Piotr Roszatycki wrote:
> I've tried to convince the Debian maintainer to include this patch to
> the Debian package. Unfortunately, he wants to be close to the
> upstream source.
Taking a quick look at the relevant RFC[1] the only place AUTH= is
defined is when used in conjunction with MAIL FROM. Thus it would be
syntactically incorrect to supply "AUTH=xx" to the MUA upon connection
negotiation.
It seems that Outlook Express 4 is rather out of date anyway, OE6 is now
shipped with IE and Windows. In the interests of wider security, does
OE4 really fit in now?
Patching the mail server in order to counteract bad behaviour by clients
is not, in my opinion, the correct solution here.
David
1 -
http://www.faqs.org/rfcs/rfc2554.html