<<< Date Index >>>     <<< Thread Index >>>

Re: smtp_pass: why is it unneeded?



Thus spake Kyle Wheeler [06/24/08 @ 12.15.21 -0500]:
> On Tuesday, June 24 at 12:20 PM, quoth dv1445@xxxxxxxxx:
> >> So... your IMAP server will let you log in without a password?
> >
> > No, but once I'm reading my mail, an "unset imap_pass" together with 
> > "unset smtp_pass" still allows me to send.
> 
> Ahh, yeah. Of course, mutt only consults $imap_pass if it needs to 
> open a new IMAP connection. Existing connections don't need passwords, 
> obviously.
> 
> The thing about this type of setup is that it often relies on 
> timeouts. As you (the client) change IP addresses, the server doesn't 
> want to slowly open itself up to the whole world. So what often 
> happens is that your IP is only approved to send mail for a certain 
> amount of time (say, 15 minutes) after you log in (this policy makes 
> more sense for POP3-before-SMTP, but the same tools are frequently 
> used for IMAP-before-SMTP as well). Thus, if you tend to have long 
> IMAP sessions (i.e. if you leave mutt open for hours on end), it's 
> probably a good idea to use SMTP-AUTH even if your system uses an 
> IMAP-before-SMTP approach.

This could indeed be what my server is doing, for all I know.  I just 
discovered the password-less behavior today, and all my testing was done within 
seconds of starting mutt.  So for all I know, after say half an hour I might 
not be able to send mail without resetting smtp_pass.  I'll leave smtp_pass 
intact, then.

Thanks.
-g