In <[email protected]>, on
02/10/2012
at 01:46 PM, Eric Loriaux <[email protected]> said:
>I'm currently trying to use CSSMTP with an SMTP server that will
>require AUTH LOGIN. Our IBM support saids it is not supported y
>CSSMTP and indeed it doesn't work.
RFC 4954 is half a decade old and RFC 2554 is over a decade old; it is
hardly surprising that mail servers are requiring SMTP-AUTH. RFC 4409
and RFC 6409 require a Mail Submission Agent to enforce its use in
most cases. It shouldn't be too hard to make a business case if you
submit a requirement to IBM.
>For that purpose, a special command is supposed to be added to the
>usual SMTP command sequence (just after EHLO command), that is :
>
>AUTH LOGIN
Be aware that RFC 4954 specifies
Note: A server implementation MUST implement a configuration in
which it does NOT permit any plaintext password mechanisms,
unless either the STARTTLS [SMTP-TLS] command has been
negotiated or some other mechanism that protects the session
from password snooping has been provided. Server sites SHOULD
NOT use any configuration which permits a plaintext password
mechanism without such a protection mechanism against password
snooping.
So even if plaintext is enough for the time being, any requirement you
submit to IBM should ask for a full implementation.
>Have you had the same problem ?
Yes.
>What did you do ?
I asked the vendor of my e-mail client to add SMTP-AUTH support. In my
case plaintext was adequate, but I wouldn't be surprised if I had to
upgrade in the future.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
