Re: [vchkpw] relay, smtp after pop

[Michael Krieger]

I know that it was broken on one of our mail servers a few years ago (where it advertised it but then didn't authenticate properly) and we got <10% of users properly authenticating and >90% of them not (these are if I recall correctly and are of course rough numbers.  The general observation I find is that most mail clients use as much of the protocol as they know.

So no claim/fact that's enough to go by, but pop RECORDIO on your pop or smtp server, and tail -F (capital to follow the file name itself) the current file and see how many of your authentications are mangled, be it by challenge-response or that are short and plain text.  There may be more recognizable sections to look at.

-M

Paul Theodoropoulos <[EMAIL PROTECTED]> wrote:

At 10:48 AM 3/24/2006, Michael Krieger wrote:

>Keeping in mind most SMTP uses CRAM-MD5 or some equivalent these
>days with some portion of challenge/response from the server for
>authentication details... this of course happens automatically.

do you have a source for the claim of 'most'? just curious.



Paul Theodoropoulos
http://www.anastrophe.com
http://www.smileglobal.com
http://www.forumgarden.com