[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POP/IMAP before SMTP
> Hi all,
> Has anyone implemented POP/IMAP before IMAP with ZMailer smtpserver using the
> policy filtering? How it works: everytime someone successfully enters a
> correct userid/passwd to POP/IMAP server, the IP address of remote client
> is logged in a .db file together with a timestamp. The database will then
> serve as a list of IP addresses that are allowed to perform an SMTP relay by
> the smtpserver. A background process is used to expire addresses from
> the database as their validity runs out, say 15mins.
> Will it possible for smtpserver to reread smtp-policy database file without
> any racing problem for frequent modification, say per 30 second?
I think this needs ANOTHER server and protocol (an easy one, but
another anyway) for it.
POP/IMAP sends registration info to this server S, and SMTP
queries the server for valid data. The server can do data
invalidation all by itself.
In all cases that data is advisory only, you can't truly rely
on it to be of any real worth for authenticating the SMTP session.
[Sonera Corp. Internet messaging services hat on]
Questions/comments I have are related on:
- We have disjoint SMTP and POP servers (multiple each)
- Our Port 110 "POP"-servers are actually proxies which
just take user's login-id, and look up our backend database
for the real server to which they then connect (and feed
the user specified username to it.) After the connect
that proxy just moves bytes between user's and server's
sockets without looking into possible meanings inside
- The real POP-servers have NO idea, where from the connection
came. The POP-Proxy does NOT know wether or not the POP-
login authentication has been successfull, thus it can neither
do the logging... (Sure, we could add to the POP-protocol in
between proxy and the real server an info entry telling where
from the proxy got its connection -- but those real servers
are reachable from anywhere in the world too.. Ok, a TCP-
wrapper could help there.)
> Is anyone actual implementing such for avoid anonymous mail submission?
To a degree it could diminish problems related to anonymous
email submission. Another approach COULD be use of SSL to
authenticate the session, and perhaps the user, but there
is no client support, as far as I know.
I really would like to know what MS-Exchange 5.X means with
It definitely does not mean same thing as current IETF draft
about authenticated SMTP sessions.
(But then, it means there exists client support for it..)
Any approach we use must have changes of having client support
available. Preferrably something that can be gotten to work
with simple instructions with software that people have had
for ages in their Windows boxes. (I mean, like for past year..)
Do remember that the average computer skills of people using
email these days approach zero, nothing fancy should be needed.
(Reports from our helpdesk seem to point towards an observation
that although we have gotten lots of new customers, the SUM
of skill level has not increased noticeably :-( Although the
initial customer group had wizards among them, those are already
working in our offices..)
> Lai Yiu Fai | Tel.: (852) 2358-6202
> Centre of Computing Services | Fax.: (852) 2358-0967
> & Telecommunications | E-mail: email@example.com
/Matti Aarnio <firstname.lastname@example.org>