Ken Sarkies writes:
This makes it a bit clearer but, unless I still don't quite understand, I'm not fully convinced we are overly complicated. Just to review the question, we experienced relaying through the server from outside, and found by testing that relaying was possible with authentication. The
And that is perfectly fine. Only authenticated users can relay.
At the same time we want to tighten security within the subnet by forcing users to authenticate. This means not using RELAYCLIENT (apart from a couple of dumb machines) and adding AUTH_REQUIRED=1, ESMTPAUTH="LOGIN PLAIN" to the subnet entry in smtpaccess.
I suppose that sounds reasonable. Still, it's somewhat unusual.
Well, it is a related issue in the sense that, while a strict password policy can reduce the chance of hackers getting passwords by dictionary attacks and the like, it also results in our very human users writing down passwords and leaving them lying around. We need a compromise and this results in less than satisfactory passwords being used.
Well, if your users leave passwords lying around, tightening the server configuration isn't going to address the real issue here. It merely covers up a problem that probably needs a different type of a solution.
pgp2EhCqA6FLU.pgp
Description: PGP signature
------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev
_______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
