> -----Message d'origine----- > De : Ross Gohlke [mailto:[EMAIL PROTECTED] > Envoyé : vendredi 9 septembre 2005 17:45 > À : [email protected] > Objet : [xmail] Re: XMail + SSL patch > > > > Alas, I'm on FreeBSD! Is there Linux stunnel? > > PGP would protect the mail itself, but is a separate issue > from securing > SMTP Auth, no? What I'm trying to do right now is protect the ACCOUNT > INFORMATION. > > Even if it's unlikely that someone would sniff my users' > packets, what's > to stop a spammer from snagging random SMTP username/pass of > the Net and > using that server to send spam? I'm just trying to be consistent.
Really I never seen spam programs using existing username/passwords !! Nor I see spam programs trying to authenticate ... But it could be in future The only cases for this type of spam attack are generaly due to previous intrusion in mail servers to get the accounts infos ... so protect you server carefully ... And on the customer side, it is the customer responsability to protect the accounts informations ... > > For anyone running a commercial service for users, such > issues must be > considered. > We do commercial services (and many xmail admins on this list too), and most use 'standard' auths because most client softwares accept them and easier to configure at client side that any 'tunnel'. In these 'rare' cases, you could use the other tunneling protocols (ipsec, pptp, l2tp) between the 'secret' customers and you server because these protocols are generally supported by many os (linux, freebsd, windows) on customer side. > Thanks for all the feedback. > > > But well, it might work - give it a try Ross. > > > ross > > Francis - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
