OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Lutz Jaenicke (Lutz.Jaenicke_at_aet.TU-Cottbus.DE)
Date: Mon Dec 02 2002 - 11:18:34 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Mon, Dec 02, 2002 at 05:10:30PM -0000, Edward Wildgoose wrote:
    > > > It will never happen, but my vote would be that all SMTP servers from now on are shipped with SMTP AUTH enabled by default (using PAM/sasldb on linux, local user account on Win32). The user must climb the admin curve to turn that off rather than having to do some work to switch it on!
    >
    > > Please NO. I imagine that the majority of users have no use for SMTP AUTH.... I don't even have sasldb installed. My mail servers have the necessary software installed to handle mail.
    >
    > Well, I know what you mean, but...
    >
    > I'm guessing that you are a small email server, friends and family? Don't you already need a username password to download email? AUTH'ing to upload mail is just a click box in the majority of email programs, and for (many) email email programs they default to the same username/password as for receiving...
    >
    > ...so what's the problem (in a nutshell).

    The problem is that your point of view is a little bit narrow (no offense
    intended).

    There are more setups around than "PAM/sasldb on linux". My main servers
    all are running HP-UX (10.20, that is). There is no usable PAM support
    on 10.20. SASL(2) is an add-on to be self compiled. Setup for SASL has
    to be done manually.
    SMTP AUTH is a delicate thing to run. As soon chroot is enabled, access
    to resources is not the same anymore. In most cases you will not be able
    to use AUTH and chroot for smtpd at the same time.

    Therefore I rather think that the default build should not use SASL.
    Linux distributions tend to build with SASL support by now and if it
    works for the users, I appreciate the work of the package builders.

    Beyond that the original postfix "base" distribution should not rely
    on external packages.

    Best regards,
            Lutz 

    -- 
Lutz Jaenicke                             Lutz.Jaenickeaet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus