On Sat, 25 Jun 2011 06:03:04 -0400, Michael Scheidell wrote:
On 6/24/11 4:17 PM, Daniel McDonald wrote:
However, the webmail client is ignored in 3.3.2:
Jun 24 14:37:29.686 [23089] dbg: received-header: ignored
SquirrelMail injection:
41.206.11.5 (SquirrelMail authenticated user irivetti) by
webmail.unisalento.it with HTTP
interesting.. and I agree.
i say 3.3.2 is more stable in this terms as 3.3.1 was
if webmail user is not allowed to use apache why not let apache block
this ip ?
if sender is a known spammer blocking pr ip wont block him
countries plugin should NOT ignore
webmail/squirrellmail/owa, in fact, any source.
thats another problem then auth
maybe they feel that that line can be forged? (yes, they all can be),
or maybe they want to ignore 'authenticated user' lines, but they
shouldn't.
yes, good strong auth is NOT to trust localhost webmail clients at all,
so webmail like roundcube and others need to use sasl auth even if it
just connect to localhost
are there any problem left ?
does anyone in SA development know the reasoning behind this
decision? or is this a bug?
it was a bug in 3.3.1 and versions before 3.3.2, if i am wrong okay its
me :)
