----- Original Message ----- From: "Tomas Kuliavas" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 11, 2004 9:23 AM
Subject: Re: [SM-USERS] hiding auth user in mail header
Hi!
Instead of removing the username value, we replaced it by the email value.
Just edit the file /usr/share/squirrelmail/class/deliver/Deliver.class.php and replace the line $header[] = " (SquirrelMail authenticated user $username)" . $rn; by $header[] = ' (SquirrelMail authenticated user ' . $rfc822_header->getAddr_s('from',',',true) . ')'. $rn;
username can't be forged. email can be. If you have left default identity settings and users can set their email addresses, you as admin can be screwed. SquirrelMail allows modifying email addresses by default.
Good point,
We also denied identity changes from user
You need to execute the following: /usr/share/squirrelmail/config/conf.pl general options + allow editing of identity + reply 'no' to the next two questions
Eddy
------------------------------------------------------- This SF.Net email is sponsored by: Sybase ASE Linux Express Edition - download now for FREE LinuxWorld Reader's Choice Award Winner for best database on Linux. http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [EMAIL PROTECTED] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
