Hey Peter,

Monday, June 04, 2001, 5:25:47 PM, you wrote:

PH> this problem occurs:

PH> after a user is "authenticated", it is possible for him to send mail
PH> with any account name, so everybody after popping succesfully could send
PH> mail as e.g. rootmachine.com or bobby could send as bossbigcompany.com
PH> ... ok, that´s no wonder, because the script, as I understand it, just
PH> checks for ip-addresses.

This is not a problem as you put it. It's the way it's supposed to work. It's
fast and simple. If you can't trust your users to Do the Right Thing, then you
can always check your logs afterwards and see who had relay access at that time.

PH> That´s also a bad idea for people living behind
PH> a proxy... do I really have to enable my whole department to send mail
PH> via my account just because we´re using the same gateway?

PH> Wouldn´t it be better to check usernames also?

That would require a hell of a lot more resources, and inner knowledge of how
the mailboxes are set up. It's just impractical.

PH> And how to put this together with postfix to check not only for
PH> ip-adresss but also that from-address matches the pop-user-id?
PH> (something with smtpd_sender_restrictions should be the way?)

PH> I am new to this and I may be wrong!

PH> I haved hacked one or two little perl scrips, but I do not feel in state
PH> of solving this myself - in fact I wonder that there is not a readymade
PH> solution for such everyday-situations like pop-before-smtp - no wonder
PH> spammers have easy life...

PH> Please, could anybody give me a hint in how to build a pop-before-smtp
PH> solution that is as reliable and secure as postfix itself? I mean, why
PH> do you use a secure mailer if you patch something around it, that makes
PH> it unsecure?

I'm no mail guru, but I can't think of a viable way of doing this. SMTP
provides no means of checking that you are who you say you are. It provides
relay or no relay. Nor does SMTP really care about domain names. You're asking
for a massive bridging of data between IMAP/POP and SMTP, and doing user lookups
on that, if possible, would be agonizingly slow.

PH> Is there a solution that plays well with postfix, that can handle all
PH> situations needed with virtual hosting, roaming users?

Recall that these are your users. you're not just opening up an open relay.
Part of being a mail administrator is dealing with your users. If they give you
crap, revoke email privileges if necessary. Also note, this is not just a
pop-before-smtp issue. You could spoof the From: address on any machine that
has relay access (try it from your local machine with "mail" if you'd like).

PH> thank you very much for your attention,
PH> Peter

--Kevin

-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]