"Petr Novotny" <[EMAIL PROTECTED]> writes:
> > This is true, but it only works iff your dialup clients have static IP
> > addresses.
>
> No; with a moderate amount of hacking (aren't there scripts on
> www.qmail.org) you can kick SMTP after verifying some shared
> secret - like POP3 password.
Yes, of course, and I've already written such a program that is in use
on our server, based on a shared MD5-encoded secret just like APOP.
All I meant to say is that serialmail and the AutoTURN mechanism
as shipped and as documented in the distribution by DJB himself
relies on static IP addresses for security. Nobody keeps you away
from spicing it up with some homegrown add-ons, just like I
(and I guess you as well) have done.
And now the circle closes and we are just where we started. The
required 'moderate amount of hacking to kick of SMTP' can be
avoided by use of a POP3-based fetchmail-like tool on the M$-Exchange
machine that stuffs each mail into Exchange's SMTP server after
it got it via POP3. This combines the already existing password
security offered by POP3 (preferrably APOP) with the advantage of
not having to 'kick SMTP' on the qmail machine. That was my point
from the start and that's why I suggested the POP3-ish way of
doing it. A further advantage is that a homegrown custom way
of verifying a shared secret and kicking SMTP will most likely
be non-standard (because of its home-grown nature) while you
can stay safe in RFC-land if you go the POP3 route.
-t
