special "what's my ip" pop account
Hello,
I like to enable the allow_nets Feature
(http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
for my customers. To help them knowing there own IP I imagine a
special mailbox/loginuser at the pop3 server.
That user could give a valid pop3 answer from a dummy pop3 server or
simply throw a login error with customised answer containing the IP
information.
Has anybody done something similar or ideas to build such a system?
Thanks for ideas Andreas
Am 22.10.2014 um 16:14 schrieb A. Schulze:
I like to enable the allow_nets Feature (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) for my customers. To help them knowing there own IP I imagine a special mailbox/loginuser at the pop3 server.
That user could give a valid pop3 answer from a dummy pop3 server or simply throw a login error with customised answer containing the IP information.
Has anybody done something similar or ideas to build such a system?
jesus - why that complex?
just point them to a website which display the remote IP or just to http://whatismyipaddress.com/
<?php echo htmlentities($_SERVER['REMOTE_ADDR']);?>
On 22/10/14 16:16, A. Schulze wrote:
Reindl Harald:
why that complex? just point them to a website
webtraffic goes other ways via proxy server then pop3
so just get that fixed !!! Every good proxy solution can work in ways of exposing the real user IP to the internet. Just get that configured !
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@solutti.com.br
My SPAMTRAP, do not email itAm 22.10.2014 um 22:29 schrieb Leonardo Rodrigues:
On 22/10/14 16:16, A. Schulze wrote:
Reindl Harald:
why that complex? just point them to a website
webtraffic goes other ways via proxy server then pop3
so just get that fixed !!! Every good proxy solution can work in ways of exposing the real user IP to the internet. Just get that configured!
that's not the point, i understand the difference of *what* goes through a proxy - but frankly *if* it goes through a proxy somebody just knows the public IP and it has to be whitelisted *before* the enduser comes in touch
abuse POP3 and error messages to find your connecting IP is just nonsense, especially in context of imit users to IP's - before WL them they can't connect (otherwise your design is broken)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 22 Oct 2014, A. Schulze wrote:
I like to enable the allow_nets Feature (http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets) for my customers. To help them knowing there own IP I imagine a special mailbox/loginuser at the pop3 server.
That user could give a valid pop3 answer from a dummy pop3 server or simply throw a login error with customised answer containing the IP information.
let's put aside the question, if this way is sensible or not.
I would give the http://wiki2.dovecot.org/PostLoginScripting a try. Maybe you can enable it for your dummy account via ExtraFields specifically.
Because I wonder, if you will be successful with "throw a login error with customised answer" [any MUA displays what it wants], you might prefer a MUA-independ script or program that queries your server. And if you are at it, maybe a dummy server with a self-made script that returns "+OK POP3 your IP is ....", then return +FAIL for any further command. You need to return the greeting and keep the connection open, in order to bypass IDS firewalls.
Now back to sensible or not ;-) :
Of course, if you use a dummy server (IP address) for probing the IP address, an intermediate firewall could re-route the connection differently. If you use another demon [port] on the same server, the same may happen.
If you or your customers do not have control over the routing and final public IP address, that IP might change any now and then anyway. So, if you've experienced problems in this regard, you probably need to implement a completely different protection scheme, that are independed on the IP address.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVEiwU3z1H7kL/d9rAQJJxwgAxEzY+h8Yfh2xTdvwX8wuVOcMVSzK2MLC Cfq4BitXPZEZliVL4un8b5SjFOhMFS32wG4DtlUxbkL6rrJUuM6U+2pUhOE6a1hM hAMAUyZYYwhCc517XfEkp+YEb85cCgaMX6BRfnWHnFklMAtWK3WoLlfY6ZzMeTt3 zPjgRlb0JRw5CPE5r6v9GElk4QdwR8LZAMvIzx1FcMv5lG/bOqIUAkoQewwzoIP5 vpWkfR3thkT0Dh4ibcoP5Vp7ecC+EDsJobOjBkRQIbCedojk0V515xsXK9h9q6qm 3JLTWNVO/PyoClgpVmNI0ZFW8S2vijc5DVb9lxr4neehBfTMNlZ9Gg== =2mdO -----END PGP SIGNATURE-----
Steffen Kaiser:
I would give the http://wiki2.dovecot.org/PostLoginScripting a try. I never used PostLoginScripting before. I have concerns about
additional serverload if that scripting is executed for every pop3 login and every user. (
and there are *many* )
Maybe you can enable it for your dummy account via ExtraFields specifically. That sounds I like additional scripting could be selective enabled via
ExtraFields? It' try to find documentation ...
Because I wonder, if you will be successful with "throw a login
error with customised answer" [any MUA displays what it wants], you
might prefer a MUA-independ script or program that queries your
server. And if you are at it, maybe a dummy server with a self-made
script that returns "+OK POP3 your IP is ....", then return +FAIL
for any further command. You need to return the greeting and keep
the connection open, in order to bypass IDS firewalls. I also thought about that.
Thanks for your constructive statement. Andreas
participants (4)
-
A. Schulze
-
Leonardo Rodrigues
-
Reindl Harald
-
Steffen Kaiser