Re: pop before smtp ?

[security () surefoot com]

Hi Eduardo

On Monday 11 July 2005 06:20, Eduardo Kienetz <EK> wrote:
> Hi guys,
>
> I'd appreciate any comments (pros and cons) whether using Pop Before
> Smtp auth scheme or SASL-based auth (pop/smtp auth separated).
> I'd say it could be interesting to be able to disable one or another
> (in case of a hosting company :) separately (smtp/pop), so, using
> SASL-based auth.
> The deal here is that I do have a client (hosting company) who is
> willing to improve their services, through setting up a brand new mail
> server. Now they use Pop Before Smtp, so moving to SASL-based would
> mean telling each client (~500 domains hosted) they should change
> their "outlook" account configuration to "My server requires
> authentication". This would be a minor problem if it is for security
> sake ;)
> Of course this isn't the only reason to install a new mail server, but
> is the one that is making us think.

Why not implement both for a transitional period of time? Dropping regular 
reminder mails and instructions on how to adapt to the new smtp auth with the 
various clients out there into the customers mailboxes would help... and with 
logfiles you could narrow down the people who do not want to transition and 
"help a little".

Worked for me (tm) ;)

J