OVA Mail Piler Web GUI
Hi All,
I imported the OVA file that can be downloaded in mail piler website to my xenserver. The import was successful, however when I log in as admin@local the web GUI started to go to other website such as facebook and etc. Is this a bug or security breech? How can I resolve it?
Comments (10)
-
repo owner -
reporter I already deleted my VM. Please update me if you see it for yourself.
-
reporter Hi jsuto,
Did you try it yourself?
Thank you.
-
repo owner I've made it myself. Give me more time to investigate the issue.
-
reporter Hi jsuto,
any update?
Thank you.
-
repo owner Yes. I couldn't reproduce the problem. So I'd like you to redeploy the ova, install ngrep, and show me all packets leaving the virtual machine, eg.
T 192.168.100.100:80 -> x.x.x.x:12345
I'm interested in only the destinations of the packages, not the actual content.
-
reporter Hi Jsuto,
Please see details below:
192.168.0.13:80 -> 192.168.0.29:54170 [AP] HTTP/1.1 302 Moved Temporarily..Server: nginx/1.2.1..Date: Tue, 24 Ma y 2016 02:46:03 GMT..Content-Type: text/html..Transfer-Encoding: chun ked..Connection: keep-alive..X-Powered-By: PHP/5.4.45-0+deb7u2..Expir es: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0..Pragma: no-cache..Locati on: http://piler.yourdomain.com/index.php?route=health/health....0...
Waiting for your reply
-
reporter Hi Jsuto,
You may change the status as resolved. I just edit the config-site.php to my domain and does not go to other site. My only question is, is this virtual file is safe to use? What I mean is it does not have vulnerabilities or my email are safe to anyone?
Thank you.
-
repo owner My bad: I should have asked for proof in the first place :-) The main purpose of the OVA image is to give you an instant installation allowing you to try and evaluate it without going over the installation procedure. The latest OVA contains debian 7, which means you should update the OS packages, or you may even dist-upgrade it (though in this case you may have to recompile piler). Besides the recommended upgrade, the OVA image is safe, I've made it myself.
Btw. in the future I may switch to kvm or virtualbox, or perhaps even to docker. I don't have a hands on access to a vmware environment anymore.
-
repo owner - changed status to invalid
- Log in to comment
It definitely shouldn't happen. Can you provide some more details about this incident? I try to find a way to deploy the ova, and see it for myself.