-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stuart D. Gathman wrote:
> I am proposing to create a page:
>
> "SMTP_AUTH"
>
> which collects how to implement SMTP AUTH. SPF is the "killer
> application" that requires SMTP AUTH for roaming users so they can send
> mail on the road with a "-all" SPF policy for their domain.
I think it's a good idea, but I'd call the page "SMTP Authentication".
> There are a number of web pages which attempt to do this, which it can
> link to, but all of them dance around the big snag:
>
> Outlook Express (and as far as I can tell Outlook, although I don't
> have a copy to test) can't do SMTP AUTH in any useful way. Thunderbird
> 1.5.0.2, for the record, works out of the box with either STARTTLS,
> secure password, or both.
>
> M$ does not support secure passwords - only LOGIN (and NTLM which is
> effectively plaintext). LOGIN works on a cleartext connection, but once
> a spammer gets your plaintext login packet, your MTA is his open relay.
> This means that we must use SSL or STARTTLS. M$ supports STARTTLS on
> port 25 only, and hotels often block port 25, so that leaves port 465
> with SSL (SMTPS). That works without AUTH. However, if we check "Server
> requires authentication", of configure the server to require
> authentication, Outlook Express (which we have nicknamed Outhouse)
> collects a password, but never authenticates when the connection is
> encrypted.
That's not true. Using Outlook Express "5.50.4952.2800", I just submitted
messages to my MSA via SMTP+TLS on port 25:
Received: from nova (ppp-82-135-6-23.mnet-online.de [::ffff:82.135.6.23])
(AUTH: LOGIN [EMAIL PROTECTED], TLS: TLSv1/SSLv3,128bits,RC4-MD5)
by io.link-m.de with esmtp; Mon, 15 May 2006 20:29:17 +0000
id 00003F01.4468E49D.0000723A
...as well as via SMTPS on port 465:
Received: from nova (ppp-82-135-6-23.mnet-online.de [::ffff:82.135.6.23])
(AUTH: LOGIN [EMAIL PROTECTED], SSL: TLSv1/SSLv3,128bits,RC4-MD5)
by io.link-m.de with esmtp; Mon, 15 May 2006 20:32:52 +0000
id 00003F01.4468E574.00007252
I know from earlier experience that Outlook can do it, too (at least since
Outlook 98).
My MSA definitely does NOT accept messages without authentication.
> The solutions on other web pages either have Outlook using LOGIN over a
> cleartext connecting (unacceptable) or using STARTTLS/SSL without
> authentication (unacceptable). Maybe I've missed a good solution.
I wonder where you picked up the _problem_ in the first place.
Or maybe I'm doing something wrong wrongly, causing it to inadvertently
work (or appear to work)?
> In any case, I'm thinking the page should be on the community section,
...be _part_ of the community section, or merely be _linked_ from the
community section? If the page doesn't net-benefit from being able to be
edited by anyone who comes by, then I think it should not be _part_ of the
community section. Having links never harms, though.
> and with people trying to actually SMTP AUTH for what it was intended
> might find an answer. For many users, telling them to install
> Thunderbird solves the problem.
That's always a good solution ;-), although TB has some deficiencies of its
own compated to OE...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEaOg8wL7PKlBZWjsRAk9YAKDun6LxIga2Pylhr/ifyZbAW1UdeACggxbh
ecp+tq7MTYP+kdmkrhVq2a0=
=Uf0Y
-----END PGP SIGNATURE-----
-------
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/[EMAIL PROTECTED]
