Hi,

is there a way to prevent users use other domains that their own with neomail?

ie.
user1 resists on domain1, while user2 is on domain2
if user1 checks into neomail using www.domain2.com/neomail he's sending as user1@domain2.com

Thx!

If user1 is not setup on the other domain as a user they can not access any account on that domain including neomail

not true............... you can use your only user login on someone elses domain! There is no checking from Neomail that you belong to this domain.......

so then;

you have two domains on your Raq say domain1.com with user1 and domain2.com with user2.......

user2 could login to domain1.com/neomail and
user1 could login to domain2.com/neomail

this works I have tryed it!

so, what can we do to fix this ?

This is really a non issue. While it seems highly insecure, the truth is the exact same thing can be accomplished by changing the 'from" address in the customer's mail client.

Keep in mind, though the user on domain1 could appear to send a message from domain2, there's no way for the user to retrieve mail addressed to domain2.

Nothing to worry about, IMHO.

There are some mods at this page which may help...

http://www.obantec.net/services/neomail/neomod.html