I've created some Perl code that grants users on the external network the ability to use the E-Smith server as a SMTP relay. By default, only trusted networks are allowed to use SMTP as a relay. Opening up your SMTP relay to the world is a horrible idea and doing so will soon cause it to be abused by spammers. When a user authenticates with the E-Smith POP3 server they are granted access to use the SMTP server for 10 minutes, after that they are removed and their rights to relay are revoked until they POP again. This works with the Obtuse SMTP server, this has been tested on E-Smith 4.1.2
The program can be downloaded http://www.stickit.nu/pop-before-smtp/ The program must be run as root, the programs fork into the background in daemon mode. There are two known programs like this out there but none that work well with the Obtuse SMTP server, I was forced to code my own. Security: The program watches /var/log/secure for POP3 requests, as a connection is established it is logged in /var/log/secure. The perl script watches this and adds the IP to /etc/smtpd_check_rules. After 10 minutes the IP is removed from /etc/smtpd_check_rules. Since there isn't really any way to watch for a successful POP3 authentication without patching qmail this less secure way is used. Chances are it would be unlikely for this pop-before-smtp system to be exploited because it would require a connection to POP3 (110 TCP) first. Before you try this program out, ensure you have /etc/smtpd_check_rules , this is the Obtuse SMTPD allow/deny configuration file (for lack of a better word). This is still in a beta stage but it is believed to be bug free. I welcome another set of eyes on this, please feel free to make changes or make suggestions and I'll update the code and give the modifying author credit. Nathan Fowler [EMAIL PROTECTED] -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
