sounds good to me!
----- Original Message -----
From: "Tom Collins" <[EMAIL PROTECTED]>
Sent: Thursday, September 22, 2005 10:34
Subject: Re: [vchkpw] chkuser 2.0.8b
> On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
>> if you're supporting AUTH, you really should use TLS as well.
>> otherwise you're allowing your users to send their passwords across
>> the internet in plain text- and all it takes is one spammer with a
>> packet sniffer to use your machine as a relay.
> If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the
> cleartext password.
> TLS is a good idea, but getting your users to enable it in their
> clients can be a challenge. It's hard enough explaining how to enable
> SMTP AUTH!
> Here's an idea, how about a Wiki page dedicated to instructions on
> setting SMTP AUTH in various email clients? People could contribute by
> taking screen shots of their setup, preferably with '[EMAIL PROTECTED]'
> or some similar username.
> A more ambitious project would be to use PHP and GD with the proper
> fonts to automatically fill in the fields and generate a completely
> custom "how to" page. Any ISP could use it, and make use of hidden
> fields to enable/disable certain features (like 'user port 587 for
> outbound smtp', 'enable TLS', 'use full email address as username',
> 'use smtp.server.com for outbound email', etc.). The end user could
> enter their name, email address and email client and get a one-page
> printout instructing them on how to set everything up.
> Tom Collins - [EMAIL PROTECTED]
> QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/
> You don't need a laptop to troubleshoot high-speed Internet: