sounds good to me! Remo ----- Original Message ----- From: "Tom Collins" <[EMAIL PROTECTED]> To: <vchkpw@inter7.com> Sent: Thursday, September 22, 2005 10:34 Subject: Re: [vchkpw] chkuser 2.0.8b
> On Sep 22, 2005, at 1:42 AM, John Simpson wrote: >> if you're supporting AUTH, you really should use TLS as well. >> otherwise you're allowing your users to send their passwords across >> the internet in plain text- and all it takes is one spammer with a >> packet sniffer to use your machine as a relay. > > If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the > cleartext password. > > TLS is a good idea, but getting your users to enable it in their > clients can be a challenge. It's hard enough explaining how to enable > SMTP AUTH! > > Here's an idea, how about a Wiki page dedicated to instructions on > setting SMTP AUTH in various email clients? People could contribute by > taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' > or some similar username. > > A more ambitious project would be to use PHP and GD with the proper > fonts to automatically fill in the fields and generate a completely > custom "how to" page. Any ISP could use it, and make use of hidden > fields to enable/disable certain features (like 'user port 587 for > outbound smtp', 'enable TLS', 'use full email address as username', > 'use smtp.server.com for outbound email', etc.). The end user could > enter their name, email address and email client and get a one-page > printout instructing them on how to set everything up. > > -- > Tom Collins - [EMAIL PROTECTED] > QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ > You don't need a laptop to troubleshoot high-speed Internet: > sniffter.com > >