Re: [exim] exim 4.4 authentication

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Tony Finch
Datum:  
To: Christopher Chaduka
CC: exim-users
Betreff: Re: [exim] exim 4.4 authentication
On Mon, 14 Mar 2005, Christopher Chaduka wrote:
>
> The reason for putting an IP or IPs there is for cases where you don't
> need some clients with fixed addresses to auth, e.g. your LAN


You don't want to do that, because it exposes your users to
man-in-the-middle attacks. It is MUCH better to allow authentication from
everywhere, and tell your users to configure their software to REQUIRE
secure authentication. Many MUAs make it easy to configure this to be
optional, which makes users likely to have their outgoing email
intercepted by an SMTP proxy firewall, which can lead to incorrect email
routeing and possible rejection or loss of messages.

Tony.
--
<fanf@???> <dot@???> http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}