On Nov 29, 2009, at 4:30 AM, Patrick Ben Koetter wrote:
What would we have to do, to make port 587 the default port? In section 4 theRFC says, a MSA MUST do all of the following: 1. General Submission Rejection Code 2. Ensure All Domains Are Fully-Qualified 3. Require AuthenticationTo cut it short: 1. and 2. are trivial (at least in Postfix and I don't know the others MTAs well enough to tell for them too). 3. requires to add SMTP AUTHfunctionality to Mailman's SMTP client. How should we implement SMTP AUTH in the MM SMTP client?I propose for a start plaintext (PLAIN, LOGIN) and shared-secret mechanisms (CRAM-MD5, DIGEST-MD5) should be added to the SMTP client. Those are the onesused most widely in every day SMTP AUTH.Later implementations could add GSSAPI and EXTERNAL. If plaintext mechanisms are added we should also consider to add STARTTLS functionality to MM's SMTP client to shield credentials while they are sent in a plaintext authenticationsession.
Should we decide to do this, changing the port number is easy. There's already a configuration variable for this (currently set of course to 25).
As for implementing SMTP AUTH, we are limited by what Python's smtplib supports. From a cursory inspection of the module in Python 2.6, it looks like it supports PLAIN, LOGIN, and CRAM-MD5. That may mean that the only thing we need to add to Mailman is plumbing for setting the user name and password in the config file.
Please open a bug on the Mailman project in Launchpad for this. -Barry
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
