This is something for after the 1.0 release but I think it's important and I'm going to try to figure out how to make it happen. I'd like to see some way to pass outgoing email from Thunderbird back to dovecot through some new command that we would have to make up. Email would be sent back over the IMAP connection and when Dovecot gets it dovecot would hand it off to an SMTP server that would deliver it. If a crude experimental spec can be written I'll try to find someone on the Thunderbird side to write some sort of module to talk to it. The reason for this is that I think that the elimination of SMTP from the client is a big step to control spam. The idea being that if IMAP can transfer outgoing mail the SMTP wouldn't be necessary for clients and we can block port 25 on windows machines and viruses can't send email. And the virus wouldn't have access to the IMAP password so viruses can't authenticate to send mail. So - the key question is - what would it take to create an outgoing spec for sending email over IMAP? Like to see something clean and simple.
also sprach Marc Perkel <marc at perkel.com> [2006.11.02.2343 +0100]:> This is something for after the 1.0 release but I think it's important > and I'm going to try to figure out how to make it happen. I'd like to > see some way to pass outgoing email from Thunderbird back to dovecot > through some new command that we would have to make up. Email would be > sent back over the IMAP connection and when Dovecot gets it dovecot > would hand it off to an SMTP server that would deliver it.FWIW, courier already allows this by way of a special folder. You configure Thunderbird to send mail to the discard port, or using e.g. /bin/true, and to store a copy of sent mail in the .outgoing folder. The courier mail server then takes all messages in this folder and sends them on. No module required on the client side, no protocol modifications. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck spamtraps: madduck.bogus at madduck.net "you don't sew with a fork, so i see no reason to eat with knitting needles." -- miss piggy, on eating chinese food -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature (GPG/PGP) Url : http://dovecot.org/pipermail/dovecot/attachments/20061102/a1265310/attachment.pgp
On Thu, 2006-11-02 at 14:43 -0800, Marc Perkel wrote:> The reason for this is that I think that the elimination of SMTP from > the client is a big step to control spam. The idea being that if IMAP > can transfer outgoing mail the SMTP wouldn't be necessary for clients > and we can block port 25 on windows machines and viruses can't send > email. And the virus wouldn't have access to the IMAP password so > viruses can't authenticate to send mail.Here in Finland port 25 is already blocked by all the major ISPs. Only the ISP's own SMTP server can be used which also typically limits how fast mails can be sent through it. I'm using submission port (rfc2476) nowadays for sending my own mail to my SMTP server. Submission port in general is supposed to require authentication from clients. I think using the submission port is just as good for blocking spam as it would be to send mails via IMAP. Both work only as long as viruses don't use your email client directly and don't dig up the password from the client's configuration. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20061103/61da4216/attachment.pgp
Why not use the smtp *submission* port (and leave 25 disabled)? Also, SMTP auth is a good thing. Much better than the old cowboy days of just trusting some networks.. I look back at the mail submission over pop.. and shudder.
Am Donnerstag, 2. November 2006 23:43 schrieb Marc Perkel:> email. And the virus wouldn't have access to the IMAP password soWhy not? Greetings, Gunter -- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ "whitespace" - Programming language where only whitespace counts Most modern programming languages do not consider white space characters (spaces, tabs and newlines) syntax, ignoring them, as if they weren't there. Whitespace is a language that seeks to redress the balance. Any non whitespace characters are ignored; only spaces, tabs and newlines are considered syntax. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + PGP-verschl?sselte Mails bevorzugt! + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://dovecot.org/pipermail/dovecot/attachments/20061103/1df2bc7b/attachment.pgp
I see only one way to get rid of spam: Hashcash type of thing being required by everyone, but with some kind of a protocol to make mailing lists be able to work. Of course, that won't work if the spam is sent only by some botnets using tons of computers. To fix that everyone would have to start using operating systems which don't allow you to accidentally run all sorts of botnet software. And such operating systems don't exist at the moment. Although OLTP's sounds promising. -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://dovecot.org/pipermail/dovecot/attachments/20061104/9dac0283/attachment.pgp