Date: Sun, 13 Aug 2000 19:18:18 +0200 (CEST) From: Johan Granlund <johan@granlund.nu> To: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org> Cc: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>, "Scot W. Hetzel" <hetzels@westbend.net>, freebsd-current@FreeBSD.ORG Subject: Re: HEADS UP: sendmail updated from 8.9.3 to 8.11.0 in -current Message-ID: <Pine.BSF.4.05.10008131841370.78011-100000@phoenix.granlund.nu> In-Reply-To: <4.3.2.7.0.20000813091232.00af8800@router.boolean.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 13 Aug 2000, Kurt D. Zeilenga wrote: > At 01:49 PM 8/13/00 +0200, Johan Granlund wrote: > >I think we have to support rfc2554 autenthication (With MECH LOGIN for > >Outlook) out of the box if we are serius about mailserver and security. > > If you're serious about security, you shouldn't support LOGIN (or PLAIN) > unless adequate privacy protections are in place. If you're serious > about standards, you won't support LOGIN. Tell that to Microsoft! They only support LOGIN and the users (god bless them) won't change to another client. > > Given that OpenSSL is in the base system, there is little reason not > to support BOTH StartTLS and SASL "out of the box". I would suggest > the authentication defaults be relative secure, as in "noplain,noanonymous". > This will force use of StartTLS to allow use of PLAIN/LOGIN mechanisms. Works for me. I _have_ to keep OE5 working somehow until they start supporting a better mechanism, _Then_ i can ditch LOGIN. > > >A make.conf knob to use a userinstalled library may create problems with > >different versions of Cysus-SASL. I had some problems with that when > >uppgrading my mailservers to Sendmail 8.10. > > I'd recommend bringing Cyrus-SASL into the base system eventually > under the same rational used to bring OpenSSL in. I agree. /Johan > > Kurt > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10008131841370.78011-100000>