At 8:59 AM +0100 25/5/01, Lydia Saase wrote:
>i have a lot of entries in our logfile like this:
>
>SMTP-020(lists.apple.com) Sending 250-mail.saase.de is pleased to meet
>you\r\n250-HELP\r\n250-PIPELINING\r\n250-ETRN\r\n250-AUTH=LOGIN\r\n250-AUTH
>LOGIN PLAIN CRAM-MD5 DIGEST-MD5\r\n250 EHLO\r\n
>
>especially this snippet:
>250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5\r\n
>
>What are the strings CRAM-MD5 and DIGEST-MD5 ?
>
>and what is this:
>00:24:25 4 SMTP-359(someserver) Input Line: AUTH DIGEST-MD5\r
>
>does it mean someone with the password DIGEST-MD5 tries to send emails?
>
>Thanks very much for your answer. I am trying to track down a
>misconfiguration or a spoofing.
CRAM-MD5 and DIGEST-MD5 are methods of authentication that don't send
the password over the wire in clear text as LOGIN and PLAIN do, but
instead send an MD5 hash (one way only encryption) of the password
along with other challenge data.
The server "someserver" is merely trying to authorise itself against
your server, this is often done by some mail servers, such as
Netscape Messaging Server. It is nothing to worry about unless you
suspect that mail server of trying to crack passwords on your machine
(not that likely generally).
Andrew
--
_______________________________________________________________
Andrew Wellington <[EMAIL PROTECTED]>
- Network Admin, Dubbo South High School <www.dshs.nsw.edu.au>
- Lead Student, ILC Creative Systems <www.dshs.nsw.edu.au/ilc>
PGP key at certserver.pgp.com keyserver.net <0x77168373>
_______________________________________________________________
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
