> Would it be better to prompt anyway for SMTP AUTH
> (it is not mandatory, but
> only a capability declaration, as I understand) and
> support further AUTH for
> authorized addresses too?
I was just wondering about it from a security
standpoint. Having an entire subnet/multiple IP
addresses defined as *Authorized* (and NOT asking for
SMTP AUTH) might pose a problem in cases where the
subnet/multiple IP's are compromised to
viruses/worms/trojans. Every machine would start
churning out hundreds of messages eventually getting
spooled by JAMES.
Hence, I believe having SMTP AUTH as a further step
for already AUTH'd addresses would work gud in this
situation.
Regards,
Lahu
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new resources site!
http://smallbusiness.yahoo.com/resources/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
