While spamdyke can do both TLS and authentication, I don't see an option for requiring TLS when authenticating. I see smtp-auth-level settings of ondemand-encrypted and always-encrypted, but these -encrypted settings appear to refer to cram-md5, and they effect offering the protocol, not enforcing it. Also, my understanding is that cram-md5 is somewhat "old-style", and less secure than TLS/SSL.
It would be nice to be able to enforce from the server a policy of requiring TLS to be used with authentication, so that clients don't inadvertently send passwords in the clear. IOW, a setting that would check to be sure TLS was activated before processing any authentication command (possibly with the exception of cram-md5). It'd be great if this could work regardless of whether qmail or spamdyke is handling the encryption and/or authentication. Thanks Sam for all your great work on spamdyke. -- -Eric 'shubes' _______________________________________________ spamdyke-users mailing list [email protected] http://www.spamdyke.org/mailman/listinfo/spamdyke-users
