On Tue, 20 Aug 2002, Jason R. Mastaler wrote: > Other than asking them why they don't support SMTP authentication, I'm > not sure.
They said I should just use sendmail. I quoted them the comment in Defaults.py which explains that that's insecure, and they said it wasn't insecure on their server since their sendmail is just a wrapper around qmail. That may or may not solve the insecurity issue, but it's pretty clear they're not going to use the authentication extension; they wouldn't even respond to my suggestions about it and just focused on other solutions. A quote from some of our correspondence is below. Ah, well. So I'll just use the sendmail method, then, I guess. j -- > > The only thing you need to do is configure your application so that it > uses > > /usr/sbin/sendmail. This will get you around the authentication issue. > > I did that already, but as I mentioned in my original mail, the > application's documentation warns that this method is insecure: Actually, our sendmail program is not actually sendmail. It is in fact a sendmail-like wrapper program for our mail transport agent, qmail. There are no exploits for qmail, command-line or otherwise. If there ever were a security problem, we would of course immediately patch it. You can find more information by reading the manpage on it, by typing "man sendmail" on your account's server after connecting through either telnet or ssh. You can also make use of qmail-inject, instead. This is somewhat different, but will accomplish the same end result. _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
