[horde] Security related.

Anant Athavale asa at isac.gov.in
Thu May 17 06:05:05 UTC 2007

Dear List:

One of my colleague is developing an application in VB.  He says, he  
is able to send an email to a person without logging in through  
browser (He is sending the login parameters to HTTP Server directly  
and later sending compose.php parameters directly through VB).  He  
came to me telling that, I am unable to attach any files using this  
method and hence came to know about this.

In our setup, we do not want such a thing to work.  We already have  
setup firewall to prevent direct connectivity to port 25 (Mail port)  
on the mail server.  Actually, we have locked from_address to prevent  
forged mails.  Can he escape from this check, if he uses this method?

What steps do u recommend to prevent this.

We are using all latest stable releases of HORDE 3.1.

I am attaching the two PHP files, using which he is sending mails.

My requirement is nobody should be able to login/send mails through  
any external application.  How do I achieve this.

Waiting for early reply.


Anant Athavale.

More information about the horde mailing list