| Summary | Log identity |
| Queue | IMP |
| Queue Version | 6.1.4 |
| Type | Enhancement |
| State | Rejected |
| Priority | 2. Medium |
| Owners | |
| Requester | pwong (at) chem (dot) utoronto (dot) ca |
| Created | 10/24/2013 (4269 days ago) |
| Due | |
| Updated | 10/24/2013 (4269 days ago) |
| Assigned | |
| Resolved | 10/24/2013 (4269 days ago) |
| Milestone | |
| Patch | No |
State ⇒ Rejected
http://www.horde.org/mail/ contains a list of all available mailing lists.
send out email?
through SMTP AUTH on port 587. Configure Horde to send messages
through that port and use their credentials for SMTP AUTH.
Don't allow users to setup e-mail addresses without verification that
they actually have access to this account. Make sure
$conf[user][verify_from_addr] is ticked in Administration->Horde->User
Capabilities and Constraints.
Your MTA can possibly help too here. For instance, in Postfix there is
an option 'reject_sender_login_mismatch' which will prevent your users
from making up sender addresses. I use the latter, which has the added
benefit of being independent from Horde, so it doesn't matter how
users send messages through your server.
have limited the impact of compromised accounts. Configure the
Administration->Permissions for IMP and cap both 'max_recipients' and
'max_timelimit' to a reasonable value.
log would be faster and more helpful.
Priority ⇒ 2. Medium
Patch ⇒ No
Milestone ⇒
Queue ⇒ IMP
Summary ⇒ Log identity
Type ⇒ Enhancement
State ⇒ New
send out email? Some accounts got compromised and new identities
created to perform spamming. The only way to find out was from the
horde_prefs table. Reading the log would be faster and more helpful.