Hello again, g00r00!
On 22 Mar 2022, Björn Wiberg said the following...
I just noticed that if I set:
Post ACS │ !fa
...on the ID 1 (email) message base, that prevents users having that
flag from posting from within the BBS, but it does not stop them from posting emails via POP3. The POP3 server happily accepts the messages
Of course I meant "SMTP", not POP3. :o)
I do realize that SMTP on the suggested default port (25) is usually meant for message transfers between MTAs (and should not require STARTTLS if the server is publicly referenced, as per RFC 3207 section 4), not message submissions by MSAs (which often use port 587 and must require authentication as per RFC 6409 section 4.3).
So I guess it depends on the purpose which port should be used, whether STARTTLS should be required or not, and whether authentication should be required or not...
Speaking of ACSes and (for real, now!) POP3, I also noticed that the POP3 server appears to let a user list and retrieve messages, respectively, even though the corresponding List ACS and Read ACS for the email message base are not fulfilled (which usually restrict this from within the BBS).
Just thought I would mention this in case you think that this access checking should be added to those two MIS servers.
As usual, thank you for your time and consideration!
Best regards
Björn
--- Mystic BBS v1.12 A48 2022/03/11 (Linux/64)
* Origin: Star Collision BBS, Uppsala, Sweden (2:201/137)