|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: the purpose of smtpd_sasl_authenticated_header
From: mouss (usebsd
free.fr)
Date: Wed May 03 2006 - 16:58:17 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Udo Rader wrote:
> Hi,
>
> as we are currently testing 2.3 I would like to know the rationale
> behind smtpd_sasl_authenticated_header.
>
> On one hand I find the flag useful for tracing purposes, but on the
> other hand I already see hordes of script kiddies/spammers harvesting
> the login names for brute force attacks.
>
> So what's the idea behind it?
>
some cases where this is ok:
- if login = email address (many virtual users setups), then there is no
problem including the login.
- if you have different instances/servers handling inbound and outbound
mail, you can enable the header for inbound mail only.
- if you use a content filter, you can enable it, use it in the content
filter (SA can use it), and then remove it either in a custom filter or
using REPLACE after the filter.
This header allows you to use a single filter (with a single port) but
still distinguish between auth'ed users and others. This may be handy if
you need this deeper in a daisy chain or at delivery time (as designing
completely separate paths may not be desirable).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]