|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: the purpose of smtpd_sasl_authenticated_header
From: Udo Rader (udo.rader
bestsolution.at)
Date: Fri May 05 2006 - 04:15:00 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 2006-05-03 at 23:58 +0200, mouss wrote:
> Udo Rader wrote:
> > Hi,
> >
> > as we are currently testing 2.3 I would like to know the rationale
> > behind smtpd_sasl_authenticated_header.
> >
> > On one hand I find the flag useful for tracing purposes, but on the
> > other hand I already see hordes of script kiddies/spammers harvesting
> > the login names for brute force attacks.
> >
> > So what's the idea behind it?
> >
> some cases where this is ok:
>
> - if login = email address (many virtual users setups), then there is no
> problem including the login.
>
> - if you have different instances/servers handling inbound and outbound
> mail, you can enable the header for inbound mail only.
>
> - if you use a content filter, you can enable it, use it in the content
> filter (SA can use it), and then remove it either in a custom filter or
> using REPLACE after the filter.
>
> This header allows you to use a single filter (with a single port) but
> still distinguish between auth'ed users and others. This may be handy if
> you need this deeper in a daisy chain or at delivery time (as designing
> completely separate paths may not be desirable).
thanks for explaining, Mouss, now this seams perfectly reasonable to
me.
Udo Rader
--
bestsolution.at EDV Systemhaus GmbH
http://www.bestsolution.at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQBEWxeUuhFd84GLxP8RAgzpAJ9wUE48FqNe7o+gwXF9SHhDkHBNoACffOk0
rw4nG/olUO0VCQhYcA/7Qjk=
=5EN1
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]