[solved] Security Problem detected

[joximu]

Hi

Platzwart had a problem on his server and mentioned that this could be a security issue:

A customer can add a domain-alias, eg. gmx.net
Then he adds an emailaddress for this domain: all@gmx.net
and then he can add a catchall for gmx.net to go into this new mailbox.

Well - all mails to gmx.net which are sent over this server (webmail, smtp...) will go to the customers account.
I checked this and got an email to djkherjkghekj@gmx.net to my web.de account...

This is *not really* good.... (better: this is really not good)

What are others thinking about (besides opening a ticket)...
http://www.isp-control.net/ispcp/ticket/573

/Joximu

[MicCo]

Hmmm, if I got it right,

- then what you are saying is that one of more users on an server can make an catcall e-mail address, and then recive e-mails from other users account ! ?.

This will be an very serious security issue, I will have serious problems as lots of my users are medical companies, dealing with a lot of money, so if an e-mail can be snapped by others, then the hosting ain't secure and an host can get in rearl trouble.