Hi guys, we had a real big security issue.All users are given the posibility to change his identity and put there anything…!!!
The problem is that a user can chnage his Location document and puts blabla@domain.com in the internet address. By default, the server takes it as a primary address and ignores the internet addres that is stored in user’s person document. Using “RFC822 phrase handling” you can change the formating of the outgoing e-mail and partly recognize that the message is maipulated… Even the version 6 does not solve the problem. However there is a client synchronization management,anyway you can there allways use a short script and manipulate the address as well.
So what is the cause? There is a field named “INETFROM” in the outgoing message. This field will be processed and automatically accepted by the router, unles you filer this out. The filtering or baning of this field can be performed by MIME conversion. This MIME processing will be done prior the message is handeld out to the Router. And exactly this can be used in order to protect your system agains fake messages.
You should put following setting to the Configuration document - tab Mime/Advanced/Advanced outbound Options:
Add to the filed “Notes fields to be removed from headers:” the value “INetFrom”.
This is the only recomeded setting and works also in the version 6.x. In the Version 6 there is also one notes.ini parrameter, but you know -this debug flag may not be available in future version…
BTW. This setting has to be configured on every server,and of cource to take the change, the router has to be restarted.
That’s all
Enjoy it
Good luck
Mirek P.