On Mon, 14 Mar 2005, Christopher Chaduka wrote:
>
> The reason for putting an IP or IPs there is for cases where you don't
> need some clients with fixed addresses to auth, e.g. your LAN
You don't want to do that, because it exposes your users to
man-in-the-middle attacks. It is MUCH better to allow authentication from
everywhere, and tell your users to configure their software to REQUIRE
secure authentication. Many MUAs make it easy to configure this to be
optional, which makes users likely to have their outgoing email
intercepted by an SMTP proxy firewall, which can lead to incorrect email
routeing and possible rejection or loss of messages.
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
