> If you don't protect SMTP with AUTH or private encryption, you can only
> rely on filtering.
>
Fritz - how would you feel about putting in a fail-safe in there that aborts
the connection to listenPort2/smtpAuthServer if the client isn't
authenticated? I've tried to hack around quickly in the code, but am not
sure how to get the connection to abort gracefully to test out my theory.
But I would see it as something like:
sub NewSMTPConnection (around line 2177 - just after the check if relay is
ok):
if(( $fh==$lsn2 && $smtpAuthServer ne '' ) && ( $Con{ $client }->{relayok}
!= 1 ) )
{
# connected to auth port, but not authenticated
mlog( "", "client connected to $localport, but not authenticated --
aborting connection." );
return;
}
Maybe even add an option in the admin panel that says drop connections to
listenPort2 if client doesn't authenticate.
Thoughts?
Thanks,
Eric
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Assp-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-user
