SMTP Auth Options (Re: [exim] ignore spam scanning of outgoi…

Góra strony
Delete this message
Reply to this message
Autor: Tor Slettnes
Data:  
Dla: Alan Thew
CC: Exim users list, Alan Flavell
Stare tematy: Re: [exim] ignore spam scanning of outgoing mail
Temat: SMTP Auth Options (Re: [exim] ignore spam scanning of outgoing mail)

On Oct 28, 2004, at 12:02, Alan Thew wrote:
> On Wed, 27 Oct 2004 09:17 , Tor Slettnes <tor@???> said:
>> Alan J. Flavell wrote:
>>> (For some reason, it seems to be laptop Mac OS X users who can't get
>>> that right. Doesn't their mailer have any option to say
>>> "authenticated if available", in the way that more-familiar mailers
>>> such as Mozilla-family or PINE have? But I digress.)
>>
>> No. Authentication settings for outgoing servers in Mail.app are
>> "None", "Password", "MD5" (which means CRAM-MD5, unfortunately), and
>> Kerberos v4 and v5. Couldn't you have them always authenticate, even
>> when within your premises?
>
> I'm not a Mac user but OS 10.2 and above support authentication (our
> Mac users use it).


I do not think anyone disputed that.

On a side note, a one-size-fit-all "secure" authentication scheme is
somewhat of an elusive target. Your options are:

   - TLS/SSL.  Unfortunately, this requires that you get a SSL
     server certificate from a "trusted" CA, such as Verisign
     (this can be expensive for smaller / non-commerical outfits),
     or that you sign with your own CA, and then guide your users
     through installing your root certificate in various OSes/clients
     (i.e. Windows/Outlook Express, Windows/Mozilla, Mac OS X Keychain..)


   - CRAM-MD5, DIGEST-MD5 or Kerberos authentication.
     This protects your password even over a non-encrypted connection,
     but unfortunately, Outlook / Outlook Express do not support MD5
     very well.  If you choose to "Use Secure Password Authentication"
     in the SMTP server properties, you need to re-enter your server
     username/password every time you send a mail.


   - Use Outlook "Secure Password Authentication" with a Windows domain
     server.  (That would be the MTA, and would only support Windows
     clients).



-tor