[Cialug] pop-before-smtp

David Champion dave at visionary.com
Wed Sep 28 18:30:16 CDT 2005


Anyone here running pop-before-smtp?

I think I have it all working correctly (the Perl version). Once I check 
my email via pop (actually, imap in this case) it writes an entry in the 
/etc/postfix/pop-before-smtp.db and then allows that IP address to relay 
email.

The main problem I see with this once one person authenticates, then in 
theory anyone could relay mail. So if I'm at a Starbuck's, and send an 
email, a spammer could in theory start using me as a relay. I tested 
this and I can send email from a different PC within my firewall once 
I've authenticated from my PC - since they both look like they're coming 
from the same IP address from the outside. I know this is being 
paranoid... but it would be pretty trivial to figure out using a packet 
sniffer.

The docs mention that the relaying is supposed to be open for only a 
"very short time". I don't see a mechanism for it to clear the records 
out of the hash db... maybe there's a time stamp in there too. When I 
did it, there was a minute or two between the authentication, and the 
"bogus" relaying that got thru.

-dc



More information about the Cialug mailing list