>The only question I have is since the passwords are sent in the >clear with >SMTP AUTH (as opposed to APOP which encrypts passwords) has >there ever been >a known case of a hacker intercepting SMTP AUTH password >transmissions to >gain relay abilities on a mail server? This seems to be a >security concern >whereas with the APOP check before send hack I can't see any >real security >hole (especially with a 15 or 30 second "window" during which >authenticated >IPs are treated as clients).
Well actually the SMTP AUTH doesn't have to be plain text. You'll see SIMS supports LOGIN PLAIN and CRAM-MD5, if you telnet to SIMS on port 25, and type EHLO Now as to the issue of what the clients support, you might consult a table such as: http://members.elysium.pl/brush/smtp-auth/client.html ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
