> Hi!
>
> Instead of removing the username value, we replaced it by the email value.
>
> Just edit the file
> /usr/share/squirrelmail/class/deliver/Deliver.class.php
> and replace the line $header[] = " (SquirrelMail authenticated
> user $username)" . $rn;
> by $header[] = ' (SquirrelMail
> authenticated user ' .
> $rfc822_header->getAddr_s('from',',',true) . ')'. $rn;
username can't be forged. email can be. If you have left default identity
settings and users can set their email addresses, you as admin can be
screwed. SquirrelMail allows modifying email addresses by default.
--
Tomas
-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
--
squirrelmail-users mailing list
Posting Guidelines:
http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines
List Address: [EMAIL PROTECTED]
List Archives:
http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user
List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995
List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
