Re: authenticated smtp

[mea@nic.funet.fi]

> Hello all,
> 
> Has anyone patching or planning to work on the authenticated SMTP extension
> in ZMailer as specified by
> 
> ftp://ftp.internic.net/internet-drafts/draft-myers-smtp-auth-11.txt
> 
> We are studying the possiblity of enforcing authenticated mail submission
> for certain domain/IP ranges ao as to avoid fake mail.   I think the policy
> control code on smtpserver should be well integrated with this.  Will anyone
> consider to work on that?

Version 11 already ?  Neat.
Implementing it is simple -- presuming we do plain-ascii login, which this
specification intentionally does not support  (chaper 9).

I do see that MS-Exchange does support some sort of authentication
specification, and very likely some support exists in M$ email clients.

I am begining to suspect that for truly authenticated SMTP (submission)
we need to wrap it within SSL.  Then we could do simple password login,
once the session is encrypted, and we have verified that the server is
trusted..  Or is my vision going too far ?

On the other hand, there is a matter of transitive trust in between
servers.  In general Internet there is NO transitive trust on SMTP
model.

I do know that there have been (still are?) ad-hoc peer-peer DES-encrypting
sendmails that have been used to build trusted communication channels for
IETF POISED working groups.

> Lai Yiu Fai                       |  Tel.:       (852) 2358-6202
>  & Telecommunications             |  E-mail:     ccyflai@ust.hk

/Matti Aarnio <mea@nic.funet.fi>