Security Basics mailing list archives
Re: pop before smtp ?
From: security () surefoot com
Date: Mon, 11 Jul 2005 16:44:37 -0600
Hi Eduardo On Monday 11 July 2005 06:20, Eduardo Kienetz <EK> wrote:
Hi guys, I'd appreciate any comments (pros and cons) whether using Pop Before Smtp auth scheme or SASL-based auth (pop/smtp auth separated). I'd say it could be interesting to be able to disable one or another (in case of a hosting company :) separately (smtp/pop), so, using SASL-based auth. The deal here is that I do have a client (hosting company) who is willing to improve their services, through setting up a brand new mail server. Now they use Pop Before Smtp, so moving to SASL-based would mean telling each client (~500 domains hosted) they should change their "outlook" account configuration to "My server requires authentication". This would be a minor problem if it is for security sake ;) Of course this isn't the only reason to install a new mail server, but is the one that is making us think.
Why not implement both for a transitional period of time? Dropping regular reminder mails and instructions on how to adapt to the new smtp auth with the various clients out there into the customers mailboxes would help... and with logfiles you could narrow down the people who do not want to transition and "help a little". Worked for me (tm) ;) J
Current thread:
- pop before smtp ? Eduardo Kienetz (Jul 11)
- Re: pop before smtp ? security (Jul 12)
- <Possible follow-ups>
- Re: pop before smtp ? ss666 (Jul 12)
- Re: pop before smtp ? ChayoteMu (Jul 13)