[wplug] double-authentication for IMAP and SMTP-AUTH
Tom Rhodes
trhodes at FreeBSD.org
Tue Dec 14 08:48:33 EST 2004
On Tue, 14 Dec 2004 08:44:29 -0500
Bill Moran <wmoran at potentialtech.com> wrote:
> Chris Romano <romano.chris at gmail.com> wrote:
>
> > I don't know if postfix has this option/patch or not but you can look
> > look for a smtp-after-imap feature. I use qmail and there are patches
> > that will allow relaying only after a successfull auth against imap or
> > pop3. This way there is only one user/pass combo and you can use
> > virtual users so there are no shell accounts.
>
> Just like pop-before-smtp, that sort of setup is succeptable to a race
> condition that would allow unauthorized relaying. Those techniques are
> basically a hack to make it work until SMTP AUTH was ready.
Yea, but I think that the race condition is difficult to actually
trigger. Besides, who, unless he/she is really pissed off about
something, would want access to your mail server that bad?
--
Tom Rhodes
More information about the wplug
mailing list