Hi all,
I just tried the following:
on our server there are two domains:
foo.com
bar.com
Say, I am user at foo.com - e.g. [EMAIL PROTECTED] with a valid SMTP Auth password.
But say, I am mean and want to claim to be [EMAIL PROTECTED] I could simply
change my eMail-Address to [EMAIL PROTECTED], using the same valid SMTP
Auth password for [EMAIL PROTECTED] However, the recipient will believe
I am [EMAIL PROTECTED] . This is a security hazard, isn't it?
I noticed, that it is logged correctly into the smtp-log. But you can't
tell from the mail-headers, that the email originates from [EMAIL PROTECTED]
In the headers it says:
Received: from bar.com (111.222.111.33)
by ibis.city-map.de (62.116.140.188) with [XMail 1.3 (Linux/Ix86) ESMTP Server]
id <S2238> for <[EMAIL PROTECTED]> from <[EMAIL PROTECTED]>;
--
Mit freundlichem Gru�
Henrik Steffen
Gesch�ftsf�hrer
top concepts Internetmarketing GmbH
Am Steinkamp 7 - D-21684 Stade - Germany
--------------------------------------------------------
http://www.topconcepts.com Tel. +49 4141 991230
mail: [EMAIL PROTECTED] Fax. +49 4141 991233
--------------------------------------------------------
24h-Support Hotline: +49 1908 34697 (� 1.86/Min,topcon)
--------------------------------------------------------
System-Partner gesucht: http://www.franchise.city-map.de
--------------------------------------------------------
Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
--------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe xmail" in
the body of a message to [EMAIL PROTECTED]
For general help: send the line "help" in the body of a message to
[EMAIL PROTECTED]
