problem with security - login/sender mismatch

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

problem with security - login/sender mismatch

Bartosz.C
Hi,
I have a problem with field: Options->Personal Information->E-mail Address.
In that field I can write just any address and it will be sent without problems - for example
[hidden email] - and my postfix will send it.
My users names are the same like emails.
Is there any option to change behave of squirrelmail - and when user is sending email it alaways is sending using his user name whatever field "e-mail address" contain?

I know that I can remove that option from /squirrelmail/include/options/personal.php script but in specific cases cookies from IE, Firefox are messing with /var/lib/squirrelmail/data/users.pref files. And that files contains information about this address.

Bartosz.

------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: problem with security - login/sender mismatch

Jari Fredriksson
05.11.2012 13:56, Bartosz.C kirjoitti:

> Hi,
> I have a problem with field: Options->Personal Information->E-mail
> Address.
> In that field I can write just any address and it will be sent without
> problems - for example
> [hidden email] <mailto:[hidden email]> - and my postfix
> will send it.
> My users names are the same like emails.
> Is there any option to change behave of squirrelmail - and when user
> is sending email it alaways is sending using his user name whatever
> field "e-mail address" contain?
>
> I know that I can remove that option from
> /squirrelmail/include/options/personal.php script but in specific
> cases cookies from IE, Firefox are messing with
> /var/lib/squirrelmail/data/users.pref files. And that files contains
> information about this address.
>
> Bartosz.
You can write any address to your email address in ANY email client
there is.

How could the client know your own "rightful" address anyway?

jarif


>
>
> ------------------------------------------------------------------------------
> LogMeIn Central: Instant, anywhere, Remote PC access and management.
> Stay in control, update software, and manage PCs from one command center
> Diagnose problems and improve visibility into emerging IT issues
> Automate, monitor and manage. Do more in less time with Central
> http://p.sf.net/sfu/logmein12331_d2d
>
>
> -----
> squirrelmail-users mailing list
> Posting guidelines: http://squirrelmail.org/postingguidelines
> List address: [hidden email]
> List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
> List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

--

You have an ambitious nature and may make a name for yourself.



------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

signature.asc (267 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: problem with security - login/sender mismatch

Bartosz.C
On 5 November 2012 17:48, Jari Fredriksson <[hidden email]> wrote:
05.11.2012 13:56, Bartosz.C kirjoitti:
> Hi,
> I have a problem with field: Options->Personal Information->E-mail
> Address.
> In that field I can write just any address and it will be sent without
> problems - for example
> [hidden email] <mailto:[hidden email]> - and my postfix
> will send it.
> My users names are the same like emails.
> Is there any option to change behave of squirrelmail - and when user
> is sending email it alaways is sending using his user name whatever
> field "e-mail address" contain?
>
> I know that I can remove that option from
> /squirrelmail/include/options/personal.php script but in specific
> cases cookies from IE, Firefox are messing with
> /var/lib/squirrelmail/data/users.pref files. And that files contains
> information about this address.
>
> Bartosz.

You can write any address to your email address in ANY email client
there is.

How could the client know your own "rightful" address anyway?

jarif


Yes its true.
But because its localhost (postfix+squirrelmail is on the same server) behave of e-mail clients are different than in any other place in network.
Can I force to use by squirrelmail email address to send a message the same as user login?
So in Personal Information->E-mail Address can be anything.
Bartosz.

------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
Reply | Threaded
Open this post in threaded view
|

Re: problem with security - login/sender mismatch

Paul Lesniewski
On Tue, Nov 6, 2012 at 1:05 AM, Bartosz.C <[hidden email]> wrote:

> On 5 November 2012 17:48, Jari Fredriksson <[hidden email]> wrote:
>>
>> 05.11.2012 13:56, Bartosz.C kirjoitti:
>> > Hi,
>> > I have a problem with field: Options->Personal Information->E-mail
>> > Address.
>> > In that field I can write just any address and it will be sent without
>> > problems - for example
>> > [hidden email] <mailto:[hidden email]> - and my postfix
>> > will send it.
>> > My users names are the same like emails.
>> > Is there any option to change behave of squirrelmail - and when user
>> > is sending email it alaways is sending using his user name whatever
>> > field "e-mail address" contain?
>> >
>> > I know that I can remove that option from
>> > /squirrelmail/include/options/personal.php script but in specific
>> > cases cookies from IE, Firefox are messing with
>> > /var/lib/squirrelmail/data/users.pref files. And that files contains
>> > information about this address.
>> >
>> > Bartosz.
>>
>> You can write any address to your email address in ANY email client
>> there is.
>>
>> How could the client know your own "rightful" address anyway?
>>
>> jarif
>>
>
> Yes its true.
> But because its localhost (postfix+squirrelmail is on the same server)
> behave of e-mail clients are different than in any other place in network.
> Can I force to use by squirrelmail email address to send a message the same
> as user login?
> So in Personal Information->E-mail Address can be anything.

Use the configuration tool to turn off:

4. General Options ==> 9. Allow editing of identity

That is exactly why this feature was developed.

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
-----
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: [hidden email]
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users