On Thu, Jan 04, 2001 at 04:20:18PM +0100, gianpaolo racca wrote:
> I tried pop-before-smtp and it works. *but* what if an address get validated
> and added to the database, and after another dial-up user (that I don't know)
> connect whith the same ip? (it's a remote possibility, but I'm curious).
> Maybe every trusted address has an (how long is?) expire time?
This has been answered (there is always ip address expire time),
but I would like to describe our past solution to the problem.

In the sendmail times we had pop-before-smtp implementation that
authorized not only IP address but also the POP user.
User's "MAIL FROM" address was checked agains the POP database.
MAIL FROM address was resolved with excelent Jan Krueger's check_local
rulesets (including aliases and virtual addresses). If the given address
was not the e-mail address of our local user (equal to login given in
POP database), relaying message was denied.

Then if someone receives the IP address of the previously athenticated
POP-before-SMTP connection, then he/she needs to know not only the IP
address of the halfopen-relay-server but also e-mail address of the
previous mail reader.

In practice this worked ok untill more complicated virtual address
settings has been adopted. After that there was better alternative
- postfix with SMTP AUTH, and now we are using simple pop-before-smtp
with SMTP AUTH.

-- 
Piotr Klaban

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]