[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] neomail on RAQ02
- Subject: Re: [cobalt-security] neomail on RAQ02
- From: Taco Scargo <Taco.Scargo@xxxxxxx>
- Date: Mon, 26 Nov 2001 10:06:57 +0100 (MET)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Jeff,
> I see it as a bit more serious than that, Taco...
>
> I've got two sites on my RaQ... www.site1.com and www.site2.com.
>
> If a user with an account on site1.com logs into his account at
> site2.com, he'll be able to log in successfully, and he'll still see his
> mailboxes, etc. So he may _think_ he's got an account site2.com.
He's a bit brainless then, but anyway ...
> However, his return address will STILL be hisname@xxxxxxxxx on any email
> he sends out.
No, that is actually the issue people have: any valid user on a RaQ can login to
the neomail of another site and hit the preferences button and send out e-mails
using the other site's domain. Again: neomail should be seen as a mailclient.
Any mailclient can be configured to send out messages with any domain. Hence I
still think this is a non-issue. The only issue I agree on, is that users could
login to other site's neomail and download their mail, and therefore not get
charged the bandwidth. This is the only real valid issue.
> So slightly different, and slightly more serious (imho) than you seem to
> think.
Again, I don't see the problem. But I am open to any education ;)
> Hmmmm.... this really isn't _your_ issue, Taco, since you didn't write
> neomail.
But I did create the neomail package and added a lot of changes so it would
support multiple domains and multiple architectures. As the maintainer of the
package I do think it is my issue.
> Does the available "isp" patch fix this problem? I don't think so.
I don't think so.
> Are you considering making your own patch? I'd like that
Yes, but not this week. (This does not imply it is ready NEXT week ;) )...
With regards,
Taco Scargo
Professional Services Manager, EMEA
Sun Microsystems Tel. +31 (71) 565 7021
Sun Cobalt Server Appliances taco.scargo@xxxxxxx