I was just looking at some bounced mail headers and realized the username was listed in the "X-Authenticated-Id" header. Is that header necessary? Can I modify how it displays the sending user? Maybe md5 the username, so I could figure out who it was (if somebody was sending out spam, etc), but not have usernames displayed in plain text.
X-Authenticated-Id header revealing username?
- Thread starter TomJones
- Start date
SeLLeRoNe
Super Moderator
Is totally normal in DA that the e-mail address is the username, and i think that this is actually useful, it did help me a lot to narrow down who was the user sending spam to block (change password) on compromised account.
I would actually prefer to keep it, maybe would be nice enough to change the header name to something less "clear", but i would definetely keep it for investigations.
If anyone have a username (and it is always/most-of-the-time the email address) doesn't mean the account is compromised at all, all gmail/hotmail/yahoo/whatever email address are actually the username... You still need to protect your server for DDoS attacks.
Regards
I would actually prefer to keep it, maybe would be nice enough to change the header name to something less "clear", but i would definetely keep it for investigations.
If anyone have a username (and it is always/most-of-the-time the email address) doesn't mean the account is compromised at all, all gmail/hotmail/yahoo/whatever email address are actually the username... You still need to protect your server for DDoS attacks.
Regards