• We value your experience with Plesk during 2025
    Plesk strives to perform even better in 2026. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2025.
    Please take this short survey:
    https://survey.webpros.com/

Whitelist 127.0.0.1/32 Send mail from bogum mail adresses

K

knocx

Guest
Whitelist 127.0.0.1/32 and clients can send mail from bogusmail adresses

Hello;

on client php scripts we observe that people can send mail from forged mail adressess, since 127.0.0.1 is in whitelist

i.e a message from user@gmail.com to user@hotmail.com is relayed where user@gmail.com is a forged originator

or from support@paypal.com

since this is a serious security issue and hard to catch is there a way to restrict this action?

i donts understand why is Qmail relaying user@gmail.com, it shouldnt be allowed , by logic relay allowance priority should be based on "allowed hosts" rather than the trusted IP(127.0.0.1)... am i wrong? ...however it works the opposite.

any ideas / suggestions will be great

thanks
knocx
 
You must log in or register to reply here.

Similar threads

M
Issue Sending Email from a subdomain - Relay Access Denied
Replies
6
Views
823
MHC_1
M
M
Question Accessing to mail (send & receive) only from one country
Replies
1
Views
1K
Kaspar@Plesk
Kaspar@Plesk
D
Issue Spoofed Emails Appearing as Sent from My Own Server Despite Correct SPF/DKIM/DMARC Configuration?
Replies
2
Views
3K
drdna
D
W
Issue Mail forwarded on the server in the target mailbox is delivered to the SPAM folder
Replies
0
Views
2K
W4ru
W
P
Issue SPF error sending IP 127.0.0.1
Replies
10
Views
5K
MrZuru
M
Back
Top