Tony Finch wrote:
On Tue, 22 Jul 2008, Keith Moore wrote:
yet another configuration knob to twiddle for an interface (MUA to message
store) that's already notoriously hard for users to get right.
heck, we still have WAY too many people using POP or IMAP with cleartext
passwords, mostly because that's the configuration that "works" with all
clients and servers, and partially because there's no uniform language to
describe the other configurations. (does "use secure authentication" mean
APOP, or POP+SSL over a reserved port, or POP with the STARTTLS command?)
Usually none of the above :-) i.e. Microsoft proprietary authentication.
Of course MUAs should just use the protocol's negotiation features to
auto-configure the most secure settings possible. I get so annoyed that
Are you referring to CAPA Tony?
I guess you both right - Heck, by far I find sysops prefer to use POP
BEFORE SMTP as the easiest - no instructions, less support required
method to give their users instant auto-temporary-access to SMTP relay.
:-) And thats a big item because its far easier than having to provide
a link to variant MUA brand server login setup page.
In regards to the common MUA Server Account settings
[X] Keep Mail on Server for _XX_ days
I always found this default setting to be sort of pompous on the side of
MUA to assume they have real say on what servers do with received and
unreceived mail storage.
Nonetheless, if this 2822 Expire proposal moves on, I can only it see it
being part of this common setup section. There would be two parts to
a) Online storage where the server having unreceived messages with
[X] Server MAY expire unreceived mail using RFC XXXX
b) offline storage (picked up mail) which expires on the MUA side.
[X] Delete Expired Mail On Server
Also, I think this proposal will need to touch base with DKIM expiration
tags as well.