SMTP AUTH?
- Date: Tue, 8 Sep 1998 09:44:21 +0200
Does anyone know of any working implementations of SMTP AUTH? I have not
seen an add-on for sendmail (though I may have missed something).
In particular, I was thinking of a much simpler, albeit more drastic
anti-spam test:
C: connect to server
S: check if client in "allowed" list
/ \
S: 421 Service not available S: 220 pleased to meet you
S: connect to client <normal SMTP transaction>
S: check if client allows relaying
S: add client (or not) to "allowed"
or "forbidden" list
...some time later, client re-tries
C: connect to server
S: check if client in "allowed" list
S: 220 pleased to meet you
<normal SMTP transaction>
The test can be applied positively or negatively (i.e. an "allowed" list or
a "forbidden" list). I'm not sure if 421 is the right code to use and I
realise that this would mean a drastic reduction in the number of
legitimate mail received also - since relatively few people implement
anti-relaying but... does this scale? (probably not)
The above also assumes a third case where the mail is rejected at the first
connection if it is in the "forbidden" list already.
Is this a Really Bad Idea? (OK, I already know the answer to that ;->)
Oh well, just wishful thinking on my part... or maybe everyone else is
already doing this and I just didn;t know...
John