On Thu, 27 Jul 2000, Marc MERLIN wrote:
> Looks like my post didn't get through, so I'm resending a slightly modified
> version:
>
> I'm trying to configure SMTP AUTH on my new server so that users travelling
> (and using netscape) and relay Email through our server.
> The problem is that I'm not about to let them send their password in
> plaintext (I'm authenticating against the main password database). I know
> it's really base 64, but that's plaintext equivalent.
I wouldnt bother. The odds of someone who wants to spam through your
server, having access to sniff network traffic, and having the time and
inclination to site there for days watching for passwords in the
terabytes of traffic passing through, multiplied by the amount of
damage they could do with one password, multiplied by the trouble it
would take to change the password they managed to sniff...........
Do you allow them to use POP from outside your network? Have you
implented a working SSL solution there too? If not, then you already
have passwords passing in direct plain text (not even BASE64 encoded)..
IMNSHO, SSL for SMTP relay (at least until the protocols are set in
stone, and evey possible mail client implements them, correctly, and in
a compatible manner), is simply not worth the hassle.
>
> I have stunnel working and all (works fine for imap), and I've read the C027
> file in the exim samples, but I'm not getting very far with netscape talking
> to exim.
> I've found on the web that recent netscapes don't talk to the ssmtp port
> (although I can force them to do so by specifying mailserver:465) but just
> in case, I have stunnel listening on both ports:
> root 4886 0.0 0.0 2588 1440 ? S 01:05 0:00 /usr/sbin/stunnel -p /etc/ssl/certs/stunnel.pem -d smtp -l /usr/sbin/exim -- exim -C /etc/exim-ssl.conf -bs
> root 4888 0.0 0.0 2432 1292 ? S 01:05 0:00 /usr/sbin/stunnel -p /etc/ssl/certs/stunnel.pem -d ssmtp -l /usr/sbin/exim -- exim -C /etc/exim-ssl.conf -bs
>
> Yet, when netscape connects to send a message, I see the 3 way TCP
> handshake, and then nothing. Netscape seems to be waiting for the SMTP
> banner whereas stunnel is waiting for SSL stuff.
> On netscape, I've tried "use SSL for outgoing messages" "if possible" and
> "always"
>
> After looking on the web, it's not clear whether SMTP/SSL works at all with
> netscape 4.5+, people seem to use TLS. I've seen the patch in the archives
> for exim 3.03, with the warnings.
>
> So, does anyone have a reliable way to do SSL with netscape 4.5+ and exim?
>
> Thanks,
> Marc
>
--