Another scenrio where someone would have to enable "Ignore Source IP" is when you have users with some Satellite ISP's. One of our clients has a heavy user that works from home one day per week that uses a Satellite connection. His ISP uses something called a Double Proxy that plays havoc with IP addresses.
07:07 PDT 06/13/02 John Tolmachoff IT Manager, Network Engineer RelianceSoft, Inc. Fullerton, CA 92835 www.reliancesoft.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry Sent: Wednesday, June 12, 2002 6:47 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] imail security issue? >Here's the scenario: I am logged into my IMail server(v7.10 on NT4) at >the url >https://mail.langliesystems.com/Xb9a69b9b9dcf9c9899cbe8f63fd4/readmail. 25637.cgi?uid=yourid&mbx=Main >- I take this url and cut/paste it into a new browser and there it is - >the same e-mail session active in two browsers. Yes, that is to be expected. Most web sites work that way, and is often very useful. In fact, it allows you to have Outlook-like web messaging, where new E-mails appear in new browser windows (it's pretty cool). >This can be taken a step farther by pasting the url into a browser running >on a completely different IP and subnet. Only if you have IMail set up to allow it ("Ignore source IP"). Prodigy started that silly game of proxying IPs, and AOL took over the concept. Therefore, a lot of people do not use the IP as a security measure. We found this out the hard way about 6 years ago when we were developing some of the first dynamic web pages. >For instance, I can log into the IMail web interface sitting at home, then >connect to my co-located webserver via MS Terminal Svc and paste that same >URL into a browser in my TermSrv session and both e-mail sessions will be >active at the same time! > >Hotmail will not allow you to do this. Is this a bug or a feature? Can >this behavior be prevented? It's a feature that you have enabled. It can be prevented by going back to the default, and unchecking "Ignore source IP" in the web messaging settings. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/ Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
