sounds good to me!

----- Original Message ----- 
From: "Tom Collins" <[EMAIL PROTECTED]>
To: <>
Sent: Thursday, September 22, 2005 10:34
Subject: Re: [vchkpw] chkuser 2.0.8b

> On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
>> if you're supporting AUTH, you really should use TLS as well. 
>> otherwise you're allowing your users to send their passwords across 
>> the internet in plain text- and all it takes is one spammer with a 
>> packet sniffer to use your machine as a relay.
> If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the 
> cleartext password.
> TLS is a good idea, but getting your users to enable it in their 
> clients can be a challenge.  It's hard enough explaining how to enable 
> Here's an idea, how about a Wiki page dedicated to instructions on 
> setting SMTP AUTH in various email clients?  People could contribute by 
> taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' 
> or some similar username.
> A more ambitious project would be to use PHP and GD with the proper 
> fonts to automatically fill in the fields and generate a completely 
> custom "how to" page.  Any ISP could use it, and make use of hidden 
> fields to enable/disable certain features (like 'user port 587 for 
> outbound smtp', 'enable TLS', 'use full email address as username', 
> 'use for outbound email', etc.).  The end user could 
> enter their name, email address and email client and get a one-page 
> printout instructing them on how to set everything up.
> --
> Tom Collins  -  [EMAIL PROTECTED]
> QmailAdmin:  Vpopmail:
> You don't need a laptop to troubleshoot high-speed Internet: 

Reply via email to