On Mon, 2010-07-05 at 20:15 -0400, Dave Lugo wrote:
> On Mon, 5 Jul 2010, Jakob Hirsch wrote:
> >
> >>>> acl_check_auth:
> >>>> accept encrypted = *
> >>>> deny message = TLS encryption required
> >>> I would strongly recommend against this. This does not stop Exim from
> >>> announcing that AUTH PLAIN is supported, so clients would send AUTH
> >>> PLAIN together with their login information, e.g. "AUTH PLAIN
> >>> AGZvbwBiYXI=", so it's too late to reject it.
> The setup I have doesn't offer AUTH unless TLS
> is started. This is so that if I am remote and
> I need to send mail, my password isn't trivially
> sniffed.
>
> Where is the false sense of security?
There is none. The false sense of security is where you just _reject_
the AUTH attempt... after the client has already sent their password in
the clear. As shown in the citation above.
Of course, one might argue that the fact that the login attempt doesn't
work might dissuade users from leaving their clients configured that
way, but yes -- the password may be sent in the clear at least once.
--
dwmw2
