Nipun Jain wrote: > This is with regard to the spoofed mail problem I had posted earlier. I > have (after getting my hosting account re enabled) found that if you set > your email id to an existing email at your domain, then you can easily > spoof your emails as coming from that id. This however is not true for > email ids that don't exist on your domain or are outside your domain. > > So a simple solution would be to disable the E-mail text field in the > Identity section of Roundcube. Can anyone guide me as how to accomplish > the same?
This has to be done in function rcube_identity_form() within program/steps/settings/edit_identitiy.inc. Just remove some fields from the $a_show_cols array. I would also suggest to remove these fields from the $a_save_cols array in save_identitiy.inc > > I know it would still be possible to send such spoofed mails using an > email client but most of my users only use webmail, and so I want this > spoofing to be not possible through webmail. I'll think about some configuration parameters or skin settings letting the admin disable some fields form the identities form. Regards, Thomas
