[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] modernizing smtp message submission

From: Michael Richardson
Subject: Re: [Nmh-workers] modernizing smtp message submission
Date: Thu, 03 Jul 2014 22:44:43 -0400

Lyndon Nerenberg <address@hidden> wrote:
    > Submission on port 587 mandates the use of AUTH.  This implies we need
    > to default to building with SASL support.  That means compiling with
    > the Cyrus SASL library.  But that might not be available. As a fallback
    > we could include an internal version of SASL PLAIN.  But cleartext
    > passwords are evil, therefore we need to build with STARTTLS support.
    > Etc.

My take is that if the SASL library is not available, then you don't get
port 587 submission support... you have to use the /usr/sbin/sendmail interface.

I didn't think that 587 requires AUTH; I was pretty sure that I have used
submit on localhost, and my recollection is that /usr/sbin/sendmail (actual
sendmail) starting using port localhost:587 rather than going directly to
disk a decade ago... not sure.. postfix has been my goto for years now.

    > This brings us into line with the behaviour of most other MUAs.

    > mts.conf (and .mh_profile) are also in need of an overhaul to be able
    > to express the permutations of tls/sasl/auth settings and credentials.
    > I haven't given this a lot of thought yet, but I think it's critical
    > for user's be able to express enough policy to allow things like
    > mandating TLS encryption (regardless of SASL mech), enforce per-server
    > SASL mechs, auth credentials, etc.  I don't know that the current
    > config file formats are at all amenable to that ...


    > If anyone has any thoughts about how to express the various security
    > policies in the config files, please speak up.  Based on my experiences
    > dealing with this in lots of other software (as an end-user) I have a
    > good idea of what *doesn't* work, but I'm still far far away from the
    > epiphany of good clean configuration syntax for these sorts of policy
    > decisions.

fetchmail, which clearly goes in the opposite directly, seems to have a
reasonable configuration set here.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     address@hidden  http://www.sandelman.ca/        |   ruby on rails    [

reply via email to

[Prev in Thread] Current Thread [Next in Thread]