|
Home > Archive > IIS and SMTP > October 2004 > Authentication in 2003/smtp?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Authentication in 2003/smtp?
|
|
|
| having been hijacked by spammers, I have tightened the relay restrictions to
only allow authenticated computers.
This is a strange statement, I appreciate that IP filtering is an option,
but surely we are talking about authenticating USERS rather than computers
as a general rule.
Can someone please explain why (from the client Outlook) the pop username
has to include the @domain.com whereas the smtp send email has to be entered
manually without the @domain.
Surely the pop username field should only require the user and not the
domain!? then further input into smtp username/pass wouldnt be required as
here the @domain has to be removed.
It all seems a bit strange, any ideas??
| |
| Ken Schaefer 2004-10-15, 9:25 pm |
| a) You need to include user@domain.com for the POP3 authentication because
it's possible to have user@domain1.com and user@domain2.com (ie same
username, but different mailboxes because they are different domains) on a
single POP3 server when using "encrypted file" authentication system
b) SMTP Authentication requires the user to supply a valid Windows
username/password. Here the user authenticates to the SMTP server *not* the
POP3 server (they are two different servers), so the authentication
rules/systems are different (this is the way most mail systems work - it
also allows you to host POP3 and SMTP services on separate boxes if you have
a lot of users/mail). Just remember that you can retrieve mail (POP3)
without sending mail (SMTP) and visa versa, and you can retrieve mail from
one server, whilst sending mail via another, so neither service can really
be aware of the authentication that the other service is performing.
c) Yes, the user authenticates using a Windows username/password, but I
suppose the server is authenticating a connection from a computer. I realise
that the wording on the dialogue is a bit confusing, but another way to look
at it: the upper section of the dialogue box is referring to IP addresses
(which are allocated to computers, not users), so it makes a little more
sense if the rest of the dialogue also refered to computers.
Hope tha helps.
Cheers
Ken
"JD" <jd@thejd.co.ukSPAM> wrote in message
news:eym$jH5rEHA.3428@TK2MSFTNGP11.phx.gbl...
> having been hijacked by spammers, I have tightened the relay restrictions
> to only allow authenticated computers.
>
> This is a strange statement, I appreciate that IP filtering is an option,
> but surely we are talking about authenticating USERS rather than computers
> as a general rule.
>
> Can someone please explain why (from the client Outlook) the pop username
> has to include the @domain.com whereas the smtp send email has to be
> entered manually without the @domain.
>
> Surely the pop username field should only require the user and not the
> domain!? then further input into smtp username/pass wouldnt be required as
> here the @domain has to be removed.
>
> It all seems a bit strange, any ideas??
|
|
|
|
|