Ho Noel, Am Sonntag, den 23.07.2006, 19:27 -0400 schrieb Noel J. Bergman: > Norman wrote: > > > schrieb Noel J. Bergman: > > > There are many ways to handle RoamingUsers. POPBeforeSMTP is at > > > least descriptive. > > > I called it RoaminUsersHandler cause we could easly use it for > > IMAPBeforeSMTP if imap is included. So i thought this "general" > > name is the best. > > Too general. And I'm not sure that the handler code would be shared with > IMAP, as opposed to some underlying code. So we would probably have > POP3BeforeSMTP and IMAPBeforeSMTP being protocol-specific, but using common > code to track recent authentication. OK i have no problems with "rename" the code
>
> Something more important: I am -1 on the current code. The technical
> justification for vetoing this change is that we are tracking only the IP
> address. One person on a non-routable subnet authenticates via POP3 or
> IMAP, and everyone else going through the same gateway router gets to use
> the now Open Relay? Better would to be to maintain {ID, IP}-tuples.
> Although that would be more difficult, or perhaps less useful, in virtual
> user table situations, since the POP3 USER and the SMTP MAIL FROM would be
> different, it would be better than creating Open Relays; especially Open
> Relays in a way that most admins would find every difficult to track down,
> and which most Open Relay probes would not detect.
>
> References:
>
> PassCmdHandler:
> RoaminUsersHelper.addIPAddress(session.getRemoteIPAddress());
>
> RoaminUsersHandler:
> // Check if the ip is allowed to relay
> if (!session.isRelayingAllowed()
> && RoaminUsersHelper.isAuthorized(session.getRemoteIPAddress())) {
> session.setRelayingAllowed(true);
> }
>
> My guess is that you simply didn't notice the vulnerability that this
> introduces.
Sorry Noel but thats how pop before smtp works! I can not agree with
you! We shouldn't use a costum pop before smtp implementation. We should
and must use a solution which use the "correct" way. If a admin see that
we support pop before smtp he whould get really confusing when notice
that it not works like in other mailservers like postfix,qmail etc.
Before i change the code to anything other then the "standard" pop
before smtp handling i will drop the feature complettly!
>
> Remember that you need not revert the commits at this time, but unless we
> find a resolution to the vulnerability or someone shows me the error of my
> assertion, we are not releasing this code.
Again thats no vulnerability! Thats how pop before smtp is designed!
>
> And although Administrators can turn the feature off, the code has no value
> if it cannot be turned on, and Administrators have no control over whether
> or not a traveling user is accessing from a non-routable subnet. All that
> they'll see is access via the routable address of the gateway router.
What you mean ? If you not uncomment the handler it is disabled.
>
> By the way, why not just use SMTP AUTH?
Have you ever used a other mailserver and migrate to a new? If i whould
switch from my qmail + vpopmail installation ( which support pop before
smtp) and switch to SMTP-Auth without providin pop before smtp, the
users whould gettin mad and my phone whould keep ringin all the time.
For me thats really no option!
BTW.. After that i whould maybe loose my job cause my boss whould gettin
mad too ;-)
>
> > > I disagree [terminology only] in that these are not really filters; they
> > > are command handlers. In some cases, the commands filter, but they are
> > > structurally indentical. And I agree that we should rebuild the
> protocol
> > > handlers in the same manner as we rebuilt SMTP
>
> > Exactly what i want to do too :-) This will us give more flexibility. I
> > did the commit with the hardcoded one to "show" what we can improve and
> > why we should. I think to have a "base" on which we can discuss is
> > better then nothing.
>
> Understood.
>
> --- Noel
I think there is no space to discuss about how pop before smtp is workin
today on any mailserver that support it.. It works like i descripted..
If you still say -1 i will start a official vote and you can do your
veto. After that i drop the code..
Sorry Noel i don't want to front you but want to make clear whats my
"thinkin" about this and why i did it how i did..
bye
Norman
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
