On Wed, 16 Apr 2003, BoBo BoBo wrote: > I am using the dbmail 1.1 final release. > > The pbsp table does not handle different computers > coming from the same IP address because it does not > store the unique user id with the IP address of the > client. Therefore if there are 100 employees on the > same remote network only one of them has to do pop > before smtp then all 100 will be able to send emails > because their computers appear from the outside as > one IP address. That is just the way its going to work. Pop-before-smtp is a hack, combine it with another hack, namely NAT, you end up with problems like this. The SMTP server has no way of telling who is who based on pop-before-smtp.
> > Example 1: > > My DSL IP address is 1.2.3.4 but I am using 2 > computers with a router 192.168.1.10 and 192.168.1.11 > My dbmail email server is in the company office. > If only one of my computers uses POP then both of them > will be able to send emails through smtp because they > will have the same entry in the pbsp table. Either use SMTP AUTH or don't use NAT. > > > Example 2: > > 100 company employees are using VPN from their home > to check their emails in the office. All of them appear > to the dbmail server with IP address 127.0.0.1 (stunnel, > etc.). If only one of them does a POP all of their > computers will be able to send emails because all of > them having the same entry in the pbsp table. If they are all coming in with an IP Address of 127.0.0.1, pop-before-smtp is pretty much irrelvant as most sane mail configurations always allow mail from 127.0.0.1. To be honest, I doubt that in this case you'd even get to a search of the pbsp table. > I think there should be an additional field in table > pbsp storing the unique user ID therefore > distinguishing between the different people appearing > from the same IP address. Ain't gonna work for the reasons explained above. You can *add* it, but it won't do anything useful for you. Hack+Hack=more Hack :P Aaron
