Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 13 Aug 2000 19:18:18 +0200 (CEST)
From:      Johan Granlund <johan@granlund.nu>
To:        "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Cc:        Gregory Neil Shapiro <gshapiro@FreeBSD.ORG>, "Scot W. Hetzel" <hetzels@westbend.net>, freebsd-current@FreeBSD.ORG
Subject:   Re: HEADS UP: sendmail updated from 8.9.3 to 8.11.0 in -current
Message-ID:  <Pine.BSF.4.05.10008131841370.78011-100000@phoenix.granlund.nu>
In-Reply-To: <4.3.2.7.0.20000813091232.00af8800@router.boolean.net>
next in thread | previous in thread | raw e-mail | index | archive | help 


On Sun, 13 Aug 2000, Kurt D. Zeilenga wrote:

> At 01:49 PM 8/13/00 +0200, Johan Granlund wrote:
> >I think we have to support rfc2554 autenthication (With MECH LOGIN for
> >Outlook) out of the box if we are serius about mailserver and security.
> 
> If you're serious about security, you shouldn't support LOGIN (or PLAIN)
> unless adequate privacy protections are in place.  If you're serious
> about standards, you won't support LOGIN.

Tell that to Microsoft! They only support LOGIN and the users (god bless
them) won't change to another client.

> 
> Given that OpenSSL is in the base system, there is little reason not
> to support BOTH StartTLS and SASL "out of the box".  I would suggest
> the authentication defaults be relative secure, as in "noplain,noanonymous".
> This will force use of StartTLS to allow use of PLAIN/LOGIN mechanisms.

Works for me. I _have_ to keep OE5 working somehow until they start
supporting a better mechanism, _Then_ i can ditch LOGIN.

> 
> >A make.conf knob to use a userinstalled library may create problems with
> >different versions of Cysus-SASL. I had some problems with that when
> >uppgrading my mailservers to Sendmail 8.10.
> 
> I'd recommend bringing Cyrus-SASL into the base system eventually
> under the same rational used to bring OpenSSL in.

I agree.

/Johan
> 
> Kurt
> 
> 
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.10008131841370.78011-100000>