K
knocx
Guest
Whitelist 127.0.0.1/32 and clients can send mail from bogusmail adresses
Hello;
on client php scripts we observe that people can send mail from forged mail adressess, since 127.0.0.1 is in whitelist
i.e a message from [email protected] to [email protected] is relayed where [email protected] is a forged originator
or from [email protected]
since this is a serious security issue and hard to catch is there a way to restrict this action?
i donts understand why is Qmail relaying [email protected], it shouldnt be allowed , by logic relay allowance priority should be based on "allowed hosts" rather than the trusted IP(127.0.0.1)... am i wrong? ...however it works the opposite.
any ideas / suggestions will be great
thanks
knocx
Hello;
on client php scripts we observe that people can send mail from forged mail adressess, since 127.0.0.1 is in whitelist
i.e a message from [email protected] to [email protected] is relayed where [email protected] is a forged originator
or from [email protected]
since this is a serious security issue and hard to catch is there a way to restrict this action?
i donts understand why is Qmail relaying [email protected], it shouldnt be allowed , by logic relay allowance priority should be based on "allowed hosts" rather than the trusted IP(127.0.0.1)... am i wrong? ...however it works the opposite.
any ideas / suggestions will be great
thanks
knocx