Subject: Re: Sendmail SASL authentication
To: Martin Husemann <martin@duskware.de>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: current-users
Date: 04/28/2002 08:17:57
> On the other hand SASL (both with sendmail and postfix) requires the cyrus
> sasl library and is not compiled in with our in-tree version.
> 
> This is a pretty disapointing state of affairs. Hell, even outlook express
> can do this with a simple mouse click!

I wonder if outhouse express has the same security bug in its
SASL/AUTH where it will reveal the username/password to any MTA that
asks "what is your password?"

If possible I would definitely use a throw-away password and username
for SASL, assuming that it will get exposed in the normal course of
using it.

-wolfgang
-- 
Wolfgang Rupprecht    <wolfgang@wsrcc.com>     http://www.wsrcc.com/wolfgang/
Coming soon: GPS mapping tools for Open Systems. http://www.gnomad-mapping.com/