On Mon, Jul 18, 2011 at 09:20:12AM -0400, Curtis Maurand wrote:
> We use combination of POP/IMAP before SMTP or SMTP auth.
Since this thread was about best practices, let's not sully it with
dirty kludges. :) POP/IMAP-before-SMTP was an ugly workaround at
best. It's not always going to work with mail clients; there is no
standard for them to implement. It's also potentially weak and
exploitable.
SASL AUTH works. It's a real standard, so clients receive inband
feedback on whether or not they can relay. It can be secured. I can
understand not tearing down a working POP/IMAP-before-SMTP system,
but definitely do not recommend that any new site should implement
that kludge. Let it go away!
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
