Topic: WEBMAIL PASSWORD CHANGE FROM THE INTERNET

[SANKAR]

I HAVE INSTALLED E-SMITH4.1.1 AND ENBALED WEBMAIL. I AM
ABLE TO SEND AND RECEIVE EMAILS. I WOULD LIKE TO USE THE
PASSWORD CHANGE OPTION "WWW.MYDOMAIN.COM/E-SMITH-PASSWORD" FROM THE INTERNET. I AM ABLE TO CHANGE
THE PASSWORD INSIDE MY NETWORK (INTRANET).

WHEN I TRY THE PASSWORD CHANGE FROM THE INTERNET
I GET NO RESPONSE AND AFTER SOME TIME THE BROWSER
COMES BACK WITH PAGE ERROR.

CAN ANYBODY HELP ME ON THIS ISSUE.

SANKAR

[Michael]

SANKAR wrote:
>
> I HAVE INSTALLED E-SMITH4.1.1 AND ENBALED WEBMAIL. I AM
> ABLE TO SEND AND RECEIVE EMAILS. I WOULD LIKE TO USE THE
> PASSWORD CHANGE OPTION "WWW.MYDOMAIN.COM/E-SMITH-PASSWORD"
> FROM THE INTERNET. I AM ABLE TO CHANGE
> THE PASSWORD INSIDE MY NETWORK (INTRANET).
>
> WHEN I TRY THE PASSWORD CHANGE FROM THE INTERNET
> I GET NO RESPONSE AND AFTER SOME TIME THE BROWSER
> COMES BACK WITH PAGE ERROR.
>
> CAN ANYBODY HELP ME ON THIS ISSUE.

The password changing page should never exposed to the outer network = internet if you're not using any encryption!
Use an ssh client to connect to your server and call through that secure tunnel to the e-smith-password page with your browser.

Michael

[Dan Brown]

Why not just make the e-smith-password page available using SSL only?  It's apparently quite possible, as e-smith provides this (SSL only) as an option for the webmail system.  I'm 99% sure I could make the change in a way that would work on my system, but it'd be a local hack, not a distributable customization.  Anybody else want to tackle this?

[SANKAR]

If the remote system has windows 9x then I think with the help of VPN
PPTP the users can have access to the e-smith server password change
page.

My question is already the email server is running under HTTPS why not
the login page can have the password change option, any way its secured.

How HOTMAIL and Yahoo were able to do that ???

Sankar

[sankar]

I have seen atleast 50 posts on the password change issue.
Can anybody help with a solution. Please donot add the VPN/SSH client or the user panel or the link How to use SSL to remotely access the server manager as a solution.

After entering the login name and password the next screen should have a hyperlink "Change password". In this way the security breach is not going to be there because the user is
already in the 128bit or 57 bit encryption mode.

Help is appreciated.

Thanks
Sankar

[Arby Edi]

Sankar:  The best solution I've seen so far is at chpasswd.sourceforge.net  and you can get the rpm at rpmfind.net.