Am 12.04.2014 18:34, schrieb Bánhalmi Csaba: > I am using pop-before-smtp with postfix 2.9 to authenticate my users for > years. Now I updated postfix to 2.11 (then > I tried with 2.10) and pop-before-smtp is not working. Also tried with > different pop-before-smtp script, but it > seems postfix doesn't take into account the fact that there is a > "check_client_access > hash:/usr/local/etc/postfix/pop-before-smtp" line in > "smtpd_recipient_restrictions =" section. When I downgrade to > 2.9 it works again flawlessly. Can you guys help me?
honestly after "for years" it is *really* time to adopt SMTP auth pop-before-smtp is broken by design because in reality this means anybody in the same WLAN as one of your users has way too large timeframe to send spam over your machine in times of carrier-grade NAT, mobile devices using public hot-spots and so on it is simply a no-go allow relay because the IP has checked mail within the last few minutes and if you don't enforce TLS the only luck you may have in case of a WLAN is these days nobody expects pop-before-smtp, otherwise the bad guy would analyze traffic and know automated a smtp-server open for spam
