webmail opens wrong user folder

I apologize if this is posted elsewhere, but I couldn’t find a similar thread.

I have this info 2nd hand from another admin, but will explain to my best ability. I feel this may actually turn into a bug report, but we’ll see,

we host multiple domains on this server, just for email handling.

One user logged into usermin’s webmail, but was shown the email of another user within the same domain.
Using roundcube, the problem doesn’t exist.

Our admin tried the same procedure and verified the behavior.

Both user accounts start with “k” and they /unfortunately/ have the same password.

Our “fix” was to change her password. This allowed mail to display properly. Her password was then changed back to the original value, and the problem has remained “fixed.”

Hopefully this makes sense, and is obviously a security problem. If there is anything I need to do different, please let me know.

The system is a CentOS 5.6 box running virtualmin GPL. All virtualmin components were installed via the official script.

Thanks,

GS

I have noticed this same problem since the new update of usermin.

Just so it does not get reported twice I have reported this as a bug

AllanIT

Hi guys

In my case this conflict was between the root user on the server and another email account I have, also my OS is ubuntu 10.04 so these instructions may or may not work for you but the response is from Jamie Cameron and fixed my problem. I hope this helps you as well.

Allan

from Jamie Cameron

Sounds like the root user’s usermin account has been configured to login as a different IMAP user.

Does the file /root/.usermin/mailbox/inbox.imap exist, and if so what does it contain?

If it contains some other user’s login, you should just delete that file.

Allan,

Thanks for the post, but that didn’t help me, as I don’t have that file.

GS

I’m going through the same problem.
And I have hundreds of mboxes…
This happened after I restore backups to a new server.
Would I need to go over every user mailbox to fix it?
Did the restore almost two weeks ago. Now a couple user complained, and then a couple more.
That’s how I found out that a lot of them are reading emails from another user…
I’m still trying to figure if this is happening only between users of same domain. If not, well I’m in a big problem now…

I am having the same issue. Running CentOS Linux 5.8, Virtualmin version 3.90 Pro. A few weeks ago someone (user#1) in a particular domain was logging in and receiving the mail of someone else (user#2)from the same domain. Today user #3 from the same domain is logging in and receiving the mail of user #2. Any ideas on how to fix this? User #3 was using IMAP and will have lost 2.5 years worth of mail if I cannot straighten this out.

Thank you

I used the suggestion from gsmithe except I didn’t even change the password to a different value and then back again. I just updated the password with the existing password and that was enough to “fix it”.