著者: 韓家標 Bill Hacker 日付: To: exim users 題目: Re: [exim] POP3 authentication
Pablo Baldovi wrote: > Hello,
> I have a question for them.
> It happens that the configuration that authenticates the user with a good connection on POP3, when done in an organization, malicious anyonecan after a successful connection, change the configuration of your mail client and send mail as another person correct.
> Is there any way to fix this in a shared environment? (I hired a shared hosting plan)
>
> Thank you very much for your comments.
>
>
> Pablo Baldovi
> pbaldovi@???
>
>
>
SMTP auth based on prior successful POP (or IMAP) auth WAS a
'convenience' for admin setup's sake. I never liked it, went to
independent auth (and credentials, FWIW) 'many moons ago'.
YMMV.
But NEITHER is any assurance that, for example, any WinLuser's MUA won't
get compromised - thereby handing-over either/both sets of credentials.
From time to time, they most assuredly WILL do.
You just have to take steps to watch for the signs of that and have a
rapid means of fixing it.