[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POP/IMAP before SMTP

To: Andy Poling <andy@globalauctions.com>
Subject: Re: POP/IMAP before SMTP
From: Eugene Crosser <crosser@online.ru>
Date: Tue, 28 Apr 1998 22:56:11 +0400 (MSD)
cc: mea@nic.funet.fi, zmailer@nic.funet.fi
In-Reply-To: <Pine.LNX.3.96.980428101000.28261I-100000@roadrunner.realbig.com>
Reply-To: Eugene Crosser <crosser@online.ru>
Sender: crosser@ariel.sovam.com

First, I'd like to tell you guys that I have a very very basic prototype
server working, i.e. it follows the specification.  No API so far,
not today.

> >      "LOGIN" <SP> <addr-spec> <SP> <user-identity> <CR> <LF>
> >      "LOGOUT" <SP> <addr-spec> <SP> <user-identity> <CR> <LF>
> > 
> > <user-identity> field with preceding whitespace may be omitted from
> > either request.
> > 
> > The server shall, having accepted "LOGIN" request, remember the relation
> > between the <addr-spec> and the <user-identity> and may expire this
> > relation without "LOGOUT" request when the TTL for the entry expires.
> 
> While you're at it, you might as well allow (optional) specification of a
> TTL in the LOGIN transaction.  The server (client in this case) making the
> report probably has some notion of the typical lifetime of this particular
> sort of connection (whatever sort that is).

It could be useful in some cases, but having fixed ttl (or, for a change,
a few allowed fixed values) greatly simplifies expiration.  And speeds up.
I'd prefer to keep things simple.  But I'll think about it.

> Let me give you an example of how this can fail miserably: multi-user
> machines (yes, they still exist, though many people seem to forget that).
> If someone is visiting a university and uses a guest account on their large
> UNIX system (with, say, 30,000 users) to read their mail via IMAP, does
> that mean you want all 30,000 users to be able to bounce spam off of your
> SMTP server?  Probably not.

That is what I thought about, and it does not bother me too much: what if
a multiuser machine gains SMTP access to my server for a few minutes?
It's highly unprobable that a spammer will start bombing my server right
at that moment.

> Another real-world example.  Hotmail used to have (dunno if they still do)
> the ability to read remote mailboxes via POP.  You probably wouldn't want
> to open your SMTP server up to all the spam-slime on Hotmail...

This is more dangerous than the previous example.  Probably we will need
a way to tell the smtpserver to not trust certain addresses even if there
where POP connections from them.

Thanks for useful ideas.

Eugene

Follow-Ups:
- Re: POP/IMAP before SMTP
  - From: Roy C Bixler <rcb@press-gopher.uchicago.edu> (Tue, 28 Apr 1998 22:20:58 +0300)
- Re: POP/IMAP before SMTP
  - From: mea@nic.funet.fi (Wed, 29 Apr 1998 10:36:37 +0300)

References:
- Re: POP/IMAP before SMTP
  - From: Andy Poling <andy@globalauctions.com>

Prev by Date: Re: POP/IMAP before SMTP
Next by Date: Re: POP/IMAP before SMTP
Prev by thread: Re: POP/IMAP before SMTP
Next by thread: Re: POP/IMAP before SMTP
Index(es):
- Date
- Thread