Current time: 11-16-2024, 10:31 PM Hello There, Guest! (LoginRegister)


Thread Closed 
[solved] Security Problem detected
Author Message
joximu Offline
helper
*****
Moderators

Posts: 7,024
Joined: Jan 2007
Reputation: 92
Post: #1
[solved] Security Problem detected
Hi

Platzwart had a problem on his server and mentioned that this could be a security issue:

A customer can add a domain-alias, eg. gmx.net
Then he adds an emailaddress for this domain: all@gmx.net
and then he can add a catchall for gmx.net to go into this new mailbox.

Well - all mails to gmx.net which are sent over this server (webmail, smtp...) will go to the customers account.
I checked this and got an email to djkherjkghekj@gmx.net to my web.de account...

This is *not really* good.... (better: this is really not good)

What are others thinking about (besides opening a ticket)...
http://www.isp-control.net/ispcp/ticket/573

/Joximu
(This post was last modified: 01-17-2008 08:07 AM by RatS.)
08-18-2007 02:21 AM
Visit this user's website Find all posts by this user
MicCo Offline
Moderator
*****
Moderators

Posts: 277
Joined: Oct 2006
Reputation: 1
Post: #2
RE: Security Problem detected
Hmmm, if I got it right,

- then what you are saying is that one of more users on an server can make an catcall e-mail address, and then recive e-mails from other users account ! ?.

This will be an very serious security issue, I will have serious problems as lots of my users are medical companies, dealing with a lot of money, so if an e-mail can be snapped by others, then the hosting ain't secure and an host can get in rearl trouble.
09-05-2007 03:57 PM
Visit this user's website Find all posts by this user
Thread Closed 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)