[Spambayes] [ spambayes-Feature Requests-698036 ] pop3proxy security

SourceForge.net noreply at sourceforge.net
Wed Mar 5 08:48:14 EST 2003


Feature Requests item #698036, was opened at 2003-03-05 09:41
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=498106&aid=698036&group_id=61702

Category: pop3proxy
Group: None
Status: Open
Priority: 5
Submitted By: Tim Stone (timstone4)
Assigned to: Tim Stone (timstone4)
Summary: pop3proxy security

Initial Comment:
Currently, there is no security on the pop3proxy, so anyone can 
access the user interface from any computer, given a web browser 
and knowledge of the ip address and port.  Even if you didn't know the 
port, figuring it out wouldn't necessarily be difficult.  This allows 
several operations that could be security problems, including 
reading at least the first couple hundred characters of each mail 
body.

It would seem that the correct solution is to 
implement a challenge/authentication on the pop3proxy http 
server.

----------------------------------------------------------------------

>Comment By: Skip Montanaro (montanaro)
Date: 2003-03-05 10:48

Message:
Logged In: YES 
user_id=44345

I don't think this is a problem.  Just tell the webserver to listen on "localhost"
or "127.0.0.1", or maybe even "".  Connections from remote hosts won't be accepted.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=498106&aid=698036&group_id=61702



More information about the Spambayes mailing list