Glad to see that JH is forcing authentication for SMTP

[yorri]

It is something I was always concerned about but kept forgetting to ask about or mention.

This is the type of proactive planning I expect from a company. My last web host's email server was down for days because a spammer used our mail server for their spam and somehow brought down the whole email system. Somehow this corrupted things so badly that it took a couple weeks to recover from (maybe because of the number of accounts to have to migrate to a new installation).

See Yash I do see your efforts (even if they are brought on because of your customer's concerns - I think it was someone on the board complaining about not having authentication turned on...if I was mistaken, ignore this last comment)

 

[Yash]

we enabled SMTP authentication for IMAP users.

We decided to enforce it because we do not want to leave any possible method for a hacker to relay emails through a customer email address. We read about some POP3 before SMTP flaws before making this decision

 

[yorri]

Not sure what this means :-S

We read about some POP3 before SMTP flaws before making this decision

You read about Pop3 what?

Just so that I understand correctly, does this mean that people don't have to be authenticated if they are using Pop3 but only Imap? If so, what is the point in enabling it if you continue to allow hackers to relay messages through Pop3 interface?

 

[Yash]

umm, no
There are two authentication methods:
1) POP3 before SMTP
2) SMTP Auth

 

[DirtBag]

with my antivirus software (PC Cillin) the incoming email server is changed to localhost. this causes SMTP authentication to fail.. any ways around this without disabling the POP3 scanning?


also, how is it possible to send email through an ASP script with this authentication method?