On Tue, 19 Feb 2002, Tzahi Fadida wrote: > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Tzafrir Cohen > > Sent: Monday, February 18, 2002 11:51 PM > > To: Tzahi Fadida > > Cc: Rabbit of Vugluskr; 'linux-il' > > Subject: RE: sendmail relay problem > > > > > > On Mon, 18 Feb 2002, Tzahi Fadida wrote: > > > > > HI, > > > how many ISPs are we talking about? since u can probably make a simple > > > script vbs/perl/whatever that uses http to send current nslookup and get > > > xml/text data from your company web site which includes all known ISPS > > > smtp addresses. this way, any addition of ISP can be realized quickly > > > and be added to ur database by analyzing unknown http get call to ur > > > xml/text page. > > > or if u still can't manage, just build a simple php page with execute > > > code to change the smtp address automagicaly in the > > > registry(windows)/mail settings > > > what do u think? > > > > Let me see if I understand this correctly: > > > > a vb script on the client ('client-scirpt') accesses a well known address > > on the mail/web server ('server-script'). server-script is basically a > > table that gives the address that should be used in the address of the > > client. It is trivial to write such a scirpt. I don't think that it > > exposes any sensetive information (except, maybe, the fact that your sales > > persons are allowed to connect from certain points). > > > > The client script runs with the permissns of the current user, and changed > > the smtp server of the current user. What I said would have been nice, had > > there been such one default smtp server. But I believe that Outlook has > > a different smtp server for each account, and no default smtp server > > (unlike, e.g. mozilla). > > > > This will still require the sales person to run a program (=click an icon) > > after connecting), but I'm sure that there is a way of hooking the > > execution of such a script into existing connection. > > > > well, yeah basically. > > There is certainly a problem with an outlook style accounts program, > but i am certain, that u can add to the script a loop to "if then" every > set of account to check it got the designated pop.mycompany.com pop3 > definition in the account and then change only that account. > > you can even set up a php page, that will allow u to choose ur mail > client from a combo box and thus run a different script for each set of > {OS,mail client} easy to do with a decent app server/script server like > php or ColdFusion or asp/whatever. >
Actually I believe that this is quite simple to do even with a simple CGI script. But this is not what I meant. I meant that client-script will get only the data (address of the smtp server) from server-script . This keeps server-script simple and client-script does not have to execute code from a remote location. This also keeps things simpler: You never use the wrong script for a client, because client-script is installed locally. Ideally the client would be installed as a hook to the mail program: when you start outlook it checks if it is connected, and if it is, it sets the smtp server) > another option for ur windows users is to use the .cab extention to do > a quick install from the web for ur application as a hookup on the > internet explorer bar, and then when they change isp they can open their > explorer and choose their new isp from the bar which can be dhtmled to > do an http get xml/text from ur web site. U won't believe how common is > this method. And some day someone will manage to forge the address of your server and get the sales person to install their-favorite-backdoor from their server. Why execute code from a remote server? -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://www.technion.ac.il/~tzafrir ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
