Re: [Exim] SMTP AUTH and SSL

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMarc MERLIN at <-
MMarc MERLIN at ->
Delete this message
Reply to this message
Author: Dave C.
Date:  
To: Marc MERLIN
CC: exim-users
Subject: Re: [Exim] SMTP AUTH and SSL
On Thu, 27 Jul 2000, Marc MERLIN wrote:

> Looks like my post didn't get through, so I'm resending a slightly modified
> version:
>
> I'm trying to configure SMTP AUTH on my new server so that users travelling
> (and using netscape) and relay Email through our server.
> The problem is that I'm not about to let them send their password in
> plaintext (I'm authenticating against the main password database). I know
> it's really base 64, but that's plaintext equivalent.

I wouldnt bother. The odds of someone who wants to spam through your
server, having access to sniff network traffic, and having the time and
inclination to site there for days watching for passwords in the
terabytes of traffic passing through, multiplied by the amount of
damage they could do with one password, multiplied by the trouble it
would take to change the password they managed to sniff...........

Do you allow them to use POP from outside your network? Have you
implented a working SSL solution there too? If not, then you already
have passwords passing in direct plain text (not even BASE64 encoded)..

IMNSHO, SSL for SMTP relay (at least until the protocols are set in
stone, and evey possible mail client implements them, correctly, and in
a compatible manner), is simply not worth the hassle.


> 
> I have stunnel working and all (works fine for imap), and I've read the C027
> file in the exim samples, but I'm not getting very far with netscape talking
> to exim.
> I've found  on the web  that recent netscapes don't  talk to the  ssmtp port
> (although I can  force them to do so by  specifying mailserver:465) but just
> in case, I have stunnel listening on both ports:
> root      4886  0.0  0.0  2588 1440 ?        S    01:05   0:00 /usr/sbin/stunnel -p /etc/ssl/certs/stunnel.pem -d smtp -l /usr/sbin/exim -- exim -C /etc/exim-ssl.conf -bs
> root      4888  0.0  0.0  2432 1292 ?        S    01:05   0:00 /usr/sbin/stunnel -p /etc/ssl/certs/stunnel.pem -d ssmtp -l /usr/sbin/exim -- exim -C /etc/exim-ssl.conf -bs

>
> Yet, when netscape connects to send a message, I see the 3 way TCP
> handshake, and then nothing. Netscape seems to be waiting for the SMTP
> banner whereas stunnel is waiting for SSL stuff.
> On netscape, I've tried "use SSL for outgoing messages" "if possible" and
> "always"
>
> After looking on the web, it's not clear whether SMTP/SSL works at all with
> netscape 4.5+, people seem to use TLS. I've seen the patch in the archives
> for exim 3.03, with the warnings.
>
> So, does anyone have a reliable way to do SSL with netscape 4.5+ and exim?
>
> Thanks,
> Marc
>

--




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] Delivery QuestionRe: [Exim] SMTP AUTH and SSL->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)