Citeren mic...@casa.co.cu:
Thanks for respond my email , tomorrow i will send a email to all my
users in the system for change his passwords for precautions , but
until yesterday the hacker use in the line "from" emails address
that ever exist in my active directory.
I have spf in my dns.
That may only help against others illegally using *your* domain on
*their* MTA. Not for people illegally using your *MTA* with *their
domain.
so how i can send email truth horde webmail when the email address
don't exists?
Only relay mail when the sender is SASL authenticated to Postfix *and*
is allowed to use the sender address. This drastically limits what
people can do when an user account is compromised and also will
quickly tell you which one if it ever happens.
how make this , if no possible that horde have a possible security
breach, a bug?
This isn't a Horde security problem and/or bug. You should harden your
MTA to prevent this.
Best regards, Arjen
--
IMP mailing list - Join the hunt: http://horde.org/bounties/#imp
Frequently Asked Questions: http://horde.org/faq/
To unsubscribe, mail: imp-unsubscr...@lists.horde.org
