As long as you don't have webmail users on services like AOL, Prodigy, or Starband, you can uncheck 'ignore source address'. If you do, though, you might as well rename that checkbox "Do not let AOL, Prodigy or Starband Users use webmail".
Unfortunate for security's sake, but true. - Tony >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of John Tolmachoff >Sent: Thursday, June 13, 2002 10:08 AM >To: [EMAIL PROTECTED] >Subject: RE: [IMail Forum] IMail security issue? > > >Another scenrio where someone would have to enable "Ignore Source IP" is >when you have users with some Satellite ISP's. One of our clients has a >heavy user that works from home one day per week that uses a Satellite >connection. His ISP uses something called a Double Proxy that plays >havoc with IP addresses. > >07:07 PDT 06/13/02 > >John Tolmachoff >IT Manager, Network Engineer >RelianceSoft, Inc. >Fullerton, CA 92835 >www.reliancesoft.com > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of R. Scott Perry >Sent: Wednesday, June 12, 2002 6:47 PM >To: [EMAIL PROTECTED] >Subject: Re: [IMail Forum] imail security issue? > > >>Here's the scenario: I am logged into my IMail server(v7.10 on NT4) at > >>the url >>https://mail.langliesystems.com/Xb9a69b9b9dcf9c9899cbe8f63fd4/readmail. >25637.cgi?uid=yourid&mbx=Main >>- I take this url and cut/paste it into a new browser and there it is - > >>the same e-mail session active in two browsers. > >Yes, that is to be expected. Most web sites work that way, and is often > >very useful. In fact, it allows you to have Outlook-like web messaging, > >where new E-mails appear in new browser windows (it's pretty cool). > >>This can be taken a step farther by pasting the url into a browser >running >>on a completely different IP and subnet. > >Only if you have IMail set up to allow it ("Ignore source IP"). Prodigy > >started that silly game of proxying IPs, and AOL took over the >concept. Therefore, a lot of people do not use the IP as a security >measure. We found this out the hard way about 6 years ago when we were >developing some of the first dynamic web pages. > >>For instance, I can log into the IMail web interface sitting at home, >then >>connect to my co-located webserver via MS Terminal Svc and paste that >same >>URL into a browser in my TermSrv session and both e-mail sessions will >be >>active at the same time! >> >>Hotmail will not allow you to do this. Is this a bug or a feature? >Can >>this behavior be prevented? > >It's a feature that you have enabled. It can be prevented by going back >to >the default, and unchecking "Ignore source IP" in the web messaging >settings. > > -Scott >--- >Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for >IMail. http://www.declude.com > >--- >[This E-mail was scanned for viruses by Declude Virus >(http://www.declude.com)] > > >Please visit http://www.ipswitch.com/support/mailing-lists.html >to be removed from this list. > >An Archive of this list is available at: >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Please visit the Knowledge Base for answers to frequently asked >questions: http://www.ipswitch.com/support/IMail/ > > >Please visit http://www.ipswitch.com/support/mailing-lists.html >to be removed from this list. > >An Archive of this list is available at: >http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > >Please visit the Knowledge Base for answers to frequently asked >questions: http://www.ipswitch.com/support/IMail/ >--- >[This E-mail was scanned for viruses by http://www.intouchmi.com] > > --- [This E-mail was scanned for viruses by http://www.intouchmi.com] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
