On 2005-09-22, at 1234, Tom Collins wrote:
On Sep 22, 2005, at 1:42 AM, John Simpson wrote:
if you're supporting AUTH, you really should use TLS as well. otherwise you're allowing your users to send their passwords across the internet in plain text- and all it takes is one spammer with a packet sniffer to use your machine as a relay.

If you use CRAM-MD5 for the AUTH method, it's impossible to sniff the cleartext password.

the design of CRAM requires that the server have a list of plain-text password, regardless of the hashing algorithm it uses.

if somebody cracks your machine (and for the sake of security you have to assume that they eventually will) the bad guys will now have a list of all of your users' passwords in plain text, making it possible to not only read your users' email, but relay spam through your server.

TLS is a good idea, but getting your users to enable it in their clients can be a challenge. It's hard enough explaining how to enable SMTP AUTH!

er... telling a user to turn on the "use TLS" or "use SSL" checkbox and possibly change a port number isn't hard. i've been building, running, and consulting for ISP's for ten years now, and if you manage the process correctly, it's not hard.

it's like any other "settings change"... you set things up so that both the "old" and "new" settings will work, and then leave that in place for a month. tell the users that you've made this change to improve their service, the new settings are in this email or at such- and-such web page, and they have until such-and-such date to change their settings. during the month, your tech support people ask every customer they come in contact with if they've changed their settings, and if not they walk them through it on the spot. then when the end date arrives, most of your customers will have switched, and you can turn the "old" stuff off without killing your tech support people. then when that final rush of calls dies down, buy pizza for the tech support department to thank them for their extra effort.

at least that's how i've always done it, and it's always worked out pretty well.

| John M. Simpson - KG4ZOW - Programmer At Large |
| http://www.jms1.net/           <[EMAIL PROTECTED]> |
| Mac OS X proves that it's easier to make UNIX  |
| pretty than it is to make Windows secure.      |

Attachment: PGP.sig
Description: This is a digitally signed message part

Reply via email to