On Tue, Feb 10, 2004 at 08:42:29PM -0500, Dan Ellis wrote:
I'm looking for comments on whether this is generally seen as a positive change or a waste of time (ie - will the next virus or worm gleam your SMTP username and password from Outlook Express and use it to replicate/SPAM)?
I've only seen one virus or worm so far that has done this (we are a hosting provider, so any users who use our mail servers are using SMTP authentication).
Is anyone aware of any well known mail clients that do not support SMTP authentication (Unix, Windows or Mac)?
Not many of the major ones. There are some differences in the authentication methods supported, however - many don't support methods other than LOGIN and / or PLAIN. There are also (surprise) some client-specific bugs with various mailers... Lookout Distress (version 4) for example, has some problems; see the "broken_sasl_auth_clients" config directive if you're using Postfix (google for that string to find out more information about this particular problem). -- "Since when is skepticism un-American? Dissent's not treason but they talk like it's the same..." (Sleater-Kinney - "Combat Rock")