Re: [spf-webmasters] Re: SPF and SMTP AUTH

Mon, 15 May 2006 13:58:24 -0700 

On Mon, 15 May 2006, Julian Mehnle wrote:

> > M$ does not support secure passwords - only LOGIN (and NTLM which is
> > effectively plaintext).  LOGIN works on a cleartext connection, but once
> > a spammer gets your plaintext login packet, your MTA is his open relay.
> > This means that we must use SSL or STARTTLS.  M$ supports STARTTLS on
> > port 25 only, and hotels often block port 25, so that leaves port 465
> > with SSL (SMTPS). That works without AUTH.  However, if we check "Server
> > requires authentication", of configure the server to require
> > authentication, Outlook Express (which we have nicknamed Outhouse)
> > collects a password, but never authenticates when the connection is
> > encrypted.
> 
> That's not true.  Using Outlook Express "5.50.4952.2800", I just submitted 
> messages to my MSA via SMTP+TLS on port 25:
> 
>   Received: from nova (ppp-82-135-6-23.mnet-online.de [::ffff:82.135.6.23])
>     (AUTH: LOGIN [EMAIL PROTECTED], TLS: TLSv1/SSLv3,128bits,RC4-MD5)
>     by io.link-m.de with esmtp; Mon, 15 May 2006 20:29:17 +0000
>     id 00003F01.4468E49D.0000723A
> 
> ...as well as via SMTPS on port 465:
> 
>   Received: from nova (ppp-82-135-6-23.mnet-online.de [::ffff:82.135.6.23])
>     (AUTH: LOGIN [EMAIL PROTECTED], SSL: TLSv1/SSLv3,128bits,RC4-MD5)
>     by io.link-m.de with esmtp; Mon, 15 May 2006 20:32:52 +0000
>     id 00003F01.4468E574.00007252

Outlook 6.00.2800.1123 has no such luck.  There doesn't seem to be 
a way to downgrade.  I just read Scott's note from Postfix that Outlook
uses "AUTH=LOGIN" instead of "AUTH LOGIN".  Perhaps sendmail-8.13.6
needs a work around for that ...  

That is the sort of thing the web page is intended to collect.

-- 
              Stuart D. Gathman <[EMAIL PROTECTED]>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flammis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.

-------
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to http://v2.listbox.com/member/[EMAIL PROTECTED]

Reply via email to