Univention Bugzilla – Bug 55440
Forward emails should not happen for a disabled account
Last modified: 2022-11-18 16:24:50 CET
In our setup most internal users have an automatic forwarding of their EMails to an external EMAil-Provider. (This is done to bypass local-site connection and use teh EMailhosting from anywhere in the Internet). TO archive this each user has his corresponding EMail-Hosting address setup in User-account --> advanced settings --> MAil --> Forward email address (https://docs.software-univention.de/manual/5.0/en/mail/management.html#assignment-of-email-addresses-to-users). Recently I disabled some user-accounts in UCS and also at EMail-hosing. As some internal services still address these disabled UCS-users I got some bounces from EMAil-hosting. So EMAil are still forwarded, even the user is disabled. This seems unintended, AS this way information might get leaked. When forwarding to a not company-controlled EMail-hosting, the use will be able to receive EMAils (used by services, existing EMail-threads or directly) addressed to him on the forwarded address. I expect that no emails are forwarded for disabled / locked accounts.
In a 1 countermeasure, I manually checked all disabled accounts and removed forward-address