On Thu, 2004-02-05 at 09:16,
elemint@hotpop.com wrote:
> What is the best way to test for smtp authentication, relay etc.
>
> If evolution was set up to connect to @domain.name.com with a pop
> username and password and smtp was setup to connect to the
> @domain.name.com smtp server. Once they were authenticated for pop
> could they then send smtp messages from another program not evolution
> this being a virus of sorts that is now trying to latch on to the
> connnection created with the pop authentication.
---
there are sites that will test for open relay - the one that comes to my
mind is ordb.org but there are others.
What you are talking about is pop before relay and I think that has
fallen into disfavor since an unencrypted pop connection before relay
means anyone knowing your pop account and password can relay mail from
your server and that is fairly trivial.
You probably should consider some START_TLS type of encryption and only
allow that for relaying mail as that is encryption. It all depends upon
the MTA that you are using.
Craig
(text/plain)