[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-16 16:25:20

ned+ietf-smtp(_at_)mrochek(_dot_)com wrote:

POP-before-SMTP, OTOH, is very common, and that makes POP
authentication very relevant indeed. POP-before-SMTP also
carries with it an additional, unique set of security risks.
Do we need to document them as well?

Maybe you could say that an SMTP-after-POP MSA *MUST* enforce
submission rights (2476bis option 6.1), that should be okay.
It's still a clumsy scheme (but my old MUA loves it).

One (non-security) issue I heard of was a roaming user trying
to use POP-after-SMTP while his always-on home box periodically
checked the POP-server.  So in that case one IP enabled to be
used for SMTP with a given MAIL FROM was not enough, he needed
two IPs.

Anyway, it _can_ be better than a plain AUTH LOGIN.  Bye, Frank

<Prev in Thread] Current Thread [Next in Thread>