From c580f494ea4a86b7fc76076ea43f8802357135d0 Mon Sep 17 00:00:00 2001 From: Lyra Thorpe Date: Wed, 17 Jun 2026 17:15:40 +0100 Subject: [PATCH] docs: add Security section documenting unauthenticated listeners Document that the front-end POP3/SMTP listeners are unencrypted and unauthenticated, warn that they must be bound to a trusted internal network only, and note POP3_BIND_ADDR / SMTP_BIND_ADDR for restricting the bind address. Fixes #9 Co-Authored-By: Claude Opus 4.8 (1M context) --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 4ad7a25..b1f6eb5 100644 --- a/README.md +++ b/README.md @@ -63,3 +63,11 @@ pytest -q ## Notes This implementation begins the proxy with a minimal POP3 command set and SMTP delivery path. It is designed to start development on the required application architecture. + +## Security + +By design, the front-end POP3 (port 110) and SMTP (port 25) listeners are **unencrypted** and **unauthenticated**. Anyone who can reach port 110 obtains full mailbox access, and anyone who can reach port 25 can relay mail through the configured backend SMTP credentials, which is an open relay from the network's perspective. + +Because of this, the listeners **must** be bound to a trusted internal network only, such as a private Docker bridge, a VPN interface, or localhost, and **must not** be exposed to untrusted networks or the public internet. + +Operators who need to restrict the bind address can set `POP3_BIND_ADDR` / `SMTP_BIND_ADDR` to a specific internal interface instead of `0.0.0.0`.