[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    
From:       Donald.J.Smith ()  ! cdev ! com (Donald J Smith)
Date:       1995-12-29 12:49:57
[Download RAW message or body]

>From: Jean-Luc Rochat <jl.Rochat@sat.sligos.fr>
>Date: Fri, 22 Dec 1995 17:48:14 +0100 (MET)
>Subject: Q: restricted POP3 svr ?
>
>Hi, 
>
>I'd like to refuse POP3 acces to a list of users (like root, ...),
>as wu-ftpd does.
>Has anyone heard of that ?
>It'd not be too difficult to modify popper source code, but I'm someone
>has the solution.
>
>Happy Christmas.
>
>-----------------------------
Heres a simple "hack" with out source code changes. Create non-zero,
non-writable locking files for any user who shouldn't be able to readmail via
popmail (2-3). This is usually /var/mail/.username.pop but look in the 
mail directory and find out what your popper is doing.
This will give an error msg something like, POPmail lock box busy. 
Every client I've tried honors this but I haven't tried a telnet 
hostname 110 to see if I could ignore the error and still download mail.

Ps the other side of popmail is usually smtp for sending to the mailhost.
There is the real danger. Sendmail (all except for the last one where all the
bugs are fixed ;-) is very buggy. And any freshman can spoof mail to make it
appear as if it came from someone else, heck even without bugs most users never
look at the mail header so sign your mail with someone elses address and it will
probably be considered to be from that other person.
Donald J Smith 
Network Security Engineer @Computing Devices International

"@begin design in the security and 
ease_of_use != A*(1/Data_Security)"

(my opinions are mine and so are the spelling errors ;-)

[prev in list] [next in list] [prev in thread] [next in thread]