2 May
2008
2 May
'08
2:30 p.m.
Hi,
Maciej Drobniuch (Friday, 2008-05-02):
If you are using RCWM and MTA on the same machine then postfix(for example) isn't asking the saslauth daemon that the user is authenticated(because the process is running on the localhost) - it depends on the client restrictions. If the user changes the identity to another account located on the server then he can easily send messages using unauthorized e-mail address. For example foo@foobar.com is able to send e-mails via the foobar@foobar.com acoount without authentication To avoid the users to change the identity you could use my suggested patch.
So you want to remove wanted/needed functionality because your MTA is misconfigured? Imo this is the wrong way to go.
Patrick.
--
Key ID: 0x86E346D4 http://patrick-nagel.net/key.asc
Fingerprint: 7745 E1BE FA8B FBAD 76AB 2BFC C981 E686 86E3 46D4
--- 8< --- detachments --- 8< ---
The following attachments have been detached and are available for viewing.
http://detached.gigo.com/rc/Fc/7Z7SWqxZ/signature.asc
Only click these links if you trust the sender, as well as this message.
--- 8< --- detachments --- 8< ---
_______________________________________________
List info: http://lists.roundcube.net/dev/