Hey,
I have googled around a lot and can't seem to solve this.
If
[email protected] adds
[email protected] as an alias, usera is able to send emails on behalf of userb.
Furthermore usera can create any username e.g
[email protected] as an alias and send emails using that new username.
How do I prevent this?
I assume its a postfix / courier issue?
Thanks!
Actually its a Roundcube setting, you can add the following to your config.inc.php and change the value as you see fit.
// Set identities access level:
// 0 - many identities with possibility to edit all params
// 1 - many identities with possibility to edit all params but not email address
// 2 - one identity with possibility to edit all params
// 3 - one identity with possibility to edit all params but not email address
// 4 - one identity with possibility to edit only signature
$config['identities_level'] = 0;
Quote from: SKaero on May 02, 2015, 04:17:42 PM
Actually its a Roundcube setting, you can add the following to your config.inc.php and change the value as you see fit.
// Set identities access level:
// 0 - many identities with possibility to edit all params
// 1 - many identities with possibility to edit all params but not email address
// 2 - one identity with possibility to edit all params
// 3 - one identity with possibility to edit all params but not email address
// 4 - one identity with possibility to edit only signature
$config['identities_level'] = 0;
Dear SKaero thanks for the reply!
I am not sure if it is a roundcube setting, lets say a user were to connect to my mail server using telnet they would be able to send an email as any email address as long as they have the usn/pwd for one valid address.
Thanks,
- J
Yes they would be able to send from any address. You would need to edit your mail server to completely prevent it.
Quote from: SKaero on May 04, 2015, 02:31:44 AM
Yes they would be able to send from any address. You would need to edit your mail server to completely prevent it.
Indeed I would, do you have any instructions / advice on how I can do that?
I have already enabled postfix sasl user authentication using PAM to query the MySQL database which contains the usn/pwd table. But that doesn't seem to be working.
Unfortunately I don't, I'd guess that you would want to code a script that would check/change the from line on the way out but I can't say how it would be best to do that.