[wplug] double-authentication for IMAP and SMTP-AUTH
Bill Moran
wmoran at potentialtech.com
Tue Dec 14 09:02:42 EST 2004
Tom Rhodes <trhodes at FreeBSD.org> wrote:
> On Tue, 14 Dec 2004 08:44:29 -0500
> Bill Moran <wmoran at potentialtech.com> wrote:
>
> > Chris Romano <romano.chris at gmail.com> wrote:
> >
> > > I don't know if postfix has this option/patch or not but you can look
> > > look for a smtp-after-imap feature. I use qmail and there are patches
> > > that will allow relaying only after a successfull auth against imap or
> > > pop3. This way there is only one user/pass combo and you can use
> > > virtual users so there are no shell accounts.
> >
> > Just like pop-before-smtp, that sort of setup is succeptable to a race
> > condition that would allow unauthorized relaying. Those techniques are
> > basically a hack to make it work until SMTP AUTH was ready.
>
> Yea, but I think that the race condition is difficult to actually
> trigger. Besides, who, unless he/she is really pissed off about
> something, would want access to your mail server that bad?
Spammers are always looking for free relays.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
More information about the wplug
mailing list