[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Re: NeoMail 1.25
- Subject: Re: [cobalt-users] Re: NeoMail 1.25
- From: baltimoremd@xxxxxxxxxxxxxxx
- Date: Sat Sep 22 19:32:19 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Fri, 21 Sep 2001, Revd leonard payne wrote:
> on 21/9/01 1:44 PM, Joe Boise at my_hidden_email@xxxxxxxxx mumbled something
> like:
>
> > with www.site2.com. It looks like John can now
> > send messages as john@xxxxxxxxxx
> >
> > This seems this might be a security issues to me?
> >
> > Anyone else notice this?
>
>
>
> This is not a bug it is a feature.
I ran a test with a real simple web based email application-thinmail
I could login as domain2user@xxxxxxxxxxx with the proper password,
even though I specified that the mailserver was domain1.com
Sent a message to myself, it showed up as being from
domain2user@xxxxxxxxxxxxxx
That's because when you look at the headers, the mail really came
from ns1.mymaindomain.net
This kind of behavior can cause all sorts of fun with majordomo,
since if domain2user@xxxxxxxxxxx is subscribed, his message
could get bounced, since majordomo doesn't see that address.
Apparently it's another "Little Grasshopper in the Land of Cobalt"
adventure.
>
> According to the gospel according to Cobalt, you can only use the same user
> once per box - rather than once per virtual site. Therefore logging on via
> another site would work. It still hits the same POP engine it seems to me (a
> linux novice)
>
> I reckon the same would happen if you used a regular POP client.
> Give it a try and post again - or shoot me down .
Think you're correct, but I'm too lazy to set up yet another Eudora to
test it.
thom
baltimoremd@xxxxxxxxxxxxxxx Thom LaCosta K3HRN Webmaster
http://www.baltimoremd.com/cobaltfacts/
Home of the CobaltFacts Web Ring - cobalt-ot and hosting-biz mailing lists