• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Whitelist 127.0.0.1/32 Send mail from bogum mail adresses

K

knocx

Guest
Whitelist 127.0.0.1/32 and clients can send mail from bogusmail adresses

Hello;

on client php scripts we observe that people can send mail from forged mail adressess, since 127.0.0.1 is in whitelist

i.e a message from [email protected] to [email protected] is relayed where [email protected] is a forged originator

or from [email protected]

since this is a serious security issue and hard to catch is there a way to restrict this action?

i donts understand why is Qmail relaying [email protected], it shouldnt be allowed , by logic relay allowance priority should be based on "allowed hosts" rather than the trusted IP(127.0.0.1)... am i wrong? ...however it works the opposite.

any ideas / suggestions will be great

thanks
knocx
 
You must log in or register to reply here.

Similar threads

M
Question Accessing to mail (send & receive) only from one country
Replies
1
Views
964
Kaspar@Plesk
Kaspar@Plesk
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
3K
drdna
D
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
1K
W4ru
W
P
Issue SPF error sending IP 127.0.0.1
Replies
10
Views
5K
MrZuru
M
Bitpalast
Forwarded to devs Spamassassin ignores mails to mailboxes that contain an ampersand, e.g. d&[email protected]
Replies
9
Views
3K
Bitpalast
Bitpalast
Back
Top