LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-24-2011, 12:08 AM   #1
aliabbass
Member
 
Registered: Jun 2008
Posts: 57

Rep: Reputation: 0
Question qmail weakness needs to remove it


hi. we are using qmail as our MTA. Now the users are using outlook and web client. There is one important thing that i like to share with people here and request from the experts to suggest some solution. when using outlook you can just give someone's else name who has got an account in the same domain having same qmail server running and you will be receiving and sending on the behalf of that person rather you will be using his/her account. This is a great flaw. Now if someone is aware of that and knows how to correct it plz share his/her experience.
 
Old 02-24-2011, 05:14 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
It sounds like the authentication is based upon network and not on a per user basis and the users are within the network OR you are inadvertently running an open relay. Typically one would use SASL authentication against a user database with passwords. I don't know much about qmail's authentication mechanisms, but I do know that qmail is old and has been unsupported for a long time. Unless there is an easy solution to this problem, I would recommend a more current MTA.
 
Old 02-24-2011, 06:06 AM   #3
jamrock
Member
 
Registered: Jan 2003
Location: Kingston, Jamaica
Posts: 444

Rep: Reputation: 41
Quote:
Originally Posted by aliabbass View Post
you will be receiving and sending on the behalf of that person rather you will be using his/her account.
I can understand that you will be sending email using that person's account. I would be surprised if you could receive that person's email without their password.

Email applications can use smtp auth to enforce the use of a password when sending email. Go to http://www.qmail.org/top.html and do a search for smtp auth. You will see some options.

I would recommend setting up a test server and getting smtp auth to work on it first. You should only modify your production server when you have everything working properly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
qmail-remove prashantbhushan Linux - Networking 0 07-22-2006 03:53 AM
Fatal weakness in Linux cov Linux - Software 71 07-05-2005 05:13 AM
Remove qmail Lostboys Linux - Software 1 04-20-2005 08:25 AM
how to remove qmail ? zapperabhi Linux - Software 5 11-16-2004 09:34 AM
qmail +qmail-qfilter + qmail-scanner-queue+qmail-user-masq.pl problem countcobolt Linux - Networking 0 07-08-2004 12:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 06:47 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration