>Wouldn't it make more sense to patch mailbox.php to prevent opening a mailbox >that's not on the folders list? I don't know PHP... anyone up to the task? It would be the best thing. For my is easier to configure the mod_security that to look the php source code, but I will attempt it. Regards, Albert