Educause Security Discussion mailing list archives
Re: smtp auth (was Re: the importance of security)
From: Dewitt Latimer <dewitt () ND EDU>
Date: Mon, 16 Aug 2004 16:39:13 -0500
yes...there are/were some issues with early version of Eudora (pre v5), but we have not experienced any problems with mainstream MUA's that are within 12-18 months old of release. As a side note, it doesn't really make sense to implement SMTPAuth without also implementing SSL. Otherwise, you're just sending another instance of the password in the clear. We have SSL'ed both SMTP, IMAP, and POP for ResNet (mandatory). The settings are optional for faculty/staff with a good many people moving towards it on their own. It will be mandatory later this fall when a couple of colleges get caught up with their workload and can update some faculty MUAs. -d ----- Original Message ----- From: "Matthew Keller" <kellermg () POTSDAM EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Monday, August 16, 2004 2:51 PM Subject: Re: [SECURITY] smtp auth (was Re: [SECURITY] the importance of security)
Proceed with caution: SMTP Auth is not widely supported by MUA's and a lot of MUA's that support "authenticated SMTP" may support slightly different versions of "it" then what you implement. The is no one-size-fits all "SMTP Auth" solution with universal (or even near-universal) MUA support.
http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=%22smtp+auth%22&btnG=Search
On Mon, 2004-08-16 at 14:35, Kevin Shalla wrote:I'm unfamiliar with smtp auth. Does this mean that when the user tries
to
send an email message that they are required to authenticate, and can
only
send messages with a "from" address of that username to which they just authenticated? If so, this could make email a fairly secure intra-university means of communication, correct? Does anyone have a
link
to beginner's background reading on this? At 12:05 PM 8/11/2004, Gary Flynn wrote:Jere Retzer wrote:The first two items seem mainly intended to ensure that your school is
a
good network citizen so I can understand a management temptation to
ask
"what is the benefit to us?" Is that the problem? Does anyone have data to help frame these particular policies in terms of general acceptance? Are most schools now doing this or are there pressures from the government of ISPs?We implemented SMTP auth and port 25 blocks a couple years ago.********** Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
-- Matthew Keller signat-url: http://mattwork.potsdam.edu/signat-url/ "No one ever says, 'I can't read that ASCII E-mail you sent me.'" ********** Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- smtp auth (was Re: the importance of security) Kevin Shalla (Aug 16)
- <Possible follow-ups>
- Re: smtp auth (was Re: the importance of security) Matthew Keller (Aug 16)
- Re: smtp auth (was Re: the importance of security) Dewitt Latimer (Aug 16)
- Re: smtp auth (was Re: the importance of security) Brian Reilly (Aug 17)