tillo
Verified User
Even better 
Exim spam through esmtp
- Thread starter aquila
- Start date
Sorry before I close this thread as resolved, I just checked /etc/virtual/pophosts_user and it lists IP with usernames (or particular emails, eg. [email protected]). So in this case, I guess DA's popb4smtp assumes that [email protected] has poped and so lets free SMTP but NOT for [email protected]?
I personally have used IMAP and my details are not show in this file. Anyway, I assume this is only for POP/SMTP and not for IMAP/SMTP.
My question is, if popb4smtp stores pop information about every single user, how came someone send spam with FROM address as somedomain's email? Will DA's popb4smtp not restrict users based on who really poped than which IP it was poped from??
I think it is seriously a vulnerability if DA was tracking the IP instead of the user. Any comments?
I personally have used IMAP and my details are not show in this file. Anyway, I assume this is only for POP/SMTP and not for IMAP/SMTP.
My question is, if popb4smtp stores pop information about every single user, how came someone send spam with FROM address as somedomain's email? Will DA's popb4smtp not restrict users based on who really poped than which IP it was poped from??
I think it is seriously a vulnerability if DA was tracking the IP instead of the user. Any comments?
tillo
Verified User
The list is filled whenever POP or IMAP are used, and will permit open relay for the IP because it is not safe to let only relay if the "From:" address is the same as the one used for the POP/IMAP login: many people forward multiple addresses to a main address, then have all the others configured as alternative identities and select them at will when replying/sending a message.
Example:
- I have [email protected]ple and [email protected]ple
- sales@ is just a forward to support@
- on my client I configure support@ as a POP account
- a customer sends a request to sales@, I want to reply with the same address
- if the popb4smtp system checks the user/address, when I send my Email from sales@ it won't work: the client did a POP login with support@, so the IP will match but not the address
Furthermore even if it does check the user/address it won't help much... like I said before, any spamming worm residing in a customer's machine could read the SMTP login data but also the sender address, and use it.
Example:
- I have [email protected]ple and [email protected]ple
- sales@ is just a forward to support@
- on my client I configure support@ as a POP account
- a customer sends a request to sales@, I want to reply with the same address
- if the popb4smtp system checks the user/address, when I send my Email from sales@ it won't work: the client did a POP login with support@, so the IP will match but not the address
Furthermore even if it does check the user/address it won't help much... like I said before, any spamming worm residing in a customer's machine could read the SMTP login data but also the sender address, and use it.