[Cialug] pop-before-smtp

Jerry Weida jweida at gmail.com
Wed Sep 28 19:56:04 CDT 2005


I had setup SMTP-AUTH before on FreeBSD.  I prefer that method just
because of the reason that you stated.


On 9/28/05, David Champion <dave at visionary.com> wrote:
> Anyone here running pop-before-smtp?
>
> I think I have it all working correctly (the Perl version). Once I check
> my email via pop (actually, imap in this case) it writes an entry in the
> /etc/postfix/pop-before-smtp.db and then allows that IP address to relay
> email.
>
> The main problem I see with this once one person authenticates, then in
> theory anyone could relay mail. So if I'm at a Starbuck's, and send an
> email, a spammer could in theory start using me as a relay. I tested
> this and I can send email from a different PC within my firewall once
> I've authenticated from my PC - since they both look like they're coming
> from the same IP address from the outside. I know this is being
> paranoid... but it would be pretty trivial to figure out using a packet
> sniffer.
>
> The docs mention that the relaying is supposed to be open for only a
> "very short time". I don't see a mechanism for it to clear the records
> out of the hash db... maybe there's a time stamp in there too. When I
> did it, there was a minute or two between the authentication, and the
> "bogus" relaying that got thru.
>
> -dc
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list