At 18:12 22.09.2005 +0100, tonix (Antonio Nati) wrote:
At 17.34 22/09/2005, you wrote:
On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
if you're supporting AUTH, you really should use TLS as well. otherwise
you're allowing your users to send their passwords across the internet
in plain text- and all it takes is one spammer with a packet sniffer to
use your machine as a relay.
If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the
I don't bet on this. If you tape the SMTP dialoge, its easy to encrypt the
TLS is a good idea, but getting your users to enable it in their clients
can be a challenge. It's hard enough explaining how to enable SMTP AUTH!
Here's an idea, how about a Wiki page dedicated to instructions on
setting SMTP AUTH in various email clients? People could contribute by
taking screen shots of their setup, preferably with '[EMAIL PROTECTED]' or
some similar username.
You should start teaching yourself.
http://www.fehcom.de/qmail/smtpauth.html is your friend.
A more ambitious project would be to use PHP and GD with the proper fonts
to automatically fill in the fields and generate a completely custom "how
to" page. Any ISP could use it, and make use of hidden fields to
enable/disable certain features (like 'user port 587 for outbound smtp',
'enable TLS', 'use full email address as username', 'use smtp.server.com
for outbound email', etc.). The end user could enter their name, email
address and email client and get a one-page printout instructing them on
how to set everything up.
A better idea... The most of probably use qmail because there is vpopmail.
What about rewriting around vpopmail a modern, robust and customizable MTA
that does not force us to be acrobats in order to add functionalities to qmail?
Do you have considered how many changes vpopmail has undergone the last years ?
Did you ever do a code digest ?
Do you have the slightest idea how vchkpw works ?
First step would be to mantain the same schema and code of qmail,
rewriting all the code step by step, module after module. So, free from
Bernstein license, we could finally update and upgrade the MTA in a
If anything needs a rewrite, its vpopmail - qmail is perfect in the way it
is defined. Or course, since 1998 the requirements have changed.
In particular, most of the SMTP add-ones (as defined in the latest RFCs)
are (according to my personal oppinion) - useless.
We do have AC in our cars, DVD + surround sound, airbags, automatic
adjusting seats - but we still use four wheels and a benzine motor, driving
on badly-paved roads.
Qmail is a good car, but the road gets increasingly worse - adding DVD
players to your car doesn't really help.
Greets from the hurrican free Germany.
Tom Collins - [EMAIL PROTECTED]
QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/
You don't need a laptop to troubleshoot high-speed Internet: sniffter.com