[imp] IMP 3.1 / user@domain.ext on virtual domains

Tobias Eigen tobias at kabissa.org
Wed Dec 18 09:16:29 PST 2002 

Hi Ed, 

Thank you (and thanks to Amith and others) for continuing to help me to think 
through this problem. I had a dig around in the PLESK forums and this seems to 
be a very common issue - so serious that people are in fact disabling IMP 
rather than opening themselves up to the vulnerabilities. 

Paste this into your browser: http://forum.plesk.com/showthread.php?
s=9d9f4cd42d46d8bb9fc0dd5478f74d57&threadid=5144&highlight=imp+3.1

It seems remarkable, but the combination of PLESK and IMP really does have the 
following problems: 

1) The UID to log into IMAP really is just the username (minus the domain.ext). 
Accounts are distinguished across domains only by the password used. This only 
matters for IMP - doesn't matter a jot for Outlook etc. In fact it's convenient 
since users only have to type in their username.  

2) People logging into IMP on other PLESK domains on the same server get 
preferences and addressbooks etc for other users. Ick. 

3) People logging into IMP on other PLESK domains send mail from the wrong From 
address in their default identity. Double ick. 

I don't want to hack around the PLESK hack, if that's what it is. I'd rather 
find a way to do what I've been saying - make people log into IMP using their 
full username@domain.ext email address and use the information as follows: 

username - to log into IMAP
username@domain.ext - for prefs
username@domain.ext - for the from address when sending mail
 
Looks like 

Cheers, 

Tobias

-- 
Tobias Eigen
tobias@kabissa.org

Kabissa - Space for change in Africa
http://www.kabissa.org


Quoting eculp@encontacto.net:

> Quoting Amith Varghese <amith@xalan.com>:
> 
>  | > Isn't the above the result what you would get just by logging in as
>  | > user@foo.bar and having realm=kabissa.org?
>  | 
>  | for the most part, but they don't really need the @kabissa.org.  The
> realm
>  | needs
>  | to be set to whatever the user entered with their login.  But the problem
>  | exists
>  | because the user is now considered user@foo.com when all Tobias wanted
> was
>  | "user".  I think my previous solution might work, but its a little wacky.
> 
> This seems like hacking around the hosting company's hack.  Courier-imap 
> using virtual domains defaults to user@vdomain.com for login, AFAIK.  That 
> is what Tobias wants but the hosting company seems to be preprocessing the
> login info somehow to determine if user is user@domain.com or
> user@domain2.com.
> 
> I think Tobias might want to test your solution and if it doesn't work,
> I think it is time to talk to the hosting company and see what they are 
> doing with the login.  They just may have direct access to courier-imap
> with user@domain.com but don't offer it because most customers only want 
> to type their uid without the domain.
> 
> ed
> 
> -- 
> 
> 
> -------------------------------------------------
> 
> 
> -- 
> IMP mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
>

More information about the imp mailing list