Topic: Identity forging using roundcube
I find that one is able to create an alternate identity using roundcube. This is done without any verification and allows a user to send a mail using any email address. For instance if the valid mailserver user is firstname.lastname@example.org, he can add an identity stating email@example.com and send an email using the same.
The issue I think is on the mailserver side, that should not accept mails from any other user other than firstname.lastname@example.org. Is there some configuration somewhere where we could limit or restrict this.
I am using the lates iredmail server.
Thanks in anticipation.
- Urgent issue? Pay iRedMail developer to solve it remotely at $39.