To respond to OMAR:
I agree.. SMTP-AUTH is nice except for this reason:
You have 60,000 users... you can't force them all to use secure
passwords.. some of them use passwords like my 'mykitty' or 'blue'.
If you enforce password policies like we do in the office (8 or
more characters, at least 1 upper case, number and special character)
you end up with people forgetting their passwords, and/or going
elsewhere.
So we are left with 'mykitty' and 'blue'. So this allows a spammer
to hammer away at the SMTP-AUTH until he finds that user 'joe' has a
pssword of 'mykitty'.... and he can now send spam.
With POP-BEFORE-SMTP.. he could still hammer away, but he'd have to
know that A) we have pop-before-smtp enabled, and he would have to
keep popping the box.
SCOTT: Thanks.. I considered myself fairly experienced with qmail..
until I went to install the new version of everything.... heheh I was
kinda pulling my hair out... guess when I've gone for 2 years without
touching the new versions of things I need to "start over" so to speak
and read everything again =) This is computer science after all, not
well digging.. though even that probably changes over the years.
