On Thu, 19 Apr 2001, Kitabjian, Dave wrote:
> > 1. "I still can send mail without authenticating"
> >
> > Read RFC2554. SMTP AUTH is just an OFFER for the client to
> > authenticate
> > itself to get relaying permissions. If he already has
> > relaying permissions
> > (through IP-based selective relaying aka tcpserver for
> > example) he wins
> > nothing through the authentification.
>
> Well, this isn't entirely true, due to a bug in Netscape. The problem with
> Netscape is that, if the server advertises (via EHLO) that it supports AUTH,
> then Netscape Messenger ALWAYS tries to authenticate and ALWAYS refuses to
> proceed if it doesn't pass. There's no check box to tell Netscape when to
> use AUTH and when not to. So, for a person with no SMTP AUTH account setup
> on the server, if you upgrade qmail-smtpd with the AUTH patch, they will not
> be able to send mail.
>
> This is the problem we just went through :(
>
> Dave
>
Just thought I'd spit this out, on one of my servers I'm running an
unpatched stock qmail-smtpd on port 25, and another qmail-smtpd that has
been patched using the SMTP AUTH patch listed on qmail.org on seperate
port.. So I just tell people if they want to use SMTP AUTH to use the same
SMTP server on another port and that seems to work for me. Still pisses me
off that I have to do that though.
Nick
