Re: Is SMTP with no authentication possible?
On Thu, Sep 20, 2007 at 02:28:23PM -0500, Kyle Wheeler wrote:
> On Thursday, September 20 at 08:16 PM, quoth Chris G:
> >> Why doesn't removing the username from the equation work?
> >>
> >> unset smtp_pass
> >> unset smtp_user
> >> set smtp_url='smtp://mail3.atroad.com'
> >>
> > Well it might do but I'd have to type my user name in every time I
> > connected which would become a bit of a bore after a while.
>
> Wait, what? Why would it require a user name? I've *never* encountered
> an SMTP server that required that I send a username, but didn't need a
> password. In fact, I think it would be an RFC violation to advertise
> SMTP-AUTH and modify the standard authentication mechanisms to not
> accept a password (and accepting just *any* password is equally
> strange). I mean, seriously, what's the point of asking for a username
> but not a password? It doesn't prevent unauthorized use, it doesn't
> provide for a way of auditing messages, it doesn't provide you with
> *anything* that can't be obtained by simply not requiring a username
> at all.
>
Ah, sorry, I'm confused - I was confusing authentication with
encryption. My server requires my name and password but the
connection isn't encrypted.
--
Chris Green