Was hat wer getan? So wie ich das vestanden habe, hat @ggvienna hat zwei Sachen in einen Topf geworfen, die nichts miteinander zu tun haben.
Posts by f4Nm1Z9k2P
-
-
When a domain name associated with an MX RR is looked up and the associated data field obtained, the data field of that response MUST contain a domain name. That domain name, when queried, MUST return at least one address record (e.g., A or AAAA RR) that gives the IP address of the SMTP server to which the message should be directed.
-
denn viele verschicken Mails an mit einem Absender einer deiner Domains aber mit einem falschen Empfänger, sprich dein Server sagt Empfänger gibt es nicht retour und damit wird dein Server zum versenden missbraucht.
Ich verstehe nicht, was du damit sagen willst. Wenn jemand eine Adresse fälscht, hat das noch gar nichts damit zu tun, ob der zur Domain gehörende Server Spam versendet oder nicht!? Kommt eine Bounce Message an eine nicht existierende Adresse an, sendet ein ordentlich konfigurierter Server einen Error 500.
-
This is no problem, as the algorithm and salt are saved together with the hash inside the database.
-
So-so. I think, KDF need to Phpmyadmin autologin, but mail passwords should be full encryption, ex. SHA256/SHA512. Dovecot works perfectly with SHA512,and Courier with classic crypt.
All algorithms you mentioned are key derivation functions. Some are based on hash functions (SHA256, SHA512), crypt is based on DES. The thing they have in common is, that reversing is computationally expensive. Decryption is usually quite inexpensive, when you have the key.Anyway, there is no need to debate here. The passwords will be all encrypted in next i-MSCP Serie (auto-login will be removed or implemented using another method). We cannot do that in current serie because too much changes are involved in core.
Encrypted or hashed? -
I can't understand...Why don't use encryption?
The thing you mean is called a key derivation function (KDF )and usually has nothing to do with encryption.If someone can access the imscp database, this mean that the sql root password and/or Master i-MSCP SQL user is compromissed.
The problem with plain text password is, that most people don't do one of the following things
- Reuse passwords in different occasions
- Change passwords regularly
- Tell your customers that you have been hacked
- Know when your server has been hacked
- Keep important files where noone can access them
IMHO this issue should really be adressed in the not too distant future.
-
There's noting your can do with the MX Settings as you probably can't change the sender's domain settings.
You can either configure your google account to regulary fetch the mails from your server or implement SRS.
-
Even if your config worked, most email services wouldn't accept mails from home servers.
-
Es hat auch nichts mit i-MSCP zu tun, Nuxwin lässt das Paket trotzdem ab der nächsten Version vom Installer löschen.
-
IMHO this isn't i-MSCP related and there could be some cases, where mDNS functionality is useful (local installations, home servers behind NAT).