Submitted by helpmin on Mon, 01/23/2012 - 16:17
documentation mentions
When this option is set to Yes, Virtualmin will store the clear text passwords for domain owners and
mailboxes. This allows them to be displayed in the UI, but adds a potential security risk if your system is
compromised. Selecting No will cause all new virtual servers created from this template to store only
one-way hashed passwords instead.
But I think don't this is correct, because usermin passwords are still stored in cleartext in the inbox.imap file.
Status:
Closed (fixed)
Comments
Submitted by JamieCameron on Mon, 01/23/2012 - 16:56 Comment #1
That looks like an issue with the default configuration .. I will look into this and follow up shortly.
Submitted by JamieCameron on Mon, 01/23/2012 - 23:41 Comment #2
Ok, the issue here is that usermin isn't switched to read from local mail files during the Virtualmin post-installation wizard, which means that those inbox.imap files still get created :-(
I will fix this in the next release ... the work-around till then is to manually force the switch by editing
/etc/usermin/mailbox/configand adding the following lines at the end :mail_system=1mail_dir_qmail=Maildir
mail_qmail=
You can then safely delete all the
inbox.imapfiles.Submitted by helpmin on Tue, 01/24/2012 - 02:32 Comment #3
sound good. thanks
Submitted by Issues on Tue, 02/07/2012 - 02:45 Comment #4
Automatically closed -- issue fixed for 2 weeks with no activity.