1 Topic by dawid

  • dawid
  • Member
  • Offline
  • Registered: 2018-02-27
  • Posts: 1

Topic: ALLOWED_LOGIN_MISMATCH_SENDERS secure ?

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.7
- Linux/BSD distribution name and version:  CENTOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): APACHE
- Manage mail accounts with iRedAdmin-Pro? NO
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====


Hello,

I my domain i have some email like support@mydomain.com with are shared between users as public mailbox (https://docs.iredmail.org/public.folder.html)
For some users i introduced sending  emails as support@mydomain.com
by setup https://docs.iredmail.org/allow.certain … .user.html
Everything works fine, but now every one who exist in array ALLOWED_LOGIN_MISMATCH_SENDERS
can send email as any in my domain. 
Is there any possibility to secure this ?
I would like to be sure that every authorized user will be able to send email only as support@mydomain.com


Regards,
Dawid

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,770

Re: ALLOWED_LOGIN_MISMATCH_SENDERS secure ?

dawid wrote:

I would like to be sure that every authorized user will be able to send email only as support@mydomain.com

Unfortunately, no.

Currently it supports only "enable for all", or "disable completely".