Marcus Ilgner pisze: > On Tue, Dec 9, 2008 at 10:16 AM, Paweł Tęcza <[EMAIL PROTECTED]> wrote: >> Sam Varshavchik pisze:
>>> Clients are not supposed to authenticate unless the server advertises this >>> capability, however it's possible that buggy clients will blindly try to >>> authenticate even if the server doesn't advertise AUTH support. >> >> But all clients, buggy and not, will not send message via my server if >> they try to use non-encrypted connections. Then they should see an error >> message like "513 Relaying denied.". Right? > > Yes but if I understand correctly the problem in this case is that by > then the password has already been sent over the network without > issuing STARTTLS. Hello Marcus, You're right. It's security problem, but I can't see any good solution here. Probably I can only ask a user to change his password when he will raport us that he is not able to send message without TLS/SSL. My best regards, Pawel ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
