[imp] IMP (apache) abuse ?

Federico Petronio petronio@agro.uba.ar
Thu, 06 Jun 2002 09:39:24 -0300


Hello...

Recently, checking the logs with LogWatch I found some lines like these:

apache set sender to atencionaclientes@scapsa.shell.com using -f: 1 Times(s)
apache set sender to ramirocarretero@datafull.com using -f: 1 Times(s)
apache set sender to 19970047@correo.lamolina.edu.pe using -f: 1 imes(s)


As far as I understand that means that a mail was sent using apache and 
setting the From to those address. The problem is that I set IMP to not 
let the users change the From: (just his/her name) and those address and 
NOT local.

What do you think ? could this be a config problem in IMP?, a security 
bug? some problem in something else than HORDE/IMP ?

Any help is welcome.

I run RH 7.2 (updated) and IMP 2.2.8.

Thank you...

-- 
					Federico Petronio
					petronio@agro.uba.ar
					Linux User #129974

---
Unix IS user friendly. It's just selective about who its friends are.