[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Message submission via authenticated SMTP

To: Matti Aarnio <mea@nic.funet.fi>
Subject: Re: Message submission via authenticated SMTP
From: "Artur Urbanowicz" <Artur.Urbanowicz@man.lublin.pl>
Date: Fri, 27 Aug 1999 19:16:11 +0100
CC: zmailer@nic.funet.fi
Organization: Marie Curie-Sklodowska University
Priority: normal

Matti,

> [...]
>     Comments in that file are asking for why the   zpwmatch()  can't
>     return error reports.
> 
>     Well, theory is roughly, that for Security reasons your average
>     (ab)user should not hear if account really exists, or not.
>     That is, beside of IO-errors in DB engine (ok to tell ?),
>     reply should either be that: Password does check, or does not check.
>     (If account does not exist, reply is: "pw does not check")
> [...]

I thought about SMTP messages like "454 Temporary authentication 
failure" when a remote password database is not available. More
informative zpwmatch() interface does not force you to send the 
exact messages or error codes to the (ab)user.

Regards,
Artur Urbanowicz

Prev by Date: Re: Message submission via authenticated SMTP
Next by Date: "Rejecting because of envelope"
Prev by thread: Re: Message submission via authenticated SMTP
Next by thread: "Sender:" treatment, availspace overflow
Index(es):
- Date
- Thread