Hi Jeff, > I see it as a bit more serious than that, Taco... > > I've got two sites on my RaQ... www.site1.com and www.site2.com. > > If a user with an account on site1.com logs into his account at > site2.com, he'll be able to log in successfully, and he'll still see his > mailboxes, etc. So he may _think_ he's got an account site2.com. He's a bit brainless then, but anyway ...
> However, his return address will STILL be [EMAIL PROTECTED] on any email > he sends out. No, that is actually the issue people have: any valid user on a RaQ can login to the neomail of another site and hit the preferences button and send out e-mails using the other site's domain. Again: neomail should be seen as a mailclient. Any mailclient can be configured to send out messages with any domain. Hence I still think this is a non-issue. The only issue I agree on, is that users could login to other site's neomail and download their mail, and therefore not get charged the bandwidth. This is the only real valid issue. > So slightly different, and slightly more serious (imho) than you seem to > think. Again, I don't see the problem. But I am open to any education ;) > Hmmmm.... this really isn't _your_ issue, Taco, since you didn't write > neomail. But I did create the neomail package and added a lot of changes so it would support multiple domains and multiple architectures. As the maintainer of the package I do think it is my issue. > Does the available "isp" patch fix this problem? I don't think so. I don't think so. > Are you considering making your own patch? I'd like that Yes, but not this week. (This does not imply it is ready NEXT week ;) )... With regards, Taco Scargo Professional Services Manager, EMEA Sun Microsystems Tel. +31 (71) 565 7021 Sun Cobalt Server Appliances [EMAIL PROTECTED] _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
