Re: smtp relaying
On 02/19, Peter Gradwell wrote: > > I see there are some pop3-before-smtp authentication patches. > >But using pop3 before sending mail is awkward. So... why nobody > >thought about a patch using a password in user's e-mail? :) > >Any MUA allows user to enter his e-mail. ANY. Let's use it! > >password#username@host. Check that password at mail from: point, > >receive message if user's password is okay, strip password# from > >all headers and continue the work... > > What's wrong with this idea? I think I'm inventing a bicycle, > >but there must be a good reason to reject it... > it sounds horribly insecure to me... Yeah... I just realized that user can post a message to third-party newsserver, sending his smtp password through usenet %) Oh well. It was a nice idea :( -- Roman V. Isaev http://www.gunlab.com.ru Moscow, Russia
Re: smtp relaying
On Fri, 19 Feb 1999, Asmodeus wrote: > On Fri, 19 Feb 1999, Roman V. Isaev wrote: > > > > > I see there are some pop3-before-smtp authentication patches. > > But using pop3 before sending mail is awkward. So... why nobody > > thought about a patch using a password in user's e-mail? :) > > Any MUA allows user to enter his e-mail. ANY. Let's use it! > > password#username@host. Check that password at mail from: point, > > receive message if user's password is okay, strip password# from > > all headers and continue the work... > > > > What's wrong with this idea? I think I'm inventing a bicycle, > > but there must be a good reason to reject it... > > Besides having a plaintext password flow between any computers between > their isp and the smtp server, none that immediately come to mind. And if the password get sniffed, so what? Correct me if I'm wrong, but as long as the password is just used for this purpose, all it would let someone do is forge mail through this relay as that user. If you just want to forge mail, there are much easier ways of doing that. The idea here is not really to completely authentcate the sender, it is merely to make using your server as a relay so difficult that a spammer will go elsewhere. Russ Steffen [EMAIL PROTECTED] > > AOL(for instance) --> x computers/routers/etc --> server > > .Shawn
Re: smtp relaying
On Fri, 19 Feb 1999, Roman V. Isaev wrote: > > I see there are some pop3-before-smtp authentication patches. > But using pop3 before sending mail is awkward. So... why nobody > thought about a patch using a password in user's e-mail? :) > Any MUA allows user to enter his e-mail. ANY. Let's use it! > password#username@host. Check that password at mail from: point, > receive message if user's password is okay, strip password# from > all headers and continue the work... > > What's wrong with this idea? I think I'm inventing a bicycle, > but there must be a good reason to reject it... Besides having a plaintext password flow between any computers between their isp and the smtp server, none that immediately come to mind. AOL(for instance) --> x computers/routers/etc --> server .Shawn
Re: smtp relaying
At 10:49 pm +0300 19/2/99,the wonderful Roman V. Isaev wrote: > I see there are some pop3-before-smtp authentication patches. >But using pop3 before sending mail is awkward. So... why nobody >thought about a patch using a password in user's e-mail? :) >Any MUA allows user to enter his e-mail. ANY. Let's use it! >password#username@host. Check that password at mail from: point, >receive message if user's password is okay, strip password# from >all headers and continue the work... > > What's wrong with this idea? I think I'm inventing a bicycle, >but there must be a good reason to reject it... it sounds horribly insecure to me... peter. -- peter at gradwell dot com; online @ http://www.gradwell.com/ "To look back all the time is boring. Excitement lies in tomorrow"
