Date: Mon, 2 May 2011 17:56:38 +0530 From: Kapil Jain <kapil@sh3lls.net> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: freebsd-security Digest, Vol 371, Issue 1 Message-ID: <6D96B8FE-5820-47A9-ACA5-CF8A1C06FAB7@sh3lls.net> In-Reply-To: <20110502120037.ED22D10657C4@hub.freebsd.org> References: <20110502120037.ED22D10657C4@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Try to change port for pop3 use some weired port, and specify that port in your gmail account for fetching, it's not full proof but it might work for you Kapil Jain Sent from my iPad On 02-May-2011, at 5:30 PM, freebsd-security-request@freebsd.org wrote: > Send freebsd-security mailing list submissions to > freebsd-security@freebsd.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freebsd.org/mailman/listinfo/freebsd-security > or, via email, send a message with subject or body 'help' to > freebsd-security-request@freebsd.org > > You can reach the person managing the list at > freebsd-security-owner@freebsd.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of freebsd-security digest..." > > > Today's Topics: > > 1. limiting pop access to gmail servers ? (George Sanders) > 2. Re: limiting pop access to gmail servers ? (Patrick Proniewski) > 3. Re: limiting pop access to gmail servers ? (Gleb Kurtsou) > 4. Re: limiting pop access to gmail servers ? (cronfy) > 5. Re: limiting pop access to gmail servers ? > (freebsd-lists@albury.net.au) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sun, 1 May 2011 15:55:25 -0700 (PDT) > From: George Sanders <gosand1982@yahoo.com> > Subject: limiting pop access to gmail servers ? > To: freebsd-security@freebsd.org > Message-ID: <349555.87646.qm@web120019.mail.ne1.yahoo.com> > Content-Type: text/plain; charset=us-ascii > > > > We run our own (freebsd) mail server. It's a pretty classic, old fashioned > /var/mail/username setup. > > We have enabled POP so that certain people can pop their mail from us, and use > gmail as their mail client. > > However, we have no other POP users ... and I don't want POP open to the whole > world ... > > BUT, I suspect there are a LOT of possible IPs that google will use to pop mail > from us ... > > Is there an authoritative list ? > > Anyone else blocking POP access to everyone BUT google ? > > > ------------------------------ > > Message: 2 > Date: Mon, 2 May 2011 08:18:30 +0200 > From: Patrick Proniewski <patpro@patpro.net> > Subject: Re: limiting pop access to gmail servers ? > To: George Sanders <gosand1982@yahoo.com> > Cc: freebsd-security@freebsd.org > Message-ID: <3FF47F45-A59F-4542-A65E-6069300D9224@patpro.net> > Content-Type: text/plain; charset="us-ascii" > > Hello, > > On 02 mai 2011, at 00:55, George Sanders wrote: > >> BUT, I suspect there are a LOT of possible IPs that google will use to pop mail >> from us ... > > You are right about that. According to my pop logs, my servers have encounter about 1000 different IPs from google (920 actually). > Domain names are always like mail-[a-z][a-z][0-9]-[a-z][0-9][0-9]*.google.com > By the way, I'm in europe, I'm not sure USA, Australia or Japan would see the same gmail POP clients. > >> Is there an authoritative list ? > > I don't know. > >> Anyone else blocking POP access to everyone BUT google ? > > I don't. > > patpro > > ------------------------------ > > Message: 3 > Date: Mon, 2 May 2011 12:42:04 +0600 > From: Gleb Kurtsou <gleb.kurtsou@gmail.com> > Subject: Re: limiting pop access to gmail servers ? > To: George Sanders <gosand1982@yahoo.com> > Cc: freebsd-security@freebsd.org > Message-ID: <BANLkTikgQM=-d41dCCDPpO-xBHOOy+CEbw@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > On Mon, May 2, 2011 at 4:55 AM, George Sanders <gosand1982@yahoo.com> wrote: >> >> >> We run our own (freebsd) mail server. It's a pretty classic, old fashioned >> /var/mail/username setup. >> >> We have enabled POP so that certain people can pop their mail from us, and use >> gmail as their mail client. >> >> However, we have no other POP users ... and I don't want POP open to the whole >> world ... >> >> BUT, I suspect there are a LOT of possible IPs that google will use to pop mail >> from us ... >> >> Is there an authoritative list ? >> >> Anyone else blocking POP access to everyone BUT google ? > > Didn't try it myself, just a wild guess. Hopefully google pop clients > use real ssl certificates signed by google to authenticate. Mutual ssl > authentication is hardly ever used, but still. > > Setup pop over ssl and check for google certificates instead. > > Gleb. > > > ------------------------------ > > Message: 4 > Date: Mon, 2 May 2011 10:41:59 +0400 > From: cronfy <cronfy@gmail.com> > Subject: Re: limiting pop access to gmail servers ? > To: freebsd-security@freebsd.org, gosand1982@yahoo.com > Message-ID: <BANLkTikEoddderju8un4jRouVWDBvPPZ8g@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Hi, > >> BUT, I suspect there are a LOT of possible IPs that google will use to pop >> mail >>> from us ... >> >> You are right about that. According to my pop logs, my servers have >> encounter about 1000 different IPs from google (920 actually). >> Domain names are always like mail-[a-z][a-z][0-9]-[a-z][0-9][0-9]*. >> google.com >> By the way, I'm in europe, I'm not sure USA, Australia or Japan would see >> the same gmail POP clients. >> > > > You can make active checks for incoming connections. If reverse DNS record > is valid (ip -> resolves to name -> resolves to same ip) and it matches '.* > google.com$' regexp, then it is Google. > > > -- > Олег Петрачев > > > ------------------------------ > > Message: 5 > Date: Mon, 2 May 2011 17:23:07 +1000 (EST) > From: freebsd-lists@albury.net.au > Subject: Re: limiting pop access to gmail servers ? > To: George Sanders <gosand1982@yahoo.com> > Cc: freebsd-security@freebsd.org > Message-ID: <20110502171811.Y39066@ali-syd-1.albury.net.au> > Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed > > > >> We have enabled POP so that certain people can pop their mail from us, and use >> gmail as their mail client. >> >> However, we have no other POP users ... and I don't want POP open to the whole >> world ... >> >> BUT, I suspect there are a LOT of possible IPs that google will use to pop mail >> from us ... > > > While not a "strong" solution, out-of-the box, I'd suggest in > /etc/hosts.allow (probably after the "paranoid" line to make inetd check > fwd/reverse match) > > ALL : PARANOID : RFC931 20 : deny > > assuming you use qpopper (change as required) > > qpopper : .google.com : allow > qpopper : x.x.x.0/255.255.255.0 : allow (your directly-connected users) > qpopper : all : deny > > > RossW > > > ------------------------------ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > > End of freebsd-security Digest, Vol 371, Issue 1 > ************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6D96B8FE-5820-47A9-ACA5-CF8A1C06FAB7>