Re: Open-Relay

Subject: Re: Open-Relay
From: Ken (webweaverrmci.net)
Date: Mon Jan 03 2000 - 09:55:10 CST

• Next message: Ralf Hildebrandt: "Re: no postfix/qmgr in my logfile"
• Previous message: Alessandro Oliveira: "Postfix vs. Oracle"
• In reply to: Russ Allbery: "Re: Open-Relay"
• Next in thread: erekose: "Re: Open-Relay"
• Reply: Ken: "Re: Open-Relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

At 05:54 PM 1/2/00 -0800, Russ Allbery wrote:
>Wietse Venema <wietseporcupine.org> writes:
> > Alex Miller:
>
> >> Is there an encrypted method to log into pop, smtp, and imap so that
> >> villians with packet sniffers can't borrow legitimate users passwords?
> >> Can mail software use them?
>
> > See below for a write-up from the linux-security mailing list.
>
>I'm very surprised that in that write-up there doesn't appear to be a
>single mention of SASL. RFC 2222 specifies the SASL mechanism, which is a
>pluggable authentication mechanism that can be used as part of virtually
>any protocol; it even has examples in the RFC for how to use it with IMAP.
>The Andrew II Cyrus Mail group at CMU maintains a SASL library that you
>can obtain from ftp.andrew.cmu.edu in /pub/cyrus-mail.

I've been busy with the holidays these past couple weeks and not followed
the cyrus list too closely. Previously, however, it appears as though
Cyrus's SASL has implementation been a bit sketchy. It's evolving rapidly,
however, and such may no longer be the case. Anybody able to provide an
updated report from the real world?

Ciao-- kg

FreeBSD-- where *you* want to go. Today!

• Next message: Ralf Hildebrandt: "Re: no postfix/qmgr in my logfile"
• Previous message: Alessandro Oliveira: "Postfix vs. Oracle"
• In reply to: Russ Allbery: "Re: Open-Relay"
• Next in thread: erekose: "Re: Open-Relay"
• Reply: Ken: "Re: Open-Relay"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 03 2000 - 09:56:09 CST