Hello List,

On Friday, May 21, 2004 at 5:21:36 PM [EMAIL PROTECTED] wrote (at
least in part):

>>>In the OLD days, people were happy with SMTP-Auth.  I consider it LESS
>>>security as SMTP after POP, because with SMTP-Auth, You sent Your
>>>e-mailadress and Your password of Your mailbox over the internet.
>> This is only true for SMTP Authentication of type "plain" and "login".

>> With CRAM-MD5 its quite save.
> Yes, it's 'quite' safe, but You still reveal Your e-mailadress.
> If there are many hops between Your workstation and the smtpserver,
> You can get some spam in return.

Well, as you are this enlightened you'll for sure be able to tell me
the difference to POP authentication than, aren't you?
I don't talk about the different protocol; but in my limited
(inherited from my ancestors, which, as you stated, /pretended/ to be
the most bright) mind and with a lot of ignorance I thought POP3 sends
my username and pass as well. Using vpopmail for POP3 server the
username will most the time be my e-mail-address; exactly the same you
say it's insecure to send.

But I'm pretty sure you'll be able to tell me where my mistake is
located, because POP-b4-SMTP is, as you claimed yourself (see above),
MUCH MORE secure than SMTP-AUTH.

> More, Your mail is sent in plaintext.

Why do you mix "authentication method" and "connection security"? It's
two VERY different layers in communication model.
The one is layer 3/4, the other is layer 7 in OSI model.

There is NOTHING you can mix about them, there is NOTHING you can
compare them on. It's like comparing apples and plants. The plant
MIGHT be an apple tree, but you simply can't tell.

So please stop whining, write a SMTP-over-SSL-HOWTO and be happy.

> I prefer encrypted streams,

You're free to do. But what's the relation to a SMTP-AUTH problem?
Best regards
Peter Palmreuther

I am evil, I make the devil sign.

Reply via email to