On 05/29/03 at 14:45, Chris Wagner opined: > Or is that a client thing?
It's a client thing. After the client sends its EHLO, SIMS tells the client what AUTH methods it supports (if 'Advertise AUTH' is enabled in the SMTP service settings). Then it's up to the client to decide which of the advertised methods to use. The only way the server could force a client to use a particular AUTH method would be to not list any others in its EHLO response. AFAIK, this is not something that you can configure in SIMS, although I suppose the brave of heart might be able to discover and edit SIMS' response string with ResEdit. > Sorry for the double-reply. > > Chris > > > From: "Craig Bowers" <[EMAIL PROTECTED]> > > Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]> > > Date: Thu, 29 May 2003 12:36:12 -0700 > > To: "SIMS Discussions" <[EMAIL PROTECTED]> > > Subject: Re: SMTP AUTH security/passwords transmitted in the clear? > > > > > >> The only question I have is since the passwords are sent in the > >> clear with SMTP AUTH (as opposed to APOP which encrypts passwords) > >> has there ever been a known case of a hacker intercepting SMTP > >> AUTH password transmissions to gain relay abilities on a mail > >> server? This seems to be a security concern whereas with the APOP > >> check before send hack I can't see any real security hole > >> (especially with a 15 or 30 second "window" during which > >> authenticated IPs are treated as clients). > > > > Well actually the SMTP AUTH doesn't have to be plain text. You'll > > see SIMS supports LOGIN PLAIN and CRAM-MD5, if you telnet to SIMS > > on port 25, and type EHLO > > > > Now as to the issue of what the clients support, you might consult a > > table such as: > > http://members.elysium.pl/brush/smtp-auth/client.html -- Christopher Bort | [EMAIL PROTECTED] Webmaster, Global Homes | [EMAIL PROTECTED] <http://www.globalhomes.com/> ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
