docs: add Security section documenting unauthenticated listeners
Build and publish container / build (pull_request) Successful in 8m58s
Build and publish container / build (pull_request) Successful in 8m58s
Document that the front-end POP3/SMTP listeners are unencrypted and unauthenticated, warn that they must be bound to a trusted internal network only, and note POP3_BIND_ADDR / SMTP_BIND_ADDR for restricting the bind address. Fixes #9 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -63,3 +63,11 @@ pytest -q
|
||||
## Notes
|
||||
|
||||
This implementation begins the proxy with a minimal POP3 command set and SMTP delivery path. It is designed to start development on the required application architecture.
|
||||
|
||||
## Security
|
||||
|
||||
By design, the front-end POP3 (port 110) and SMTP (port 25) listeners are **unencrypted** and **unauthenticated**. Anyone who can reach port 110 obtains full mailbox access, and anyone who can reach port 25 can relay mail through the configured backend SMTP credentials, which is an open relay from the network's perspective.
|
||||
|
||||
Because of this, the listeners **must** be bound to a trusted internal network only, such as a private Docker bridge, a VPN interface, or localhost, and **must not** be exposed to untrusted networks or the public internet.
|
||||
|
||||
Operators who need to restrict the bind address can set `POP3_BIND_ADDR` / `SMTP_BIND_ADDR` to a specific internal interface instead of `0.0.0.0`.
|
||||
|
||||
Reference in New Issue
Block a user