Re: HEADS UP: sendmail updated from 8.9.3 to 8.11.0 in -current

[Hajimu UMEMOTO]

>>>>> On Sun, 13 Aug 2000 09:20:05 -0700
>>>>> "Kurt D. Zeilenga" <[EMAIL PROTECTED]> said:

Kurt> At 01:49 PM 8/13/00 +0200, Johan Granlund wrote:
>I think we have to support rfc2554 autenthication (With MECH LOGIN for
>Outlook) out of the box if we are serius about mailserver and security.

Kurt> If you're serious about security, you shouldn't support LOGIN (or PLAIN)
Kurt> unless adequate privacy protections are in place.  If you're serious
Kurt> about standards, you won't support LOGIN.

I think so.
Further worse, once PLAIN is activated by sendmail, netscape try to
use AUTH, in anyway.  If the user isn't registered in SASL db, the
user cannot send mail anymore.  That is, once you decide to use PLAIN,
you must register all of your users in SASL db.

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED]  [EMAIL PROTECTED]  [EMAIL PROTECTED]
http://www.imasy.org/~ume/


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message