[Cialug] pop-before-smtp

Jon Clemons clemdog at marshallnet.com
Wed Sep 28 20:40:26 CDT 2005 

And if you want some setup documentation on it try

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_tls_support.html



----- Original Message ----- 
From: "Tom Pohl" <tom at tcpconsulting.com>
To: "Central Iowa Linux Users Group" <cialug at cialug.org>
Sent: Wednesday, September 28, 2005 8:26 PM
Subject: Re: [Cialug] pop-before-smtp


>I use it and agree, yes, you are being paranoid.  In my setup (qmail  with 
>vpopmail), the entry lasts for 60 minutes and yes, everyone from  behind 
>that IP can theoretically relay through your SMTP server.
>
> While you're being paranoid, you should use a VPN connection to  another 
> network so you're coming from a different IP and because you  don't want 
> the guy with the sniffer to know you're using POP3 without  SSL :)
>
> -Tom
>
>
> On Sep 28, 2005, at 6:30 PM, David Champion wrote:
>
>> Anyone here running pop-before-smtp?
>>
>> I think I have it all working correctly (the Perl version). Once I  check 
>> my email via pop (actually, imap in this case) it writes an  entry in the 
>> /etc/postfix/pop-before-smtp.db and then allows that  IP address to relay 
>> email.
>>
>> The main problem I see with this once one person authenticates,  then in 
>> theory anyone could relay mail. So if I'm at a Starbuck's,  and send an 
>> email, a spammer could in theory start using me as a  relay. I tested 
>> this and I can send email from a different PC  within my firewall once 
>> I've authenticated from my PC - since they  both look like they're coming 
>> from the same IP address from the  outside. I know this is being 
>> paranoid... but it would be pretty  trivial to figure out using a packet 
>> sniffer.
>>
>> The docs mention that the relaying is supposed to be open for only  a 
>> "very short time". I don't see a mechanism for it to clear the  records 
>> out of the hash db... maybe there's a time stamp in there  too. When I 
>> did it, there was a minute or two between the  authentication, and the 
>> "bogus" relaying that got thru.
>>
>> -dc
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>

More information about the Cialug mailing list