Security Basics mailing list archives

pop before smtp ?

From: Eduardo Kienetz <eduardok () gmail com>
Date: Mon, 11 Jul 2005 09:20:57 -0300

Hi guys,

I'd appreciate any comments (pros and cons) whether using Pop Before
Smtp auth scheme or SASL-based auth (pop/smtp auth separated).
I'd say it could be interesting to be able to disable one or another
(in case of a hosting company :) separately (smtp/pop), so, using
SASL-based auth.
The deal here is that I do have a client (hosting company) who is
willing to improve their services, through setting up a brand new mail
server. Now they use Pop Before Smtp, so moving to SASL-based would
mean telling each client (~500 domains hosted) they should change
their "outlook" account configuration to "My server requires
authentication". This would be a minor problem if it is for security
sake ;)
Of course this isn't the only reason to install a new mail server, but
is the one that is making us think.

Thank you in advance,

-- 
Eduardo  Bacchi Kienetz
LPI Certified - Level 1 & 2
http://www.noticiaslinux.com.br/eduardo/

Current thread:

pop before smtp ? Eduardo Kienetz (Jul 11)
- Re: pop before smtp ? security (Jul 12)
- <Possible follow-ups>
- Re: pop before smtp ? ss666 (Jul 12)
  - Re: pop before smtp ? ChayoteMu (Jul 13)