1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Whitelist 127.0.0.1/32 Send mail from bogum mail adresses

Discussion in 'Plesk for Linux - 8.x and Older' started by knocx, Apr 1, 2007.

  1. knocx

    knocx Guest

    0
     
    Whitelist 127.0.0.1/32 and clients can send mail from bogusmail adresses

    Hello;

    on client php scripts we observe that people can send mail from forged mail adressess, since 127.0.0.1 is in whitelist

    i.e a message from user@gmail.com to user@hotmail.com is relayed where user@gmail.com is a forged originator

    or from support@paypal.com

    since this is a serious security issue and hard to catch is there a way to restrict this action?

    i donts understand why is Qmail relaying user@gmail.com, it shouldnt be allowed , by logic relay allowance priority should be based on "allowed hosts" rather than the trusted IP(127.0.0.1)... am i wrong? ...however it works the opposite.

    any ideas / suggestions will be great

    thanks
    knocx
     
Loading...