[67505] in North American Network Operators' Group
Re: SMTP authentication for broadband providers
daemon@ATHENA.MIT.EDU (Will Yardley)
Tue Feb 10 20:55:42 2004
Date: Tue, 10 Feb 2004 17:55:03 -0800
From: Will Yardley <william+nanog@hq.dreamhost.com>
To: nanog@merit.edu
Mail-Followup-To: nanog@merit.edu
In-Reply-To: <E989917C9FF25240A201E888E83DF32F01462968@EXCHANGE5.corp.ptd.net>
Errors-To: owner-nanog-outgoing@merit.edu
On Tue, Feb 10, 2004 at 08:42:29PM -0500, Dan Ellis wrote:
> I'm looking for comments on whether this is generally seen as a positive
> change or a waste of time (ie - will the next virus or worm gleam your
> SMTP username and password from Outlook Express and use it to
> replicate/SPAM)?
I've only seen one virus or worm so far that has done this (we are a
hosting provider, so any users who use our mail servers are using SMTP
authentication).
> Is anyone aware of any well known mail clients that do not support SMTP
> authentication (Unix, Windows or Mac)?
Not many of the major ones. There are some differences in the
authentication methods supported, however - many don't support methods
other than LOGIN and / or PLAIN. There are also (surprise) some
client-specific bugs with various mailers... Lookout Distress (version
4) for example, has some problems; see the "broken_sasl_auth_clients"
config directive if you're using Postfix (google for that string to find
out more information about this particular problem).
--
"Since when is skepticism un-American?
Dissent's not treason but they talk like it's the same..."
(Sleater-Kinney - "Combat Rock")
