On Fri, Jun 28, 2002 at 10:33:03AM -0400, FreeportWeb Debian Support Account wrote: | On Fri, Jun 28, 2002 at 07:53:03AM -0400, FreeportWeb Debian Support Account | wrote:
| [POP-before-SMTP] | | -- hence nobody can actually send e-mail through the server unless | | they have a username and password for qmail -- which is simply a | | passwd file that is managed by the vpop admin tools. | | >>Actually, if someone else acquires that IP address before it expires | >>from the cache, you've just opened up a nice open relay for them :-). | >>Use SMTP AUTH -- it does what you intend for it to do. | | I disagree. | | The likely hood of someone "aquiring" your IP address, even as a DCHP | client, before it leaves the cache, then knowing your user name or | password, then having the ability to connect to the mail server | (remember, you need both to authenticate) is highly unlikely. They don't need your username or password -- you already POPped making that IP address authorized to relay. All they need is the already-authorized IP address. This is more likely to happen with dial-up accounts than with DHCP (if the DHCP lease is long enough). | This is the way [snip] does it Lots 'o people do it or want to do it, but it doesn't make it Right. :-) (lots of people use sendmail too ... or Exchange) SMTP AUTH (RFC 2554) is intended to authenticate an SMTP session. POP is not intended to authenticate an SMTP session. | Incidently, qmail is also free, Read http://cr.yp.to/qmail/dist.html and tell me that is Free. It is "Beer-only" free. (though I don't understand why anyone would want beer, free or otherwise <0.5 wink>) | and you can also get it with an apt-get. Only the source. See above for the reason. (and see the DFSG too) | You just need to configure it, as its far more complex than Exim is, | its also much more secure than most of the packages out there (i.e. | Sendmail). Simplicity is a virtue :-). exim is extremely flexible yet still remains simple to work with. -D -- I tell you the truth, everyone who sins is a slave to sin. Now a slave has no permanent place in the family, but a son belongs to it forever. So if the Son sets you free, you will be free indeed. John 8:34-36 http://dman.ddts.net/~dman/
pgpZXPhIxrRz3.pgp
Description: PGP signature
