[CentOS] pop before smtp

Mon Aug 29 16:42:14 UTC 2005
Dan Pritts <danno at internet2.edu>

On Mon, Aug 29, 2005 at 11:34:24PM +0800, Mark Quitoriano wrote:
> i just implemented pop-before-smtp[1], my problem is after recieving the 
> mails i connect to the server using telnet and try to send spam using the 
> mail server it did send it didn't ask for authentication anymore. i'm not 
> sure how this pop-before-smtp really works but i was thinking how should i 
> secure the server in this kind of attacks.

while others are correct that pop-before-smtp is a hack, it's
not necessarily the wrong solution.

it's not entirely clear what your question is - but here's how it's supposed
to work:

if you haven't popped from an IP address, you can't send smtp from that
address (unless postfix is configured to allow it via some other mechanism).

once you pop from an IP address, it's added to a list of permitted IPs
that can send SMTP.  There is a timeout attached, after which it
is removed from the list.  I think the perl pop-before-smtp program
defaults to an hour - i changed it to 8 hours or maybe a day after too
many (l)user complaints.

danno