In <1328881573.60206.yahoomail...@web171202.mail.ir2.yahoo.com>, on 02/10/2012 at 01:46 PM, Eric Loriaux <eric_lori...@yahoo.fr> said:
>I'm currently trying to use CSSMTP with an SMTP server that will >require AUTH LOGIN. Our IBM support saids it is not supported y >CSSMTP and indeed it doesn't work. RFC 4954 is half a decade old and RFC 2554 is over a decade old; it is hardly surprising that mail servers are requiring SMTP-AUTH. RFC 4409 and RFC 6409 require a Mail Submission Agent to enforce its use in most cases. It shouldn't be too hard to make a business case if you submit a requirement to IBM. >For that purpose, a special command is supposed to be added to the >usual SMTP command sequence (just after EHLO command), that is : > >AUTH LOGIN Be aware that RFC 4954 specifies Note: A server implementation MUST implement a configuration in which it does NOT permit any plaintext password mechanisms, unless either the STARTTLS [SMTP-TLS] command has been negotiated or some other mechanism that protects the session from password snooping has been provided. Server sites SHOULD NOT use any configuration which permits a plaintext password mechanism without such a protection mechanism against password snooping. So even if plaintext is enough for the time being, any requirement you submit to IBM should ask for a full implementation. >Have you had the same problem ? Yes. >What did you do ? I asked the vendor of my e-mail client to add SMTP-AUTH support. In my case plaintext was adequate, but I wouldn't be surprised if I had to upgrade in the future. -- Shmuel (Seymour J.) Metz, SysProg and JOAT ISO position; see <http://patriot.net/~shmuel/resume/brief.html> We don't care. We don't have to care, we're Congress. (S877: The Shut up and Eat Your spam act of 2003) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN