Hello,
I will explain what I need to know.
I have 3 Servers:
One of them is just a Domains Server.
The other two are Mailboxes Servers. They have the email accounts
for all the Domains from the first Server.
All these mailboxes' POP and SMTP are accessed through the Server address:
mail.domainnamea.com. mail.domainnameb.com. mail.domainnamec.com.
and so on.
If someone who accesses my Roundcube, fill the Server field with any other POP Server name elsewhere, he will read those emails. How to avoid it, so that only mailboxes in one of my two Mailboxes mentioned above can be accessed?
Thanks a lot.
Mario./ ___________________________ Mario Jorge Lima mariolima@multisites.com.br OBS: Eventualmente nao acentuo algumas palavras do Portugues, para evitar bugs na recepcao dos emails.
On 27/02/2018 11:23, Mario Jorge Lima wrote:
Hello,
I will explain what I need to know.
I have 3 Servers:
One of them is just a Domains Server.
The other two are Mailboxes Servers. They have the email accounts
for all the Domains from the first Server.
All these mailboxes' POP and SMTP are accessed through the Server address:
mail.domainnamea.com. mail.domainnameb.com. mail.domainnamec.com.
and so on.
If someone who accesses my Roundcube, fill the Server field with any other POP Server name elsewhere, he will read those emails. How to avoid it, so that only mailboxes in one of my two Mailboxes mentioned above can be accessed?
Perhaps an outbound iptables firewall rule, so prevent the roundcube server from accessing any POP3 / IMAP server other than your servers?
Thanks a lot.
Mario./ ___________________________ Mario Jorge Lima mariolima@multisites.com.br OBS: Eventualmente nao acentuo algumas palavras do Portugues, para evitar bugs na recepcao dos emails.
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Hi,
This is an idea, but I don't know how to implement this.
Mario./
At 11:39 27/02/2018, you wrote:
Content-Type: multipart/alternative; boundary="------------FA4C66C307E815DE9F72CF87" Content-Language: en-GB
On 27/02/2018 11:23, Mario Jorge Lima wrote:
Hello,
I will explain what I need to know.
I have 3 Servers:
One of them is just a Domains Server.
The other two are Mailboxes Servers. They have the email
accounts for all the Domains from the first Server.
All these mailboxes' POP and SMTP are accessed through the Server address:
mail.domainnamea.com. mail.domainnameb.com. mail.domainnamec.com.
and so on.
If someone who accesses my Roundcube, fill the Server field with any other POP Server name elsewhere, he will read those emails. How to avoid it, so that only mailboxes in one of my two Mailboxes mentioned above can be accessed?
Perhaps an outbound iptables firewall rule, so prevent the roundcube server from accessing any POP3 / IMAP server other than your servers?
Thanks a lot.
Mario./ ___________________________ Mario Jorge Lima mailto:mariolima@multisites.com.brmariolima@multisites.com.br OBS: Eventualmente nao acentuo algumas palavras do Portugues, para evitar bugs na recepcao dos emails.
Roundcube Users mailing list mailto:users@lists.roundcube.netusers@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
Mario Jorge Lima mariolima@multisites.com.br OBS: Eventualmente nao acentuo algumas palavras do Portugues, para evitar bugs na recepcao dos emails.
On 02/27/2018 12:23 PM, Mario Jorge Lima wrote:
If someone who accesses my Roundcube, fill the Server field with any other POP Server name elsewhere, he will read those emails. How to avoid it, so that only mailboxes in one of my two Mailboxes mentioned above can be accessed?
I think I responded to similar question recently with:
You have a few options to deal with this
default_host username_domain username_domain_forced login_username_filter trusted_host_patterns (git-master only)
How to use them will depend on what you want to achieve and your environment. You can always create a plugin that checks the host before connecting to it.
Hi Alec,
For:
trusted_host_patterns
does it work for host and Ip's right?
-----Original Message----- From: users-bounces@lists.roundcube.net [mailto:users-bounces@lists.roundcube.net] On Behalf Of A.L.E.C Sent: 27 de fevereiro de 2018 17:48 To: users@lists.roundcube.net Subject: Re: [RCU] How to avoid accessing mailboxes elsewhere
On 02/27/2018 12:23 PM, Mario Jorge Lima wrote:
If someone who accesses my Roundcube, fill the Server field with any other POP Server name elsewhere, he will read those emails. How to avoid it, so that only mailboxes in one of my two Mailboxes mentioned
above can be accessed? I think I responded to similar question recently with:
You have a few options to deal with this
default_host username_domain username_domain_forced login_username_filter trusted_host_patterns (git-master only)
How to use them will depend on what you want to achieve and your environment. You can always create a plugin that checks the host before connecting to it.
-- Aleksander 'A.L.E.C' Machniak Kolab Groupware Developer [http://kolab.org] Roundcube Webmail Developer [http://roundcube.net]
PGP: 19359DC1 # Blog: https://kolabian.wordpress.com _______________________________________________ Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users