pop before smtp ?
From: Eduardo Kienetz (eduardok_at_gmail.com)
Date: 07/11/05
- Previous message: Bill Moran: "Looking for ideas for simulated intrusions"
- Next in thread: security_at_surefoot.com: "Re: pop before smtp ?"
- Reply: security_at_surefoot.com: "Re: pop before smtp ?"
- Maybe reply: ss666_at_ss666.ru: "Re: pop before smtp ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 11 Jul 2005 09:20:57 -0300 To: Security Basics <security-basics@securityfocus.com>
Hi guys,
I'd appreciate any comments (pros and cons) whether using Pop Before
Smtp auth scheme or SASL-based auth (pop/smtp auth separated).
I'd say it could be interesting to be able to disable one or another
(in case of a hosting company :) separately (smtp/pop), so, using
SASL-based auth.
The deal here is that I do have a client (hosting company) who is
willing to improve their services, through setting up a brand new mail
server. Now they use Pop Before Smtp, so moving to SASL-based would
mean telling each client (~500 domains hosted) they should change
their "outlook" account configuration to "My server requires
authentication". This would be a minor problem if it is for security
sake ;)
Of course this isn't the only reason to install a new mail server, but
is the one that is making us think.
Thank you in advance,
-- Eduardo Bacchi Kienetz LPI Certified - Level 1 & 2 http://www.noticiaslinux.com.br/eduardo/
- Previous message: Bill Moran: "Looking for ideas for simulated intrusions"
- Next in thread: security_at_surefoot.com: "Re: pop before smtp ?"
- Reply: security_at_surefoot.com: "Re: pop before smtp ?"
- Maybe reply: ss666_at_ss666.ru: "Re: pop before smtp ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
