[Mimedefang] Email injection and the android 'email' app
Les Mikesell
lesmikesell at gmail.com
Tue Mar 5 12:25:54 EST 2013
On Tue, Mar 5, 2013 at 2:00 AM, Andrzej A. Filip
<andrzej.filip at gmail.com> wrote:
> On 03/04/2013 06:30 PM, Dale Moore wrote:
>> [...]
>
> I would suggest combination of per "SMTP AUTH user" bounce settings
> (possibly with auto change) AND scripted scanning logs for offenders.
>
> I hope you are not going to use another option mentioned without very
> good reason/very hard pressure.
Yes, consider what would happen in the more typical scenario of the
authenticated 'submission host' server that you give out for your
users _not_ knowing the user list for the domain. It is the somewhat
accidental fact that yours does that triggers the problem, even if the
problem really is in the submitting application.
--
Les Mikesell
lesmikesell at gmail.com
More information about the MIMEDefang
mailing list