On Fri, 30 Apr 1999, Petr Novotny wrote:
[ Description of an OpenSMTP scheme where mail submitted via SMTP
is put into a "quarantine spool", to be "POP Authenticated"
and delivered later, has been removed]
[ Also sorry for the late reply, I'm lagging in reading this list ]
> What do you think, is it a DoS in disguise, or is there a decent
> chance to get it working?
A potentially fatal problem comes to mind: are you sure that all
the mail clients do the POP afterwards? Perhaps a busy businessperson
just wants to send a piece of mail, but does not have the time to
fetch/read incoming mail at the time.
Perhaps the modem-over-GSM line fails just after the mail has been sent,
so there never is a POP transaction to do the authentication. Even
worse, the next time they dial in, they get a different IP address, making
it impossible to authenticate the earlier mail.
By accepting the mail you are, in effect, promising to deliver it.
Someone may be upset to find out that you bounced it back or
silently deleted it later.
There may not be any problems in real life, especially if the users
know the idea behind the protocol, so that they always make sure to
do the POP/mail fetching after the mail has been sent.
Just my 2 cents,
- Mikael -
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ Mikael Suokas + [EMAIL PROTECTED] + For PGP key finger [EMAIL PROTECTED] +
+ PGP Key fingerprint = C0 3F 31 49 2F 5B EB ED 18 AA 38 E1 63 18 3B FC +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
