So if clients are running Outlook Express, then we can just set them up to use SMTP authentication and it should work that way (with the CRAM-MD5 "encryption")?
Or is CRAM-MD5 an encryption technique, per se? Thanks! Chris > From: Global Homes Webmaster <[EMAIL PROTECTED]> > Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]> > Date: Thu, 29 May 2003 12:55:19 -0700 > To: "SIMS Discussions" <[EMAIL PROTECTED]> > Subject: Re: SMTP AUTH security/passwords transmitted in the clear? > > On 05/29/03 at 14:45, Chris Wagner opined: > >> Or is that a client thing? > > It's a client thing. After the client sends its EHLO, SIMS tells the client > what AUTH methods it supports (if 'Advertise AUTH' is enabled in the SMTP > service settings). Then it's up to the client to decide which of the > advertised methods to use. The only way the server could force a client to > use a particular AUTH method would be to not list any others in its EHLO > response. AFAIK, this is not something that you can configure in SIMS, > although I suppose the brave of heart might be able to discover and edit > SIMS' response string with ResEdit. > >> Sorry for the double-reply. >> >> Chris >> >>> From: "Craig Bowers" <[EMAIL PROTECTED]> >>> Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]> >>> Date: Thu, 29 May 2003 12:36:12 -0700 >>> To: "SIMS Discussions" <[EMAIL PROTECTED]> >>> Subject: Re: SMTP AUTH security/passwords transmitted in the clear? >>> >>> >>>> The only question I have is since the passwords are sent in the >>>> clear with SMTP AUTH (as opposed to APOP which encrypts passwords) >>>> has there ever been a known case of a hacker intercepting SMTP >>>> AUTH password transmissions to gain relay abilities on a mail >>>> server? This seems to be a security concern whereas with the APOP >>>> check before send hack I can't see any real security hole >>>> (especially with a 15 or 30 second "window" during which >>>> authenticated IPs are treated as clients). >>> >>> Well actually the SMTP AUTH doesn't have to be plain text. You'll >>> see SIMS supports LOGIN PLAIN and CRAM-MD5, if you telnet to SIMS >>> on port 25, and type EHLO >>> >>> Now as to the issue of what the clients support, you might consult a >>> table such as: >>> http://members.elysium.pl/brush/smtp-auth/client.html > > -- > Christopher Bort | [EMAIL PROTECTED] > Webmaster, Global Homes | [EMAIL PROTECTED] > <http://www.globalhomes.com/> > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[EMAIL PROTECTED]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
