Date: Sat, 13 Jul 2002 16:42:11 -0700 From: Gregory Neil Shapiro <gshapiro@FreeBSD.ORG> To: Terry Lambert <tlambert2@mindspring.com> Cc: freebsd-arch@FreeBSD.ORG Subject: Re: Mail subsystem defaults, adding authentication. Message-ID: <15664.47827.844708.151118@monkeyboy.gshapiro.net> In-Reply-To: <3D300FD4.7479A8E5@mindspring.com> References: <20020713034725.GB47677@ussenterprise.ufp.org> <3D2FAFB2.E2E9CF36@mindspring.com> <20020713045704.GA49379@ussenterprise.ufp.org> <3D300FD4.7479A8E5@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
tlambert2> You need to submit your patches for this to the sendmail people. tlambert2> Without modification, sendmail does not enforce use of SSL for tlambert2> permitting advertisement of SMTP AUTH, and therefore addition of tlambert2> a pseudo-RFC-2595 "PLAIN" or "EXTERNAL X-UNIX" mechansim can not tlambert2> reasonably be added to FreeBSD so that it's operational by default. tlambert2> The STARTTLS SMTP command doesn't work, because it is issued tlambert2> after the EHLO, which solicits the capabilities list that exposes tlambert2> the SMTP AUTH. The only method that works, therefore, is to use tlambert2> an SSL connection -- SMTPS... port 465, instead of port 25). You tlambert2> can see the order of operation problem, I hope? You need to go back and read the RFC's/documentation. First, you can limit the AUTH mechanisms offered based on whether STARTTLS was used or not. Second, after a successful STARTTLS negotiation, a new EHLO is done and a new set of AUTH mechanisms is given. You can (and should) use STARTTLS with SMTP AUTH PLAIN/LOGIN and do not (and should not) use SMTP over SSL as it is non-standard. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15664.47827.844708.151118>