From owner-freebsd-security@FreeBSD.ORG Mon May 2 07:09:39 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EB891106564A for ; Mon, 2 May 2011 07:09:39 +0000 (UTC) (envelope-from gleb.kurtsou@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 7F4458FC0A for ; Mon, 2 May 2011 07:09:39 +0000 (UTC) Received: by eyg7 with SMTP id 7so2114424eyg.13 for ; Mon, 02 May 2011 00:09:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=cXn5I7D315Sp6fSO0urrbSr6or69pedVmdF4yIGou5M=; b=gUD/ITTq9aSB7ibNXaBbXWPNAdzDQ3AAQSLGWUguzkVo8IM1rRCajOe01+nOZfmsvG B8QDRQkiJBEawq5MTz43KLXaCQ91ODbS3veA3CiUdi8N9WX3fGCIULahzJ+BRRltAf7J O82EFWuHOj/yMiYX5Zu6AJnTW0n4LNQD6jGtQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=BT+xJ8FZwFYQS0xYCO3D8lM5wB+6+BuLVVpNlBif1m2CpWbNvRxeXmR51qvwT+Db7C XaLG2pTgfvIPdbyBDe6aoDVfTQJ4RSHMfXxFVfffUSjxExMhq4W2RkETa/CAkK7XNY+N WdMXzCtSjWbLJ5ICbbOsZjegSUe2zI7b5WcB0= MIME-Version: 1.0 Received: by 10.213.109.134 with SMTP id j6mr3155860ebp.103.1304318524337; Sun, 01 May 2011 23:42:04 -0700 (PDT) Received: by 10.213.112.144 with HTTP; Sun, 1 May 2011 23:42:04 -0700 (PDT) In-Reply-To: <349555.87646.qm@web120019.mail.ne1.yahoo.com> References: <349555.87646.qm@web120019.mail.ne1.yahoo.com> Date: Mon, 2 May 2011 12:42:04 +0600 Message-ID: From: Gleb Kurtsou To: George Sanders Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: limiting pop access to gmail servers ? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 May 2011 07:09:40 -0000 On Mon, May 2, 2011 at 4:55 AM, George Sanders wrote= : > > > We run our own (freebsd) mail server. =C2=A0It's a pretty classic, old fa= shioned > /var/mail/username setup. > > We have enabled POP so that certain people can pop their mail from us, an= d use > gmail as their mail client. > > However, we have no other POP users ... and I don't want POP open to the = whole > world ... > > BUT, I suspect there are a LOT of possible IPs that google will use to po= p mail > from us ... > > Is there an authoritative list ? > > Anyone else blocking POP access to everyone BUT google ? Didn't try it myself, just a wild guess. Hopefully google pop clients use real ssl certificates signed by google to authenticate. Mutual ssl authentication is hardly ever used, but still. Setup pop over ssl and check for google certificates instead. Gleb.