We had a pen test performed on our external facing hosts and the Djigzo appliance (2.4.0.3) had a finding where the internal IP address was disclosed by performing a HTTP 1.0 GET request (redirect response link show's IP rather than hostname). Do you have any guidance on how to set the response to return the hostname?
Thanks On Thu, Jan 3, 2013 at 5:34 PM, Martijn Brinkers <[email protected]> wrote: > On 01/03/2013 11:25 PM, AG wrote: > > Thanks for your reply. I got it working. I had to delete few lines in MTA > > Raw config. I've another query regarding pdf encryption using random > password > > generation. Presently, there is an option to send the password to the > sender. Is > > it possible to send it to the recipient also? My only concern is the > additional > > step a sender has to take to deliver a message to the receiver. > > Although you might get this behaviour by modifying the config.xml file > (which contains all the mail handling rules), sending the password to > the recipient by email kind of defeats the purpose of encryption since > the email with the password will be sent by plain text. > > I suggest you try the One Time Password (OTP) mode first to see whether > that is an acceptable procedure. The OTP mode is in my view a good > trade-of between security and ease of use. > > Kind regards > > Martijn Brinkers > > -- > DJIGZO email encryption > _______________________________________________ > Users mailing list > [email protected] > http://lists.djigzo.com/lists/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.djigzo.com/lists/listinfo/users
