Hi! Im using postfix+postfixadmin+mysql+courier-imap i just implemented pop-before-smtp[1], my problem is after recieving the mails i connect to the server using telnet and try to send spam using the mail server it did send it didn't ask for authentication anymore. i'm not sure how this pop-before-smtp really works but i was thinking how should i secure the server in this kind of attacks. [1]http://www.stahl.bau.tu- bs.de/~hildeb/postfix/postfix_pop-before-smtp_en.shtml<http://bs.de/~hildeb/postfix/postfix_pop-before-smtp_en.shtml> -- Regards, Mark Quitoriano, CCNA http://www.atamanetworks.com Fan the flame... http://www.spreadfirefox.com/?q=user/register&r=19441 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20050829/7fa5e079/attachment-0001.html>
On Mon, Aug 29, 2005 at 11:34:24PM +0800, Mark Quitoriano enlightened us:> Im using postfix+postfixadmin+mysql+courier-imap > > i just implemented pop-before-smtp[1], my problem is after recieving the > mails i connect to the server using telnet and try to send spam using the > mail server it did send it didn't ask for authentication anymore. i'm not > sure how this pop-before-smtp really works but i was thinking how should i > secure the server in this kind of attacks. >Generally speaking, pop-before-smtp was (and is) a big hack. The right answer is to set up SMTP-Auth. Matt -- Matt Hyclak Department of Mathematics Department of Social Work Ohio University (740) 593-1263
On Mon, Aug 29, 2005 at 11:34:24PM +0800, Mark Quitoriano wrote:> i just implemented pop-before-smtp[1], my problem is after recieving the > mails i connect to the server using telnet and try to send spam using the > mail server it did send it didn't ask for authentication anymore. i'm not > sure how this pop-before-smtp really works but i was thinking how should i > secure the server in this kind of attacks.while others are correct that pop-before-smtp is a hack, it's not necessarily the wrong solution. it's not entirely clear what your question is - but here's how it's supposed to work: if you haven't popped from an IP address, you can't send smtp from that address (unless postfix is configured to allow it via some other mechanism). once you pop from an IP address, it's added to a list of permitted IPs that can send SMTP. There is a timeout attached, after which it is removed from the list. I think the perl pop-before-smtp program defaults to an hour - i changed it to 8 hours or maybe a day after too many (l)user complaints. danno