|
Generally speaking, SMTP Servers that support the AUTH extension have their own authentication mechanism and don't use POP3 mailboxes for authenticating users. For one thing, SMTP and POP3 are completely independent of one another both as type of mail transport servers and as protocols.
I guess I would also question why you are using associated POP3 mailboxes for authentication instead of a security principal like a user account. For example, the Exchange 5.5 IMC supports NTLM authentication, enabling you to authenticate SMTP users by using their domain account and password.
I would have your developers look over the RFCs that cover SMTP, and look into how the AUTH extension (command verb) is used. It?s a lot easier for you if you leave it up to the IT Admin to configure their SMTP Server for authentication, or for that matter, relaying.
Are you also using SSL or some other form of encryption with your authentication mechanism? If not, your attempts at security will fail because the credentials are sniffable on the wire. Moreover, if you?re trying to force authentication to stop people from spamming (e.g., relaying), then you may be overlooking the situation where a spammer gets a hold of a POP3 account that can send whatever it wants through the mail server.
|
