Re: SMTP AUTH
From: -no-copies-please (ca+sendmail(-no-copies-please)_at_mine.informatik.uni-kiel.de)
Date: 08/27/04
- Previous message: jpd: "Re: pf.conf newbie help"
- In reply to: William Ahern: "Re: SMTP AUTH"
- Next in thread: Martin Foster: "Re: SMTP AUTH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 27 Aug 2004 03:11:21 +0000 (UTC)
William Ahern wrote:
> Caspar Clemens Mierau <damokles@gmx.net> wrote:
> > I hope, your idea is not, to allow system user to auth against smtp with
> > their shell password?
> No prob as long as you require STARTTLS beforehand. Is it possible
> to prevent the AUTH SMTP extension from being advertised unless STARTTLS
> has already been started?
See doc/op/op.* in the sendmail source.
AuthOptions
[no short name] List of options for SMTP
AUTH consisting of single characters with
intervening white space or commas.
...
p don't permit mechanisms susceptible to simple
passive attack (e.g., PLAIN, LOGIN), unless a
security layer is active.
y don't permit mechanisms that allow anonymous login.
The first option applies to sendmail as a
client, the others to a server. Example:
O AuthOptions=p,y
would disallow ANONYMOUS as AUTH mechanism
and would allow PLAIN and LOGIN only if a
security layer (e.g., provided by STARTTLS)
is already active. The options 'a', 'c',
'd', 'f', 'p', and 'y' refer to properties
of the selected SASL mechanisms. Explana-
tions of these properties can be found in
the Cyrus SASL documentation.
-- A: Maybe because some people are too annoyed by top-posting. Q: Why do I not get an answer to my question(s)? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
- Previous message: jpd: "Re: pf.conf newbie help"
- In reply to: William Ahern: "Re: SMTP AUTH"
- Next in thread: Martin Foster: "Re: SMTP AUTH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
