Subject: Re: sendmail 8.12.4 import (and changes)
To: Paul Hoffman <email@example.com>
From: Olaf Seibert <firstname.lastname@example.org>
Date: 06/13/2002 01:53:47
On Tue 11 Jun 2002 at 17:54:24 -0700, Paul Hoffman wrote:
> At 5:36 PM -0400 6/11/02, Andrew Brown wrote:
> >Ideally. Any comments? Questions? Concerns?
> Comment: if you do bring sendmail up to date, particularly for
> security reasons, please strongly consider adding SMTP AUTH and or
> SMTP-over-TLS to the default binary, for authentication reasons.
> Right now, getting either feature to compile into sendmail from
> pkgsrc is daunting. Having better authentication in sendmail from the
> beginning would be a Very Good Thing.
I don't know about AUTH, but TLS is trivial. Just USE_STARTTLS=YES. And
I noticed that in the 1.5ZC snapshot outgoing mail *already* uses TLS
without any further configuration (if the receiver supports it), in
particular without having any certificates or secret keys. This was a
very pleasant surprise.
___ Olaf 'Rhialto' Seibert - rhialto@ -- Woo betide the one who feels
\X/ polderland.nl -- remorse without sin - Tom Poes, "Het boze oog", 4444.