Subject: sasl and --disable-login
To: None <>
From: Andrew Brown <>
List: tech-pkg
Date: 03/14/2003 16:57:25
i note, with trepidation, that the cyrus-sasl packages are configured
with --disable-login.  while i understand that the login protocol is
alomost completely worthless from a security standpoint, it is however
the only means that programs like outlook will use to authenticate to
an smtp server that offers authentication (eg the postfix package).

that this is the only method i've found outlook to use is doubly
astounding.  then again, i suppose i was being naive in expecting
something from microsoft to try to work securely.  you'll have to
forgive me if i sound a little bitter...i've wasted far too much time
trying to get outlook to do anything but emit cryptic error codes.

that said, is anyone using cyrus-imapd or postfix from pkgsrc with
outlook and doing smtp-auth or some other method of authentication
that i haven't found yet?

maybe i should just enable the login method...

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."