I am looking at the error reporting, and have noticed an issue with the EntityMailBox.
Basically, whenever you try to get a specified mailbox via
MailBoxManager.getMailBox()
which is implemented by
EntityMailbox.getMailBox()
a new EntityFolder is created for the specified username, which is then used for
loading up the messages. Valid mailboxes do not seem to be specified anywhere, and no
password authentication for the mailboxes has been built in yet. Issues caused by this
are:
-Messages for local delivery will always get delivered
-POP clients can access anything they like: if they specify a user who really does
not "exist" (as mentioned they are not defined anywhere) they will be able to log in
and the STAT command will return '+OK 0 0'. If they specify a user who "exists", they
can send in whatever password they like and get the messages.
So it seems we need to do some authentication for mailboxes. The simplest way seems
to link this up with the UserRepository somehow, so that it checks the userrepository
while/before obtaining a mailbox folder. Have I missed out something? Is this perhaps
what the MailServicesPolicyMBean is meant to handle?
Cheers,
Kab
<a
href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825567#3825567";>View
the original post</a>
<a
href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825567>Reply
to the post</a>
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
JBoss-Development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
