Title: Re: [vchkpw] SMTP Auth HOWTO?


>Hello Jeremy,
>Friday, May 21, 2004, 5:20:40 PM, you wrote:
>JK> On Friday 21 May 2004 10:21 am, [EMAIL PROTECTED] wrote:

>>>EH> This is only true for SMTP Authentication of type "plain" and "login".
>>>EH> With CRAM-MD5 its quite save.
CRAM-MD5 makes it safer, not "quite safe".

>>>Yes, it's 'quite' safe, but You still reveal Your e-mailadress.
>>>If there are many hops between Your workstation and the smtpserver,
>>>You can get some spam in return.
>JK> I am truly amazed at that statement.

This sounds pretty ridiculous to me also. People who spend inordinate
amounts of time actually worrying about having their traffic sniffed,
probably shouldn't be using anything remotely resembling common internet


>I agree on this.  But why to promote smtp-auth in plaintext, cram when You have smtps
>to secure the stream up to Your mailserver (one step), but in this
>step, You 'can' have many hops between You and Your workstation, so
>this stream is the first to protect anyway.  I agree on the fact there
>aren't many TLS servers, but if everyone do his own part to install
>the TLS option, we have in a little decade a much nicer place to have
>secure mail transport.  If people stich with smtp-auth, we never get

Some of us don't actually have the luxury of smtp-tls because we have
one physical mail server, or cluster thereof, serving multiple domains.
These domains are all "hidden" from each other, so unless we start
running separate smtpd instances, with their own configs, separate IPs
we cannot present a certificate to each client that'd match what their
mail client expects.

>(note: even Your soft, courier-imap seems to have an option for
>spamass, would be nice to see Dspam(.org) instead)

I think this'd be a "show us the code" request. There are quite a few
ways to use spamassassin where its not a ridiculous memory hog
(spamc/spamd for one).

Nick Harring
Webley Systems

Reply via email to