Mailing List SIMS@mail.stalker.com Message #12598
From: Chris Wagner <ismgr@atchisonkansas.net>
Subject: Re: APOP.
Date: Wed, 26 Feb 2003 11:02:37 -0600
To: SIMS Discussions <SIMS@mail.stalker.com>
Christopher,

Exactly what is SMTP AUTH?

Is that something similar to APOP but done with the SMTP module?

I guess I need to see how that would be an advantage.

Also, if I required that all our local clients to use SMTP AUTH, would that
setting also work for them on a remote basis?

I mean, can they go home and still check and send mail using the SIMS box?

And exactly how does SIMS approach the transaction between the two to allow
permission?

Thanks,

Chris

> From: Global Homes Webmaster <webmaster@globalhomes.com>
> Reply-To: "SIMS Discussions" <SIMS@mail.stalker.com>
> Date: Tue, 25 Feb 2003 14:09:49 -0800
> To: "SIMS Discussions" <SIMS@mail.stalker.com>
> Subject: Re: APOP.
>
> On 02/25/03 at 15:41, Chris Wagner opined:
>
>> Trying to figure out a better way to allow remote users to use their
>> mailboxes for a reasonably longer time period you can set SIMS up to
>> "treat authenticated IPs as client host".
>
> Do you mean you want to extend the time that a user can send via SMTP after
> they've authenticated a POP session? For that, there are only the options
> in the corresponding menu in SIMS' SMTP settings, ranging from 'never' to
> 10 minutes. But POP-before-send is a band-aid to begin with. Better to use
> SMTP AUTH if your mail client supports it. Then there is no time limit for
> sending via SMTP after authenticating to the POP server.
>
>> I guess my question is this:
>>
>> How much more secure (or is it more secure) / less of a relay
>> opportunity to setup APOP?
>
> APOP only makes POP password exchanges more secure, since the password is
> hashed, as opposed to sending the password in clear text. It wouldn't make
> a difference in terms of SMTP relays from the client's IP address once a
> POP session has been authenticated.
>
>> At that point (running APOP for each box), would SIMS rely on the IP
>> from the sender's network to verify against its client host list?
>
> Yes, the IP address of the sender is matched agains the client host list.
> If there's been an authenticated POP session from that host within the
> configured time period, the host will be allowed to relay. This is true
> whether or not APOP is used.
>
>> If this is the case, then how can you work around this and not totally
>> set yourself up as a relay?
>
> What are you trying to work around? The POP-before-send strategy, using
> APOP or not, is itself a work-around to block relays from unauthorized
> hosts. It's not the best solution, but if you can't use SMTP AUTH, it's
> better than nothing.
>
> --
> Christopher Bort | cbort@globalhomes.com
> Webmaster, Global Homes | webmaster@globalhomes.com
> <http://www.globalhomes.com/>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <SIMS@mail.stalker.com>.
> To unsubscribe, E-mail to: <SIMS-off@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <SIMS-digest@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <SIMS-index@mail.stalker.com>
> Send administrative queries to  <SIMS-request@mail.stalker.com>
>

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster