> Kelihatannya tidak ada yang aneh atau error, mungkin karena beberapa security
> header sudah diaktifkan (?). > Saat pentest dilakukan, kami belum memodifikasi atau menabhakan security headers Pak. > Inikan webmail bukan Web site sehingga serangan dan proteksinya berbeda. > Dari Gemini AI > > How Security is Typically Achieved > Instead of a blanket restriction, webmail security focuses on: > > > Web Server Configuration: Web servers (like Apache, Nginx, or IIS) are > > typically configured to disable less common and unnecessary HTTP > > methods (such as OPTIONS, PUT, DELETE, TRACE, HEAD, etc.) to mitigate > > "HTTP Verb Tampering" attacks, but GET and POST are almost always > > required. > There is no publicly known or recently reported CVE specifically for an HTTP > Verb > Tampering vulnerability in MDaemon Webmail > > The search results show several other vulnerabilities, primarily Cross-Site > Scripting (XSS) issues (e.g., CVE-2025-3929, CVE-2024-11182, CVE-2021-27182, > CVE-2019-8984) and Cross-Site Request Forgery (CSRF) issues that have been > patched over time. > > > Spam and Malware Filtering: Blocking unsafe file types at the firewall > > and using robust antivirus solutions helps prevent malware infections > > spread via email attachments. > > > Unsafe file type tidak terjadi di MDaemon Webmail yang sudah diproteksi oleh > MDaemon Antivirus. > File lampiran di scan baik saat upload maupun saat kirim lewat SMTP service. > > > > Sepertinya respon 403 dan 405 ini untuk memblokir akses yang tidak > > diperlukan > Pak. > > > > Jika memang tidak opsi dengan mode buil-in mdaemaon, tidak apa-apa Pak. > > > Mestinya sih ada, hanya saja di hardcode (level program). > Baik noted Pak Syafril. Terimakasih, Asep. Y -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir: MDaemon 25.5.1, SecurityGateway 11.0.3
