• The APS Catalog has been deprecated and removed from all Plesk Obsidian versions.
    Applications already installed from the APS Catalog will continue working. However, Plesk will no longer provide support for APS applications.
  • Please be aware: with the Plesk Obsidian 18.0.78 release, the support for the ngx_pagespeed.so module will be deprecated and removed from the sw-nginx package.

Whitelist 127.0.0.1/32 Send mail from bogum mail adresses

K

knocx

Guest
Whitelist 127.0.0.1/32 and clients can send mail from bogusmail adresses

Hello;

on client php scripts we observe that people can send mail from forged mail adressess, since 127.0.0.1 is in whitelist

i.e a message from [email protected] to [email protected] is relayed where [email protected] is a forged originator

or from [email protected]

since this is a serious security issue and hard to catch is there a way to restrict this action?

i donts understand why is Qmail relaying [email protected], it shouldnt be allowed , by logic relay allowance priority should be based on "allowed hosts" rather than the trusted IP(127.0.0.1)... am i wrong? ...however it works the opposite.

any ideas / suggestions will be great

thanks
knocx
 
You must log in or register to reply here.

Similar threads

S
Issue Issues and confusion with mail forwarding
Replies
1
Views
2K
spiceypork
S
M
Issue Sending Email from a subdomain - Relay Access Denied
Replies
6
Views
2K
MHC_1
M
M
Question Accessing to mail (send & receive) only from one country
Replies
1
Views
1K
Kaspar@Plesk
Kaspar@Plesk
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
4K
drdna
D
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
3K
W4ru
W
Back
Top