RE: [SM-USERS] IP information logged in email header.

Thu, 15 Jul 2004 01:04:31 -0700 

> Keep that header. It is for your own protection. You don't want 
> to be the last person on the list, when somebody uses your 
> webmail interface to send nasty email to The President. Your 
> users might not want to be the last on the list, if somebody 
> hijacks their account and sends emails on their behalf. If you 
> remove record showing original sender, your users can't prove 
> that they haven't sent those emails. SquirrelMail acts like any 
> normal email client.

I understand the issue but our context is different somehow anyway.
There is a limited (small) number of users for the particular server I am thinking 
about, and the access to it is protected.
Unless some people have some fun haking into the server, but well that's another issue.

> It logs originating address. SquirrelMail 
> also logs authenticated username and tries to detect proxies.
> 
> See 
> http://sourceforge.net/tracker/index.php?func=detail&aid=847107&gr
>oup_id=311&atid=100311

>I know some cases when SquirrelMail was used to send Nigerian scam
> and similar messages. That header .provided information about
> account used to send those messages.

>If you still want to remove that information, see patch in SF
> bugtracker or  edit file class/deliver/Deliver.class.php lines
> 382-401 (SquirrelMail 1.4.3a). 

>Remember that you have to set $edit_identity option in SM config
> to false. This might prevent forgery.
>conf.pl -> 4. General Options -> 10. Allow editing of identity

Thanks for the info.

Farid.



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
--
squirrelmail-users mailing list
List Address: [EMAIL PROTECTED]
List Archives:  http://sourceforge.net/mailarchive/forum.php?forum_id)95
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users

Reply via email to