Re: exim4 authentication in etch? - SUCCESS!

Tue, 07 Oct 2008 07:22:34 -0700 

Chris Davies wrote:

Thomas H. George <[EMAIL PROTECTED]> wrote:

|MAIN_TLS_ENABLE = true|
|AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS=yes|


Chris Davies <[EMAIL PROTECTED]>:

  

What you've done there is to enable TLS (encryption), but then
immediately say that you're happy not to use encryption to protect
your username/password combination.

    


s. keeling <[EMAIL PROTECTED]> wrote:

  

So, the answer is to avoid providers who require this?  Or is there
any alternative action he could employ?

    


Fair question. Re-reading the exim4 configuration code again, I can see
that MAIN_TLS_ENABLE is required. (Without it, it seems that none of
the certificate configuration settings is included.) I forgot to mention
this in my original suggestion because I've had it enabled for so long

I'm still puzzled why the OP needs the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
setting, which I also have mis-represented above. For correction, it
allows inbound client connections to one's own server to use passwords
without TLS encryption.



  

This discussion makes me wonder about the iceape use of the 
username/password combination.  For iceape it is simple and easy to 
enter the information yet for me the exim4 setup required a lot of 
research which suggests possible security issues.  First, is there a 
security issue?  I am only providing the username/password without TLS 
when specifically addressing the verizon server and asking access to the 
internet to send a message.  To collect messages from my ISP I do not 
need to do this.  For example, the fetchmail setup required the ISP 
username and password and then retrieved messages before I ever 
configured exim4.  In fact, I only tried to configure and use exim4 
because I rather liked using fetchmail and mutt to read postings to the 
debian-user list.  As long as I am just reading the postings nothing 
more needs to be done. It is only when I wish to reply to the list from 
mutt that exim4 is required.  If, instead, I abandon fetchmail and mutt 
and use iceape to read and reply to postings I never need exim4 at all.


Should I worry about this?

Tom


--

To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
























					Reply via email to