Re: [exim] auth_hack_outlook4 for Exim4

Top Page
Delete this message
Reply to this message
Author: David Cannings
Date:  
To: exim-users@exim.org
Subject: Re: [exim] auth_hack_outlook4 for Exim4
Piotr Roszatycki wrote:
> I've tried to convince the Debian maintainer to include this patch to
> the Debian package. Unfortunately, he wants to be close to the
> upstream source.


Taking a quick look at the relevant RFC[1] the only place AUTH= is
defined is when used in conjunction with MAIL FROM. Thus it would be
syntactically incorrect to supply "AUTH=xx" to the MUA upon connection
negotiation.

It seems that Outlook Express 4 is rather out of date anyway, OE6 is now
shipped with IE and Windows. In the interests of wider security, does
OE4 really fit in now?

Patching the mail server in order to counteract bad behaviour by clients
is not, in my opinion, the correct solution here.

David

1 - http://www.faqs.org/rfcs/rfc2554.html