Facebook
Twitter
M
MarkF
Guest
Hi,
We currently have Plesk 8.6 running on CentOS 5.3 (32bit), Plesk 8.6 comes with Qmail by default.
The issue we are finding is that Qmail will allow an end-user to authenticate using whatever valid login details but then does not check the "FROM" header and as such allows the end-user to do SMTP auth with "[email protected]" and send a mail as sender "[email protected]".
This is obviously a very dangerious issue since it allows for email spoofing and can end up having our mail server black listed.
My question is:
Is there a way to make Qmail check the "From" address of a SMTP authenticated user matches the credentials used to perform the auth.
If not, Postfix does have this feature, how can I switch to Postfix? (Autoinstaller shows no postfix in Plesk 8.6).
We currently have Plesk 8.6 running on CentOS 5.3 (32bit), Plesk 8.6 comes with Qmail by default.
The issue we are finding is that Qmail will allow an end-user to authenticate using whatever valid login details but then does not check the "FROM" header and as such allows the end-user to do SMTP auth with "[email protected]" and send a mail as sender "[email protected]".
This is obviously a very dangerious issue since it allows for email spoofing and can end up having our mail server black listed.
My question is:
Is there a way to make Qmail check the "From" address of a SMTP authenticated user matches the credentials used to perform the auth.
If not, Postfix does have this feature, how can I switch to Postfix? (Autoinstaller shows no postfix in Plesk 8.6).
