Tomas Kuliavas said: > In some cases this header is not security problem, but security feature. > If admin does not understand possible sender forging issues, removal of > authenticated header creates security problem in default squirrelmail > configuration.
Yes, I understand that. I am the administrator. However, it also creates a security and privacy issue, and in fact I have received spam to the address shown in this header even though that address is never used for receiving mail. (The login address is used solely for login.) I'd like to disable it, either systemwide or on a per-user basis. However, I'd prefer not to have to manually hack the code. I hope someone will provide this as an option in core or as a plugin. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click -- squirrelmail-users mailing list Posting Guidelines: http://squirrelmail.org/wiki/wiki.php?MailingListPostingGuidelines List Address: [email protected] List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
