On Thu, 5 Feb 2004, Jens Benecke wrote:
> So: I want to whitelist users who use SMTP AUTH on my server to send their
> mail. Otherwise, they will get punished by SA because they are
> (legitimately) sending from a DUL (because they don't have a NOC in their
> basement).
>
> Unfortunately, qmail doesn't really mark the useage of SMTP AUTH in the
> headers.
>
> Any ideas?
Modify your MTA. If the user is connecting via SMTP AUTH you know
who they are. Use some kind of algorithm to hash their user-id &
IP address and put the hashed value into the Received: header.
That way you have that information for later audit/debugging
needs and the world doesn't need to know the exact details of
how they got that message to your server. (clearly need to use
a reversable hash, more of some kind of crypt).
Dave
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
> So: I want to whitelist users who use SMTP AUTH on my server to send their
> mail. Otherwise, they will get punished by SA because they are
> (legitimately) sending from a DUL (because they don't have a NOC in their
> basement).
>
> Unfortunately, qmail doesn't really mark the useage of SMTP AUTH in the
> headers.
>
> Any ideas?
Modify your MTA. If the user is connecting via SMTP AUTH you know
who they are. Use some kind of algorithm to hash their user-id &
IP address and put the hashed value into the Received: header.
That way you have that information for later audit/debugging
needs and the world doesn't need to know the exact details of
how they got that message to your server. (clearly need to use
a reversable hash, more of some kind of crypt).
Dave
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{