Hi, I had been relying on the check-before-send hack and requiring APOP to create what I considered a secure solution (secure as in cant be used as an open relay).
However, sure enough even with only TWO users both forgot they had to check before send within a few weeks and bothered me with "I can't send email to outside addresses". So I give up and will use SMTP AUTH instead, I found a webpage ( http://www.pageplanet.com/smtpauth/index.html ) that describes how to configure clients to do SMTP AUTH. The only question I have is since the passwords are sent in the clear with SMTP AUTH (as opposed to APOP which encrypts passwords) has there ever been a known case of a hacker intercepting SMTP AUTH password transmissions to gain relay abilities on a mail server? This seems to be a security concern whereas with the APOP check before send hack I can't see any real security hole (especially with a 15 or 30 second "window" during which authenticated IPs are treated as clients). However, the hack is no good because users can't remember to do it. So are there any real worries about in the clear transmission of SMTP AUTH passwords? Steve ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
