[BlueOnyx:00776] Re: FW: Squirrelmail wont capture default username

[Michael Stauber]

Hi Rodrigo,

> The thing is that you have to go into the OPTIONS - USER PREFERENCES
> SECTION - and fill In the email address so emails are sent out properly.
>
> This behaviour should be Automatic ---.

Sorry, I don't think so. You have to take into account that a site may not 
always be named www.site.com and there could be legitimate cases where you 
have something like ...

host1.site1.com
host2.site1.com
host3.site1.com

.. and so on. All of them with their own email accounts and their own webmail 
users. So automatically shortening it for everyone to user at site1.com doesn't 
cut it. Even if it were technically feasible with a lot extra coding - which 
it really isn't.

> (and somene might impersonate another email account on the server just by
> writing here another email account - kind of a security issue here.

Which you have with any webmail program. With RoundCube and OpenWebmail users 
could also fake the sender address, same as they can do with PHP or Perl 
scripts hosted in their own webspace. However, this can be traced by checking 
either the email headers and/or the server logs, which should give some very 
solid hints about the real sender.

-- 
With best regards

Michael Stauber