[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] neomail on RAQ02

Subject: Re: [cobalt-security] neomail on RAQ02
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Mon, 26 Nov 2001 15:56:59 -0800
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Taco Scargo wrote:

> > However, his return address will STILL be hisname@xxxxxxxxx on any email
> > he sends out.
> No, that is actually the issue people have: any valid user on a RaQ can login to
> the neomail of another site and hit the preferences button and send out e-mails
> using the other site's domain.

Okay, I just saw this behavior.  I don't remember seeing it on Friday
when I wrote my reply, but I see it now.

> The only issue I agree on, is that users could
> login to other site's neomail and download their mail, and therefore not get
> charged the bandwidth. This is the only real valid issue.

And I'll add that without major custom programming this is something
we'll have to live with, and it's behavior that's NOT specific to the
RaQs but pretty much to any linux implementation.

here's the sort of customization I'm thinking of...

Use a different list besides passwd to keep the login information, and
make it specific to the domain.

Build a different mailbox directory (perhaps one for each domain on
which you want webmail active), and then setup procmail with a rule to
deliver email to the new directory based on wildcard forwarding on a
perdomain basis.

Doable... but needs some work.  I've decided to not bother with it this
time <smile>.

> But I did create the neomail package and added a lot of changes so it would
> support multiple domains and multiple architectures. As the maintainer of the
> package I do think it is my issue.

Okay, so do you want to do the work I outlined above <smile>?

> > Are you considering making your own patch?  I'd like that
> Yes, but not this week. (This does not imply it is ready NEXT week ;) )...

Aw... I was hoping <smile>.

What do you think of my idea?  Using it, mail has nothing to do with
users (i.e., you don't have to give someone personal website space to
give them email), you can let users add their own webmail accounts
(similar to the way majordomo works to add recipients), and you don't
have to give webmail to everyone/every domain.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA  92517
voice: (909) 778-9980  *  fax: (702) 548-9484

Follow-Ups:
- Re: [cobalt-security] neomail on RAQ02
  - From: Jamie Martino
- Re: [cobalt-security] neomail on RAQ02
  - From: Jeff Lasman
- RE: [cobalt-security] neomail on RAQ02
  - From: Matthew Nuzum

References:
- Re: [cobalt-security] neomail on RAQ02
  - From: Taco Scargo

Prev by Date: Re: [cobalt-security] SSH
Next by Date: Re: [cobalt-security] Fw: Vendors For WU-FTPD Please Read
Previous by thread: Re: [cobalt-security] neomail on RAQ02
Next by thread: Re: [cobalt-security] neomail on RAQ02

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index