I would Dave..

----- Original Message ----- 
To: <vchkpw@inter7.com>
Sent: Thursday, September 22, 2005 10:50
Subject: Re: [vchkpw] chkuser 2.0.8b

> Tom Collins wrote:
>> On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
>>> if you're supporting AUTH, you really should use TLS as well. 
>>> otherwise you're allowing your users to send their passwords across 
>>> the internet in plain text- and all it takes is one spammer with a 
>>> packet sniffer to use your machine as a relay.
>> If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the 
>> cleartext password.
>> TLS is a good idea, but getting your users to enable it in their clients 
>> can be a challenge.  It's hard enough explaining how to enable SMTP AUTH!
>> Here's an idea, how about a Wiki page dedicated to instructions on 
>> setting SMTP AUTH in various email clients?  People could contribute by 
>> taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' or 
>> some similar username.
>> A more ambitious project would be to use PHP and GD with the proper 
>> fonts to automatically fill in the fields and generate a completely 
>> custom "how to" page.  Any ISP could use it, and make use of hidden 
>> fields to enable/disable certain features (like 'user port 587 for 
>> outbound smtp', 'enable TLS', 'use full email address as username', 'use 
>> smtp.server.com for outbound email', etc.).  The end user could enter 
>> their name, email address and email client and get a one-page printout 
>> instructing them on how to set everything up.
> If screen shots were provided, any of the PDF generators for PHP could 
> provide a custom PDF file with ISP branding for downloading on demand.
> Interesting Idea...... We are in the middle of moving our entire 
> operation, NOC and office. But afterwards maybe, would anyone be 
> interested in this if I did it?
> DAve
>> -- 
>> Tom Collins  -  [EMAIL PROTECTED]
>> QmailAdmin: http://qmailadmin.sf.net/  Vpopmail: http://vpopmail.sf.net/
>> You don't need a laptop to troubleshoot high-speed Internet: sniffter.com

Reply via email to