Subject: Re: Sendmail SASL authentication
To: Martin Husemann <email@example.com>
From: Wolfgang Rupprecht <firstname.lastname@example.org>
Date: 04/28/2002 08:17:57
> On the other hand SASL (both with sendmail and postfix) requires the cyrus
> sasl library and is not compiled in with our in-tree version.
> This is a pretty disapointing state of affairs. Hell, even outlook express
> can do this with a simple mouse click!
I wonder if outhouse express has the same security bug in its
SASL/AUTH where it will reveal the username/password to any MTA that
asks "what is your password?"
If possible I would definitely use a throw-away password and username
for SASL, assuming that it will get exposed in the normal course of
Wolfgang Rupprecht <email@example.com> http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/