[Bug 998] exim accepted smtp and imap unencrypted and w/o smtp_auth
http://bugs.skolelinux.no/show_bug.cgi?id=998
------- Additional Comments From c.gatzemeier@tu-bs.de 2006-01-26 21:19 -------
Exim as configured let me sent emails as other users using SMTP. (And this is
not detectable. It is possible to use alternative sender-addresses
via /usr/bin/sendmail but here an extra header with the real user id will be
inserted.)
Proposed actions:
- require smtp_auth and only matching sender address.
- accept only ssl/tls conections
IMAP server accepts unencrypted connections.
- require ssl/tls
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Reply to: