Ensim Oh SH*T!!!!!!!!!

On my system (on all sites) it seems users can create an alias to an existing mailbox by adding the email address as the alias. I first noticed this when I tried to set up an alias from a user account to my catch - all (admin) account and succeeded.

to clarify .. this is exactly what I do...

On one of my sites exists a user account fred@somedomain.com

I do not have any passwords to fred's user account but I have an account of my own snooper@somedomain.com

I enter my user panel (somedomain.com/user) and goto the mail option (email manager)

In the email manager I select add alias from the alias page

In the field I enter fred@somedomain.com and press save

message is... adding alias succeeded

That's it .. all mail going to fred's mailbox now comes to mine (snooper@somedomain.com)

and just to clarify ... yes fred@somedomain.com already existed.

I am assuming whatever protection prevents this from happening isn't working, however my expertise in ensim is null. If anyone can give me some suggestions in correcting the problem I would be extremely grateful.

 

 

 

 

Top