How to setup smtp auth
Rodolfo J. Paiz
rpaiz at simpaticus.com
Sat Apr 17 19:29:37 UTC 2004
At 07:22 4/16/2004, you wrote:
>Everything I have read about setting up smtp_auth requires TLS but I don't
>want encryption as the zaurus email client does not support it. Can anyone
>give me a simple step by step explanation usinf the sendmail.mc
>configuration macros to set up plain or login auth?
The "Sendmail SMTP AUTH HOWTO" on Simpaticus.com
(http://www.simpaticus.com/linux) only describes how to set up SMTP AUTH
with either PLAIN or LOGIN authentication, since this is both the simplest
way to set it up and the only one that does not require additional
configuration of users in the SASL database for secure authentication. TLS
is thus an additional step which you can take at any time, and which will
enable other (more secure) forms of AUTH such as CRAM-MD5 and DIGEST-MD5.
Please note that PLAIN and LOGIN authentication *does* present a small
security risk in that the username and password are transmitted in
cleartext over the network, with no encryption. However, if you also allow
the same users to have POP or IMAP access to your mailserver, then you are
already taking that small risk since POP/IMAP by default *also* sends
passwords in the clear. So using PLAIN or LOGIN authentication does not
increase your risk in any way.
--
Rodolfo J. Paiz
rpaiz at simpaticus.com
http://www.simpaticus.com
More information about the redhat-list
mailing list