[Cialug] pop-before-smtp
David Champion
dave at visionary.com
Wed Sep 28 18:30:16 CDT 2005
Anyone here running pop-before-smtp?
I think I have it all working correctly (the Perl version). Once I check
my email via pop (actually, imap in this case) it writes an entry in the
/etc/postfix/pop-before-smtp.db and then allows that IP address to relay
email.
The main problem I see with this once one person authenticates, then in
theory anyone could relay mail. So if I'm at a Starbuck's, and send an
email, a spammer could in theory start using me as a relay. I tested
this and I can send email from a different PC within my firewall once
I've authenticated from my PC - since they both look like they're coming
from the same IP address from the outside. I know this is being
paranoid... but it would be pretty trivial to figure out using a packet
sniffer.
The docs mention that the relaying is supposed to be open for only a
"very short time". I don't see a mechanism for it to clear the records
out of the hash db... maybe there's a time stamp in there too. When I
did it, there was a minute or two between the authentication, and the
"bogus" relaying that got thru.
-dc
More information about the Cialug
mailing list