Back in the "good old days", an SMTP (email) server could blindingly allow anyone from the Internet to relay email. Relaying email is the process of taking mail and sending it to another mail server. For example, if I am at Site A and I want to email someone at Site B, I may need to use Site C's email server to relay the message. The SMTP protocol does not provide a means of authenticating the user attempting to send mail. An SMTP server that relays email from any domain / ip address to any other domain / ip addressis said to be an "open relay".

The problem with having an open relay SMTP server is that Internet spammers can easily find it and exploit it to do their dirty work. By forging email headers and using temporary email accounts, it is nearly impossible to track them down and distinguish them from your legitimate users trying to send email.

So how does one allow legitimate roaming users the ability to relay email without inviting Spammers? One answer is using the authentication methods available in the POP and IMAP protocols. If the SMTP server can determine that the user attempting to relay mail has sucessfully authenticated ("logged in") via POP or IMAP then that user can be considered trusted. One such tool for the qmail SMTP server is SMTP-poplock.

SMTP-poplock maintains a database containing the IP address of user's who have successfully logged in via POP or IMAP. Most email clients such as Microsoft Outlook provide POP or IMAP email accounts containing a username and password that is sent to the server. A user who has a laptop and wants to access and send e-mail from a location on travel simply has to log into their email client to be seen as "trusted" by the SMTP server.

SMTP-poplock Installed
Latest News:

Previous Stories

2003-11-10 - No news is good news right? Read More

2003-06-04 - SMTP POP-Lock installed to allow roaming POP/IMAP email access. Read More

2003-06-02 - Most of the web site is complete. Check out the TODO list for more info.

SMTP-poplock Process

1 Roaming user logs into email using client (e.g. Microsoft Outlook)

2 Username/Password sent to SMTP/IMAP/POP server.

3 If username/password matches, user's IP address is stored in a database.

4 When attempting to relay mail, IP address is checked against database. If match found, mail relaying is allowed. IP address is remembered for a short time (approx. 1 hour after logging in)
Copyright 2003, Netbits, Inc. Read Privacy Policy & Terms and Conditions

Updated: July 1st, 2003 - 12:16 AM