[Bug 998] exim accepted smtp and imap unencrypted and w/o smtp_auth

To: debian-edu@lists.debian.org
Subject: [Bug 998] exim accepted smtp and imap unencrypted and w/o smtp_auth
From: bugzilla-skolelinux@developer.skolelinux.no
Date: Thu, 26 Jan 2006 21:19:01 +0100 (CET)
Message-id: <[🔎] 20060126201901.A1F9124243@developer.skolelinux.no>

http://bugs.skolelinux.no/show_bug.cgi?id=998





------- Additional Comments From c.gatzemeier@tu-bs.de  2006-01-26 21:19 -------
Exim as configured let me sent emails as other users using SMTP. (And this is 
not detectable. It is possible to use alternative sender-addresses 
via /usr/bin/sendmail but here an extra header with the real user id will be 
inserted.) 
 
Proposed actions: 
- require smtp_auth and only matching sender address. 
- accept only ssl/tls conections 
 
IMAP server accepts unencrypted connections. 
- require ssl/tls 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply to:

Prev by Date: New build server donated from Intel
Next by Date: [Bug 998] exim accepted smtp and imap unencrypted and w/o smtp_auth
Previous by thread: [Bug 998] exim accepted smtp and imap unencrypted and w/o smtp_auth
Next by thread: [Bug 998] exim accepted smtp and imap unencrypted and w/o smtp_auth
Index(es):
- Date
- Thread