This is a quickly hacked-up script to monitor your mail logs for successfully authenticated POP and IMAP(S) sessions, and store the IP addresses they come from in a DB file which your mailer can then use to allow incoming SMTP sessions form the same addresses to relay mail.

beforesmtp is basically the same as the well-known Perl script pop-before-smtp, except:

  • it’s in Python instead of Perl;
  • there are no other dependencies;
  • it is smaller with less to configure;
  • it is less mature;
  • there’s no installation package or init.d script available.

beforesmtp works for me with Postfix as the SMTPd and Dovecot as the IMAPd. Other combinations of software may or may not do anything; there are patterns included for a number of non-Dovecot servers but these are clumsily adapted from pop-before-smtp and might not work. You have been warned.


Download the beforesmtp script, put it somewhere convenient (eg. /usr/local/bin/) and make it executable (eg. chmod 755 beforesmtp). If you need to change the place it looks for logs (usually the default /var/log/maillog is okay) or the output db file, or you want to change how long permission to send lasts after the original authorisation (default an hour), load the script into a text editor and fiddle the constants at the top.

Next, configure your mailer to use the db file (default location /var/log/beforesmtp.db). In postfix this is done with the configuration command check_client_access hash:/var/log/beforesmtp.db inside smtpd_recipient_restrictions. Other mailers I don’t know about; see the pop-before-smtp Quickstart for some words about Sendmail.

Finally, set beforesmtp to run in whatever way your OS/distro uses (eg. I use /etc/rc.d/rc.local on Slackware). It is a good idea to have beforesmtp run as an fairly unprivileged user (eg. su -c /usr/local/bin/beforesmtp nobody &), but if so the user must have read-access to the logs and write-access to the db file (obviously).

Latest [dogfood] version

Version 0.2: script. Licence: GPL.