lyrathorpe/legacy-email-proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Document unauthenticated listener exposure (#13)

Browse Source 
Adds a Security section: the front-end POP3/SMTP listeners are unauthenticated and must be bound to a trusted internal network only. Closes #9

Reviewed-on: #13
Co-authored-by: Lyra Thorpe <iam@emmathe.dev>
Co-committed-by: Lyra Thorpe <iam@emmathe.dev>
This commit was merged in pull request #13.
This commit is contained in:
Lyra Thorpe
2026-06-17 17:33:51 +01:00
committed by lyrathorpe
parent 4ab12f8ce6
commit e51740b8db
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+8
View File
@@ -63,3 +63,11 @@ pytest -q
## Notes ## Notes
This implementation begins the proxy with a minimal POP3 command set and SMTP delivery path. It is designed to start development on the required application architecture. This implementation begins the proxy with a minimal POP3 command set and SMTP delivery path. It is designed to start development on the required application architecture.
## Security
By design, the front-end POP3 (port 110) and SMTP (port 25) listeners are **unencrypted** and **unauthenticated**. Anyone who can reach port 110 obtains full mailbox access, and anyone who can reach port 25 can relay mail through the configured backend SMTP credentials, which is an open relay from the network's perspective.
Because of this, the listeners **must** be bound to a trusted internal network only, such as a private Docker bridge, a VPN interface, or localhost, and **must not** be exposed to untrusted networks or the public internet.
Operators who need to restrict the bind address can set `POP3_BIND_ADDR` / `SMTP_BIND_ADDR` to a specific internal interface instead of `0.0.0.0`.