On 11/21/2007 09:22 AM, Jean-Paul van de Plasse wrote:
Hi Adam,
You are right about the advertising...
Did see that also.. but it does make login in go wrong so to say :)
Anyways there is no option now to stop this advertising from happening,
I did not think this would be needed when I patched the require auth
code in..
Wrong thinking it seems now..
Should be a small change to get what you want, but it requires coding..
Will try to see if I can find some time later today..
JP
JP,
I agree that it does serve the purpose of letting the user know
authentication won't work without changing to use SSL. They will
probably only try it once or twice before they switch and then it's not
an issue anymore.
However, all it takes is those one or two times for someone's
credentials to get sniffed. Credentials shouldn't be sent in the clear
period even once. IMO auth should only be advertised if the connection
is secure.
For reference on how I am accomplishing this with my qmailrocks machine,
I use John Simpson's combined qmail patch
(http://qmail.jms1.net/patches/combined-details.shtml). The particular
feature I'm referring to is located at
http://qmail.jms1.net/scripts/service-qmail-smtpd-run.shtml under the
section called "Options for the AUTH command."
Thanks for your help on this.
Adam
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
