Re: [SM-USERS] problem with security - login/sender mismatch

[Bartosz.C]

On 5 November 2012 17:48, Jari Fredriksson  wrote:

> 05.11.2012 13:56, Bartosz.C kirjoitti:
> > Hi,
> > I have a problem with field: Options->Personal Information->E-mail
> > Address.
> > In that field I can write just any address and it will be sent without
> > problems - for example
> > whate...@whatever.com  - and my postfix
> > will send it.
> > My users names are the same like emails.
> > Is there any option to change behave of squirrelmail - and when user
> > is sending email it alaways is sending using his user name whatever
> > field "e-mail address" contain?
> >
> > I know that I can remove that option from
> > /squirrelmail/include/options/personal.php script but in specific
> > cases cookies from IE, Firefox are messing with
> > /var/lib/squirrelmail/data/users.pref files. And that files contains
> > information about this address.
> >
> > Bartosz.
>
> You can write any address to your email address in ANY email client
> there is.
>
> How could the client know your own "rightful" address anyway?
>
> jarif
>
>
Yes its true.
But because its localhost (postfix+squirrelmail is on the same server)
behave of e-mail clients are different than in any other place in network.
Can I force to use by squirrelmail email address to send a message the same
as user login?
So in Personal Information->E-mail Address can be anything.
Bartosz.
--
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

[SM-USERS] Force SASL-auth when sending mail

[Nikolaos Milas]

Hi,

I am using v1.4.22 on CentOS 5.8 (x86_64).

Currently, when sending mail from SM, it uses the following setup 
(config/config.php):

$useSendmail= true;
$smtpServerAddress = 'localhost';
$smtpPort = 587;
$sendmail_path = '/usr/sbin/sendmail';
$sendmail_args = '-i -t';
$pop_before_smtp = false;
$pop_before_smtp_host = '';

Here is a typical session, as logged by Postfix:

Nov  4 21:43:11 mailserver postfix/pickup[17587]: C58DC6D6771: uid=48 
from=
Nov  4 21:43:11 mailserver postfix/cleanup[18472]: C58DC6D6771: 
message-id=<491e500f4e0148757337cd09c18a0077.squir...@mailserver.example.com>
Nov  4 21:43:11 mailserver opendkim[5402]: C58DC6D6771: DKIM-Signature 
header added (s=default, d=example.com)
Nov  4 21:43:13 mailserver postfix/qmgr[25488]: C58DC6D6771: 
from=, size=799, nrcpt=1 (queue active)
Nov  4 21:43:21 mailserver postfix/pipe[18491]: C58DC6D6771: 
to=, relay=dovecot, delay=16, delays=8.9/0.017/0/7.3, 
dsn=2.0.0, status=sent (delivered via dovecot service)
Nov  4 21:43:21 mailserver postfix/qmgr[25488]: C58DC6D6771: removed

So, in essence, SM directly feeds Postfix (through "pickup").

Can we configure SM to explicitly use SMTP SASL-auth (using 
username/password of the logged-in user) when sending each and every 
email message?

Doing so, we would be able to distinguish between sending users (since 
they will be SASL-authenticated)and enforcevarious limitations based on 
their identity at the SMTP level (e.g. using postfwd). Currently, there 
is no way to tell who was the user who submitted a mail, since the 
senderaddress should not be the definitive criterion (while the client 
is always 127.0.0.1).

I am aware of "Restrict Senders" plugin, which provides a solution, but 
-as mentioned in the plugin description- it is not the suggested one.

Any advice regarding the issue will be appreciated.

Thanks and regards,
Nick

--
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d
-
squirrelmail-users mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-users@lists.sourceforge.net
List archives: http://news.gmane.org/gmane.mail.squirrelmail.user
List info (subscribe/unsubscribe/change options): 
https://lists.sourceforge.net/lists/listinfo/squirrelmail-users