hi,
becuse native mapi seems to be not really usable at the moment, i had a look at activesync.
- using outlook2016 (windows10) i created an activesync profile for an existing sogo account without saving the password
- looged in and could see mails and send mails to other users
- logged out
- logged in again misstyping the password - no error, no warning, i could not see new emails but send email in the name of the specified user
- logged out
- logged in and entered another username and no password - no error, no warning, i could not receive emails but send emails in the name of the specified user
it turned out that it is possible to send mail from any user just by specifying the username and not entering any (or a wrong) password.
is there anything i missed in the server settings? what can i do to prevent this security-related behaviour?
sggs
--
users@sogo.nu
https://inverse.ca/sogo/lists
users@sogo.nu
https://inverse.ca/sogo/lists
