Re: [exim] What's the best way to secure both SMTPandPOPauth…

Pàgina inicial
Delete this message
Reply to this message
Autor: Marc Sherman
Data:  
A: exim-users
CC: W B Hacker
Assumptes nous: Re: [exim] What's the best way to secure bothSMTPandPOPauthentication?
Assumpte: Re: [exim] What's the best way to secure both SMTPandPOPauthentication?
jtelep@??? wrote:
> Great, this helps so much. Thanks for your help Bill. So just for a
> quick recap to be sure that I understand this correctly, once TLS is
> enabled it handles all of encryption regarding SMTP traffic including the
> authentication. So I can use sasl-plain auth without being concerned that
> someone can "sniff" the user_id and password because the connection has
> already been encrypted. Let me know if I am off base here at all.


You need to ensure that you only allow PLAIN or LOGIN authentication on
a TLS connection, otherwise a client could accidentally connect without
TLS and send a password en-clair.

This is usually done with:

server_advertise_condition = ${if def:tls_cipher}

in the authenticator definition.

- Marc