|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Carsten Blume (cblume_at_mpmail.net)
Date: Thu Jan 23 2003 - 03:10:37 CST
Hi folks,
On Wed, 2003-01-22 at 18:30, Michael M. Dienel wrote:
> Hi list,
>
> i have a question about the following problem i'm facing:
>
> I want to use a secure conection to my POP3-service and i'll be able to
> send mail via smtp. To prevent an open-relay mailserver i set up
> pop-before-smtp from http://popbsmtp.sourceforge.net. It is using
> /var/log/mail to update its IP-adress-database to verify access to smtp.
> Now i'm not shure about the right setup in xinetd.conf:
[xinetd.conf]
>
> Version 2 creates only access from 127.0.0.1 in /var/log/mail. This
> prevents pop-before-smtp from updating its database but all data is sent
> via an ssl connection to the server.
>
> Now my questions:
> Is data in version 1 also send via ssl or only some parts like userid
> and password or nothing? If nothing is send via ssl: How to configure
> stunnel to send the original ip-adress to /var/log/mail?
I dont think so, but:
What about using qpopper with inbuild SSL/TLS? Then an entry to
/var/log/mail looks like:
Jan 23 09:50:01 pop3host qpopper[9173]: (v4.0.4) TLSv1/SSLv3 handshake
with client at pop3host (333.333.333.3); new session-id; cipher: RC4-MD5
(RC4-MD5 SSLv3 Kx=RS A Au=RSA Enc=RC4(128) Mac=MD5 ), 128 bits
Jan 23 09:50:01 pop3host qpopper[9173]: Stats: user 0 0 3 19971
pop3client 333.333.333.4
Now your popbstmp should be able to parse these entries.
Greetings
Carsten
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to security
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]