diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2016-12-07 10:18:06 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2016-12-07 10:18:06 -0200 |
| commit | bc2cf0b1052927f8b589e9e2a1f9251780e9e0f9 (patch) | |
| tree | 1bf249f946a960bc38f1239e4fbe7c6f5a7381aa | |
| parent | da63b146d91e351120f6de66bcebe91e6389f2f8 (diff) | |
| download | puppet-mail-bc2cf0b1052927f8b589e9e2a1f9251780e9e0f9.tar.gz puppet-mail-bc2cf0b1052927f8b589e9e2a1f9251780e9e0f9.tar.bz2 | |
Protects against roundcube mail() vulnerability
| -rw-r--r-- | templates/virtual/roundcube/config.inc.php.erb | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/templates/virtual/roundcube/config.inc.php.erb b/templates/virtual/roundcube/config.inc.php.erb index fa4ed41..3205d70 100644 --- a/templates/virtual/roundcube/config.inc.php.erb +++ b/templates/virtual/roundcube/config.inc.php.erb @@ -44,7 +44,8 @@ $config['default_host'] = 'localhost'; // %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part) // %z - IMAP domain (IMAP hostname without the first part) // For example %n = mail.domain.tld, %t = domain.tld -$config['smtp_server'] = ''; +// See https://blog.ripstech.com/2016/roundcube-command-execution-via-email/ +$config['smtp_server'] = 'localhost'; // SMTP port (default is 25; use 587 for STARTTLS or 465 for the // deprecated SSL over SMTP (aka SMTPS)) |