Re: [cobalt-users] How to stop SPAM senders?

[Jeff Lasman <jblists@xxxxxxxxxxxxx>]

wcstaff wrote:

> I think you have it backwards,

Nope <smile>.

> but can you explain further why turning off
> pop b4 SMTP is more secure?

Because if Pop before SMTP is off no-one can send mail through your
server.  Surely that's a lot more secure than allowing anyone with a
pop-box on your server to send email.

Especially in a control-panel-based hosting environment.  You don't even
know who's getting a pop-account on your server; the domain admin sets
that up without even letting you know.

> It is my thinking that the user logs in with a
> pop, then that same user can send through that account, not every user that
> tries.

That's how it works WITH POP before SMTP.

> Without it turned on, it is more likely that any user can send mail through
> an account without logging in with a password.

That's what you've got backwards.  Without POP before SMTP no-one can
send email through your server.

> I tested it here and if pop b4 SMTP is off, I can pretty much set up an
> email account with my pop server to receive and your SMTP server to send.

I'm not sure of what you mean by "my" and "your" but I assure you that a
properly upgraded RaQ without POP before SMTP will not allow anyone to
relay email.

Even though I "know" I'm right <smile>, I just tested it myself, to
verify.

If I don't allow POP before SMTP authentication then you can't send
email through my RaQ.  Period.

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";