Hello,
I run Cyrus-IMAPD 2.4.17 with many virtual domains:
virtdomains: userid
I configured a domain administrator:
admins: admin@xxxxxxxxxxx
With this account I can LIST all accounts in example.com domain only, as
expected.
Let suppose the Cyrus-IMAPD server stores also accounts for other
domains, such as example2.com domain.
Well, I see that I can SASL PLAIN login using admin@xxxxxxxxxxx on
example2.com accounts too, if I know their names. I can't understand why
this could happen. It seems a security issue.
Is there a way to prevent this issue without modifying ACL on all accounts?
Thank you
Marco
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
