STMP Auth Failure
Les Mikesell
les at futuresource.com
Fri Feb 4 21:24:05 UTC 2005
On Fri, 2005-02-04 at 12:12, Rodolfo J. Paiz wrote:
> On Fri, 2005-02-04 at 11:06 -0600, rcurts at robincurts.com wrote:
> > I CAN send mail to <my_username>@<hostname_of_box>.com ... but if i send
> > to an outside domain I get the error.
> >
> > The AUTH section of my sendmail.mc file:
> >
> > define(`confAUTH_OPTIONS', `A p')dnl
> > TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> > define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> > PLAIN')dnl
> >
>
> Try removing the "p" for the first line, like this:
>
> define(`confAUTH_OPTIONS', `A')dnl
>
> I believe the "p" parameter only allows encrypted authentication, and
> will expressly prevent SMTP AUTH unencrypted mechanisms like PLAIN and
> LOGIN unless the session is encrypted.
>
> For most people, allowing PLAIN and LOGIN SMTP AUTH is no greater risk
> than they already have, since POP and IMAP *also* transmit unencrypted
> passwords. Hence, no damage done by removing the 'p'.
On the other hand, most mail clients that know how to do smtp AUTH also
can encrypt the whole session for SMTP, POP, and IMAP. If you are going
to do one, you might as well build the certificates and do it all.
--
Les Mikesell
les at futuresource.com
More information about the fedora-list
mailing list