Author: Alan J. Flavell Date: To: Exim users list Subject: Re: [exim] Users wanting to send mail from a dial-up (ISP) connection
On Thu, 25 Nov 2004, Tim Jackson wrote:
> On 25 Nov 2004, Robert Cates wrote:
>
> > Simply put, I would like to know how to configure Exim (4.32) to allow a
> > user to send e-mail when he/she accesses by way of a dial-up connection
> > (e.g. from home), using e.g. Outlook Express.
>
> You need to use SMTP AUTH. That is, provide an authentication mechanism
> (typically username/password) which is given to the user and which they
> enter in their mail client for use when *sending* mail.
Indeed. I hope you won't mind me stressing that you need to make sure
that this happens *securely* (it's a hot topic here, due to a user
having exposed his credentials - ooh-er missus - in clear base64 while
trying to submit mail from a remote site).
As you say, there's many different ways to do it. But, as we found,
there are some situations where client software blunders ahead and
submits credentials over an unencrypted channel, despite having been
offered an encrypted one.
OK: if someone's monitoring the remote keyboard, then all bets are
off, and presumably one-time passwords are the only answer. But if
the user is in control of their client software, and hasn't allowed it
to be compromised, then an adequate solution is to verify that the
channel is encrypted. Problem is that at the mail server end, we can
only detect that the offence has happened, after it's too late. If we
then disable the account, our user - who is (to take an earlier case
that we had before) on a lecture tour of Taiwan - will not be amused.
