On Sat, 2002-03-09 at 18:07, [EMAIL PROTECTED] wrote: > can anyone please who has done this sort of thing before elaborate more on pros and >cons > also can please send the snippet of actual code ( c, perl or any lang > welcome ) that gets executed on client side while the smtp auth > (plain) ( just trying to gauge the security impact of this kind of auth )
my personal favorite is [pop|imap]-before-smtp. I've seen many implementations of this in perl for sendmail + postfix, but it basically works like this (assuming postfix): a perl daemon is spawned off that monitors /var/log/maillog. When it sees a pop/imap connection authenticated, it adds that ip address to a berkeley db file (of course it checks to see if it's already there first). It also adds a time stamp. Every minute, it checks the file as well, and if the timestamp is n minutes in the past, it deletes the record. Then, in my postfix configuration file, i tell it to look at dbm://my/file/here for ip's that are allowed to relay. basically, anyone who checks their mail can relay for the next five minutes. I do this + force imap+pop to be over ssl. this way, only outgoing mail goes in plaintext... hth. -jon -- [EMAIL PROTECTED] || www.divisionbyzero.com gpg key: www.divisionbyzero.com/pubkey.asc think i have a virus?: www.divisionbyzero.com/pgp.html "You are in a twisty little maze of Sendmail rules, all confusing."
signature.asc
Description: This is a digitally signed message part
