Ian Eiloart <iane@???> wrote:
> On 18 May 2011, at 22:17, Heiko Schlittermann wrote:
[...]
>> Port 587: SMTP with our without STLS
>> (should be used for mail submmission)
> Hmm, port 587 should really expect STLS, given that it's supposed to
> require password negotiation. I know the MSA RFCs permit IP based
> trust mechanisms, but they really should be restricted to clients on
> a private local network that are not TLS capable.
client authentication does not necessarily imply sending clear text
passwords, see e.g CRAM-MD5.
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
