. You can either forward email to a different account, or you can use the same password.

Jeff

 

[cnm]

Yes, that is indeed the way it is, and that's what was worrying me.

If a dictionary attack against Squirrelmail succeeded they would have the DirectAdmin admin login and could do heaven knows what. So I'd like the mail to have its own password - but I guess there is no way?

 

[nobaloney]

Use good passwords. Don't ever use the account (set up a forward). If you must log in to that account through Squirrelmail, use a secure connection.

The limitation is actually in Unix, Linux, BSD, and other Posix operating systems; all usernames have an email account by default.

Jeff

 

[LawsHosting]

Use good passwords (12+ chars, upper & lowercase, etc) at the beginning.

We do this automatically when new clients sign up to prevent them using DOG, CAT, etc - believe me, we have seen people use these as passwords!

I know they can change the passwords after, but its all about educating people.

 

[cnm]

I use excellent random generated passwords more than 12 characters.
But I understand that any password can be cracked.

All users have unique passwords - the exception being webmail.

I have stuff in iptables to drop connection if there are more than 4 failed ssh attempts in 60 seconds. Maybe I can make a similar thing in iptables to drop webmail attempts. But I haven't yet figured out how. What is the protocol for the -p field?

 

[daveyw]

Take a look at CSF/LFD cnm. Thats a firewall that also checks (if its enabled in the config) for failed logins, ssh/ftp/pop3/imap/http etc

 

[cnm]

Thanks - I'll take a look.