This is with regard to the spoofed mail problem I had posted earlier. I have (after getting my hosting account re enabled) found that if you set your email id to an existing email at your domain, then you can easily spoof your emails as coming from that id. This however is not true for email ids that don't exist on your domain or are outside your domain.
So a simple solution would be to disable the E-mail text field in the Identity section of Roundcube. Can anyone guide me as how to accomplish the same?
I know it would still be possible to send such spoofed mails using an email client but most of my users only use webmail, and so I want this spoofing to be not possible through webmail.
Nipun Jain wrote:
This is with regard to the spoofed mail problem I had posted earlier. I have (after getting my hosting account re enabled) found that if you set your email id to an existing email at your domain, then you can easily spoof your emails as coming from that id. This however is not true for email ids that don't exist on your domain or are outside your domain.
So a simple solution would be to disable the E-mail text field in the Identity section of Roundcube. Can anyone guide me as how to accomplish the same?
This has to be done in function rcube_identity_form() within program/steps/settings/edit_identitiy.inc. Just remove some fields from the $a_show_cols array. I would also suggest to remove these fields from the $a_save_cols array in save_identitiy.inc
I know it would still be possible to send such spoofed mails using an email client but most of my users only use webmail, and so I want this spoofing to be not possible through webmail.
I'll think about some configuration parameters or skin settings letting the admin disable some fields form the identities form.
Regards, Thomas
-
Nipun Jain -
Thomas Bruederli