General discussion on installation and configuration of SOGo

Text archives Help


[SOGo] active security issue ? still alaluating sogo


Chronological Thread 
  • From: "\"sg gs\"" ( ) < >
  • To:
  • Subject: [SOGo] active security issue ? still alaluating sogo
  • Date: Mon, 25 Jul 2016 17:33:36 +0200
  • Dmarc-filter: OpenDMARC Filter v1.2.0 mail.inverse.ca 778DD1186055
  • Importance: normal
  • Sensitivity: Normal

hi,
 
becuse native mapi seems to be not really usable at the moment, i had a look at activesync.
 
- using outlook2016 (windows10) i created an activesync profile for an existing sogo account without saving the password
- looged in and could see mails and send mails to other users
- logged out
- logged in again misstyping the password - no error, no warning, i could not see new emails but send email in the name of the specified user
- logged out
- logged in and entered another username and no password - no error, no warning, i could not receive emails but send emails in the name of the specified user
 
it turned out that it is possible to send mail from any user just by specifying the username and not entering any (or a wrong) password.
 
is there anything i missed in the server settings? what can i do to prevent this security-related behaviour?
 
sggs



Archive powered by MHonArc 2.6.18.

Top of page