On Dec 13, 2005, at 10:47 PM, Ismail YENIGUL wrote:
I want to use TLS and SMTP Auth functionality on qmail. But I need a
restriction for clear text SMTP Auth. I would like to disable
plaintext authentication methods (PLAIN, LOGIN) on my SMTP server for
unencrypted (non-SSL/TLS) sessions. But I want to use these methods
(PLAIN, LOGIN) for encrypted (SSL/TLS) sessions.
How can I overcome this problem?
You could modify qmail-smtpd to set a flag when it goes into STARTTLS
mode (if there isn't already one there) and then have it ignore the
PLAIN and LOGIN auth methods if it hasn't been started. You'll
probably want to remove those methods from the list of ones advertised
as available.
If you're running a separate copy of qmail-smtpd on port 465, you'll
need to make sure your qmail-smtpd patch knows when it's running on an
already-secure connection (and not disable PLAIN and LOGIN).
It shouldn't be too difficult, and I wouldn't be surprised if there
isn't already a patch out there to do it. I'd recommend controlling it
with an environment variable. That way you can enable this feature
(disabling PLAIN and LOGIN) for the port 25 copy of qmail-smtpd only.
And, if you convince Bill to add it to his toaster, it's only enabled
for the people who want to use it.
Tom Collins
Tom Logic LLC
PO Box 5717
Napa, CA 94581
(707) 265-6622
(707) 265-6646 fax
[EMAIL PROTECTED]
