[imp] Possible bug ?
Arjen de Korte
arjen+horde at de-korte.org
Sun Sep 13 17:59:52 UTC 2009
Citeren michel at casa.co.cu:
> Thanks for respond my email , tomorrow i will send a email to all my
> users in the system for change his passwords for precautions , but
> until yesterday the hacker use in the line "from" emails address
> that ever exist in my active directory.
>
> I have spf in my dns.
That may only help against others illegally using *your* domain on
*their* MTA. Not for people illegally using your *MTA* with *their
domain.
> so how i can send email truth horde webmail when the email address
> don't exists?
Only relay mail when the sender is SASL authenticated to Postfix *and*
is allowed to use the sender address. This drastically limits what
people can do when an user account is compromised and also will
quickly tell you which one if it ever happens.
> how make this , if no possible that horde have a possible security
> breach, a bug?
This isn't a Horde security problem and/or bug. You should harden your
MTA to prevent this.
Best regards, Arjen
More information about the imp
mailing list