Re: [Nmh-workers] modernizing smtp message submission


Lyndon Nerenberg <lyndon(_at_)orthanc(_dot_)ca> wrote:
    > Submission on port 587 mandates the use of AUTH.  This implies we need
    > to default to building with SASL support.  That means compiling with
    > the Cyrus SASL library.  But that might not be available. As a fallback
    > we could include an internal version of SASL PLAIN.  But cleartext
    > passwords are evil, therefore we need to build with STARTTLS support.
    > Etc.

My take is that if the SASL library is not available, then you don't get
port 587 submission support... you have to use the /usr/sbin/sendmail interface.

I didn't think that 587 requires AUTH; I was pretty sure that I have used
submit on localhost, and my recollection is that /usr/sbin/sendmail (actual
sendmail) starting using port localhost:587 rather than going directly to
disk a decade ago... not sure.. postfix has been my goto for years now.


    > This brings us into line with the behaviour of most other MUAs.

    > mts.conf (and .mh_profile) are also in need of an overhaul to be able
    > to express the permutations of tls/sasl/auth settings and credentials.
    > I haven't given this a lot of thought yet, but I think it's critical
    > for user's be able to express enough policy to allow things like
    > mandating TLS encryption (regardless of SASL mech), enforce per-server
    > SASL mechs, auth credentials, etc.  I don't know that the current
    > config file formats are at all amenable to that ...

agreed.

    > If anyone has any thoughts about how to express the various security
    > policies in the config files, please speak up.  Based on my experiences
    > dealing with this in lots of other software (as an end-user) I have a
    > good idea of what *doesn't* work, but I'm still far far away from the
    > epiphany of good clean configuration syntax for these sorts of policy
    > decisions.

fetchmail, which clearly goes in the opposite directly, seems to have a
reasonable configuration set here.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr(_at_)sandelman(_dot_)ca  http://www.sandelman.ca/        |   ruby on 
rails    [


_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread]	Current Thread	[Next in Thread>
[Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg Re: [Nmh-workers] modernizing smtp message submission, Michael Richardson <= Re: [Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg Re: [Nmh-workers] modernizing smtp message submission, Alexander Zangerl Re: [Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg Re: [Nmh-workers] modernizing smtp message submission, Ken Hornstein Re: [Nmh-workers] modernizing smtp message submission, Ken Hornstein Re: [Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg Re: [Nmh-workers] modernizing smtp message submission, David Levine Re: [Nmh-workers] modernizing smtp message submission, David Levine Re: [Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg Re: [Nmh-workers] modernizing smtp message submission, heymanj

Previous by Date:	[Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg
Next by Date:	Re: [Nmh-workers] modernizing smtp message submission, David Levine
Previous by Thread:	[Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg
Next by Thread:	Re: [Nmh-workers] modernizing smtp message submission, Lyndon Nerenberg
Indexes:	[Date] [Thread] [Top] [All Lists]