Just came across a security issue with MDaemon mail server that has been informed to Alt-n and since rectified.

MDaemon has a locally installable client called ComAgent. You install ComAgent by logging in to your account from the web using world client and going to options / ComAgent  / download the ComAgent installer. Among other things this shows the number of messages in your mailboxes and alsolets you send instant messages and files to other logged in users. Clicking on a mailbox name takes you directly to your mail boxes using the web interface

The Problem

Using  ComAgent 10.0.5, any user logged in was not only seeing a list of all users, but also access their mail on the server by clicking the user name.

This was reported to  Alt-n technologies.

The Solution

The problem has since been fixed by Alt-n at their end.

If you are using MDaemon mail server you should check whether the problem exists in your setup immediately and if it does you should alert Alt-n or your service provider to fix it.