I don't see how allowing a trusted to see AUTH capability is a security threat (since all external untrusted hosts are allowed to see it obviously).
Danny Angus wrote:
mited.
What I would like is:
a) be able to send a mail from localhost without authentication b) be able to send a mail from localhost (precisely from a spam-filtering proxy such as ASSP) _with_ authentication.
As I understood it advertising AUTH supported is equivalet to requiring auth, are you suggesting that we advertise AUTH required but still allow unathenticated relaying?
If so I'm not sure that I'd support such a change as it introduces a security hole in the AUTH mechanism. Far better to require AUTH from everyone and deal with it, after all not requiring AUTH from localhost is surely a convenience only. Most, surely all, methods of sending from localhost will be indistingushable from remote proceses, all we are doing is assigning some higher level of trust because we trust our local machine and our ability to identify it.
d.
*************************************************************************** The information in this e-mail is confidential and for use by the addressee(s) only. If you are not the intended recipient (or responsible for delivery of the message to the intended recipient) please notify us immediately on 0141 306 2050 and delete the message from your computer. You may not copy or forward it or use or disclose its contents to any other person. As Internet communications are capable of data corruption Student Loans Company Limited does not accept any responsibility for changes made to this message after it was sent. For this reason it may be inappropriate to rely on advice or opinions contained in an e-mail without obtaining written confirmation of it. Neither Student Loans Company Limited or the sender accepts any liability or responsibility for viruses as it is your responsibility to scan attachments (if any). Opinions and views expressed in this e-mail are those of the sender and may not reflect the opinions and views of The Student Loans Company Li
This footnote also confirms that this email message has been swept for the presence of computer viruses.
**************************************************************************
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]