Mailing List Message #12590
From: Global Homes Webmaster <>
Subject: Re: APOP.
Date: Tue, 25 Feb 2003 14:09:49 -0800
To: SIMS Discussions <>
X-Mailer: Mailsmith 1.5.4 (Blindsider)
On 02/25/03 at 15:41, Chris Wagner opined:

> Trying to figure out a better way to allow remote users to use their
> mailboxes for a reasonably longer time period you can set SIMS up to
> "treat authenticated IPs as client host".

Do you mean you want to extend the time that a user can send via SMTP after
they've authenticated a POP session? For that, there are only the options
in the corresponding menu in SIMS' SMTP settings, ranging from 'never' to
10 minutes. But POP-before-send is a band-aid to begin with. Better to use
SMTP AUTH if your mail client supports it. Then there is no time limit for
sending via SMTP after authenticating to the POP server.

> I guess my question is this:
> How much more secure (or is it more secure) / less of a relay
> opportunity to setup APOP?

APOP only makes POP password exchanges more secure, since the password is
hashed, as opposed to sending the password in clear text. It wouldn't make
a difference in terms of SMTP relays from the client's IP address once a
POP session has been authenticated.

> At that point (running APOP for each box), would SIMS rely on the IP
> from the sender's network to verify against its client host list?

Yes, the IP address of the sender is matched agains the client host list.
If there's been an authenticated POP session from that host within the
configured time period, the host will be allowed to relay. This is true
whether or not APOP is used.

> If this is the case, then how can you work around this and not totally
> set yourself up as a relay?

What are you trying to work around? The POP-before-send strategy, using
APOP or not, is itself a work-around to block relays from unauthorized
hosts. It's not the best solution, but if you can't use SMTP AUTH, it's
better than nothing.

                   Christopher Bort |
            Webmaster, Global Homes |
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster