(My previous subject line was somewhat unclear - hence the re-phrase.) Has anyone found a way to make smtp_auth use another mechanism than "plain" or "login"? (e.g. CRAM-MD5, DIGEST-MD5, etc.)
On Thu, 2003-09-18 at 10:23, Thomas Klettke wrote: > My setup: > > qmail-ldap 2003-0801b > smtp-auth 20030801 > > All works, including smtp-authentication. > > My concerns: with the current configuration both - username and password > - are send from mail client to smtp server in base64 encoding - so > basically plain text. (A simple uudecode of a captured packet will show > the plain text.) > > After doing my home work with google on the subject I didn't find > anything on using some kind of encryption for this process, e.g. MD5. > > I'm aware that I could use the whole smtp session over SSL - but with > the common kind of user in mind I find it hard to convince everyone to > use SSL other than forcing them by simply not allowing clear text > sessions at all. > > Any hints/pointers are appreciated. > > Thanks, > Thomas > -- Thomas Klettke <[EMAIL PROTECTED]>
