Ross: Maybe I'm not understanding what you're asking for, but XMail does this sort of thing already without using a database - look in the README for [EnableAuthSMTP-POP3] (which is on by default), check the command-line parameter -Se (controls how long an IP address is valid based on POP3 login), and look in the user directory ($MAILROOT/domains/$DOMAIN/$USER/) for a file called .ipconn - that contains the IP address that a user last logged in from via POP3.
As for it being a better solution - when you do a "Send/Receive" in MS Outlook, that's exactly what happens - it tries to send any mail in the Outbox first via SMTP, then checks mail via POP3. Depending on how often Outlook is set to check mail, and the -Se timeout parameter on XMail, XMail may refuse to relay the message, popping up an error dialog on the client machine, and often resulting in a call to support/help-desk/knowledgeable son-in-law. As for concerns about sending the password in plaintext - POP3 is plaintext and a much more likely target for someone sniffing for passwords, and XMail supports CRAM-MD5 for SMTP authentication (provided that the client supports it - I seem to remember that Outlook doesn't support this). If you're truly concerned about plaintext passwords being intercepted on the wire, you'd be better off to look into using SSL to encrypt connections (check the current mailing list thread on "XMail + SSL patch"). Hope this answers your questions - let me know if I missed anything. Kirk -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Gohlke Sent: Friday, September 09, 2005 1:38 AM To: [email protected] Subject: [xmail] IP-based mail-before-smtp Is it possible to poll a database (postgresql) for an IP address to authenticate SMTP sending? A user checks their email. Their IP is logged in the database. When they try to send an email through XMail, could you use a script in userauth/smtp to authenticate based on the IP? It doesn't seem that XMail can pass the IP. This seems like a better solution than plaintext password authentication, is there something I'm missing? Thanks, Ross - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
