Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > Applications > Major Mail.app IMAP Bug

Major Mail.app IMAP Bug
Thread Tools
mrl14
Junior Member
Join Date: Nov 1999
Status: Offline
Reply With Quote
Jun 3, 2003, 05:19 PM
 
I've been using Mail.app with an IMAP account for some time and always wondered why it basically loaded the entire folder structure of my web site into its folders.

Anyhow, today I finally decided to investigate, and what I found was very disturbing. I have given various people email accounts with my domain and I had complete (ie. no password) access to these accounts. they were sitting their in my folder structure and I could view the entire messages.

To me this is a huge bug. It doesn't happen in Outlook or entorouge on Mac or PC. Now I would also point out that the accout I am using is the main/default account created with the web site, and I have yet to verify how Mail handles IMAP for the extra email accounts I create, but nonetheless this is a huge security hole.

anyone confirm? agree? disagree?
Get FREE software, legally

http://www.trybeta.com
     
suthercd
Senior User
Join Date: Oct 2000
Location: Midwest
Status: Offline
Reply With Quote
Jun 3, 2003, 06:08 PM
 
Need some info to comment. What server handles your IMAP account? What email server have you used to give people their own accounts? How was the security configured? What web site do you refer to in your posting?

Craig
     
crazysprocket
Fresh-Faced Recruit
Join Date: Sep 2000
Location: Allen, TX
Status: Offline
Reply With Quote
Jun 3, 2003, 06:51 PM
 
This sounds very much like what happens when you connect to Mac OS X Server on the IMAP admin port. Check to make sure you are using the default IMAP port (143).
     
Tsilou B.
Senior User
Join Date: May 2002
Location: Austria
Status: Offline
Reply With Quote
Jun 4, 2003, 08:31 AM
 
That cannot be a Mail.app problem. The server has to prevent email clients from accessing other people's mailboxes. If it was the task of the client, someone could easily "hack" that functionality out and have access to all mailboxes.
So your server must be misconfigured or, as someone suggested, you connect to the admin port.
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 02:31 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,