* thorso...@lavabit.com <thorso...@lavabit.com>: > > The above two settings are sufficient to require encryption on every > > connection. Note these settings are not appropriate for an > > internet-facing server. > > I don't want to send passwords in clear that's what I'm trying to > accomplish. I think that I'm mixing SMTP AUTH with SMTP. > > What should I tweak to prevent unencrypted authentication?
On the server-side require TLS and only then offer SMTP AUTH and/or only offer shared-secret mechanisms in an unencrypted SMTP session. See the SASL_README for details. p@rick -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Joerg Heidrich
