Autor: Alan J. Flavell Data: Para: Exim users list Assunto: Re: [exim] ignore spam scanning of outgoing mail
On Wed, 27 Oct 2004, Nigel Metheringham wrote:
> On Wed, 2004-10-27 at 09:17 -0700, Tor Slettnes wrote:
>
> > Couldn't you have them always authenticate, even when within your
> > premises?
>
> That seems far preferable in terms of being able to find someone to
> blame. I'd even consider the idea of allowing an authenticated user
> more leeway than one on an authorised ip address - are there any
> mass- mailing worms that can do SMTP authentication or steal a
> mechanism that has SMTP authentication?
In mitigation, I think I'd say that the original motive when
authenticated submission was introduced here, had been to maintain
minimal complexity (unsecured unauthenticated mail submission) for the
on-campus majority, while offering an additional facility (requiring
them to authenticate over a secure path) for an off-campus minority
who would be willing to learn a new trick.
It may well be that in the meantime, a sufficient usage shift has
occurred that the distinction is no longer realistic... Well, let's
just say that the issue is under active consideration here...
One of the problems in the academic environment is that we can make
user recommendations until we go blue in the face, but users /will/
run whatever mail client /they/ choose, irrespective of our
recommendations, and then they expect us to hold their hands when it
all goes squiffy...
Since the sysadmins wouldn't touch some of the mail clients that they
use, not even with an extremely long barge-pole, we really don't want
the hassle of being expected to tell them which checkboxes to check,
and how to cope with the fact that their client handles TLS in
non-standard ways, and what to do about their root server
certificates, and all that stuff that's liable to come up in practice.
