security issue with default setting

Discussions on webmail and the Professional version.
Post Reply
security issue

security issue with default setting

Post by security issue » Fri Jul 19, 2002 12:48 pm

i noticed only by accident that someone was relaying email
through my mail server by pretending to be a known user on the system
and sending email to someone else..
can you change the default install settings on mailenable such that
the default installation, only allows authenticated users access to smtp...
i didnt notice it until i started looking for it...
and the way it was written was a little confusing to understand what the setting thou...

Site Admin
Posts: 4441
Joined: Tue Jun 25, 2002 3:03 am
Location: Melbourne, Victoria Australia

Post by MailEnable » Fri Jul 19, 2002 3:43 pm

We are investigating this. Your right though, the default ME does allow relay where the sender address is local. The reason for this was to prevent a flurry of questions regarding why people cannot send mail from their client (unless they had already worked out how to enable authentication).

There has been much feedback in relation to this and as a result, we have decided to do ay you have suggested but to provide a large information message in the installation.

Thanks for the feedback.
Regards, Andrew

security issue

sounds good...

Post by security issue » Sat Jul 20, 2002 2:19 am

better to err on the side of caution..
unlike some other software companys we all know lol...

Post Reply