[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-16 17:32:30

----- Original Message -----
From: "Frank Ellermann" <nobody(_at_)xyzzy(_dot_)claranet(_dot_)de>
To: <ietf-smtp(_at_)imc(_dot_)org>
Sent: Thursday, June 16, 2005 7:23 PM
Subject: Re: request discussion of two documents on SMTP relaying

Maybe you could say that an SMTP-after-POP MSA *MUST* enforce
submission rights (2476bis option 6.1), that should be okay.
It's still a clumsy scheme (but my old MUA loves it).

One (non-security) issue I heard of was a roaming user trying
to use POP-after-SMTP while his always-on home box periodically
checked the POP-server.  So in that case one IP enabled to be
used for SMTP with a given MAIL FROM was not enough, he needed
two IPs.

Anyway, it _can_ be better than a plain AUTH LOGIN.  Bye, Frank

In our design, POPB4SMTP is just an extension to the typical "Allow IP
Relay" table.

The POP3's peer IP address is broadcast over RPC protocol to our RPC server
which SMTP server (background thread) has a marshal wire handler to receive
server signals.   Once received by the SMTP server background thread, an
administrator defined "Timeout Window " value is used to cache the IP

When the incoming SMTP session comes in and a route authorization is
required (RCPT TO determines a relay),  the server checks the POPB4SMTP
cache.  If the current session IP address is found in the cache, the route
is allowed.

The SMTP transmission must occur within the timeout period, and by default
the timeout value is set at 1 minute.


We encourage ISPs to use ESMTP AUTH for their users and for the most part,
this resolves all the "allow relay" issues.

But I was surprise by some ISP comments to say that a top reason they like
POPB4SMTP is that it reduces thier user support requirements.

To this day, we have no heard of any security related issue with it.
However, believe it or not, it had conflicted with SPF testing operations!

Here's how:

Now this of course is an implementation issue, but in our system, all
extended sender authorization concepts are SKIPPED if the session is already
authorized using traditional means in place:

    - Allow IP Relay Table

This is part of the backward compatibility logic.

So if you are testing SPF by sending something from your POP3 machine and
you happen to have your POP3 client running,   you can bypass the SPF check
because you might be within the 1 minute IP window that had taken place in
the background..

Hector Santos, Santronics Software, Inc.

<Prev in Thread] Current Thread [Next in Thread>