As I understand it:
If you use BearMail or the CalMail web interface to send mail, you are
already authenticated and everything will work fine.
If you use Eudora, Outlook, Outlook Express, etc. you will need to
authenticate to send mail to any address not on the CalMail system.
For example, you can send to all of the following without
authenticating, as they are all on the CalMail system:
xyz@berkeley.edu
xyz@uclink.berkeley.edu
xyz@uclink4.berkeley.edu
xyz@boalthall.berkeley.edu
xyz@uhs.berkeley.edu
xyz@tsw.berkeley.edu
xyz@summer.berkeley.edu
But anything like:
xyz@haas.berkeley.edu
xyz@nature.berkeley.edu
xyz@ucla.edu
xyz@hotmail.com
will require authentication.
I am stating this just for clarification and so if anyone asks, you will
understand why some addresses which you didn't know were really CalMail
are ok and others are not. The only reasonable thing to do is set up
your client to always authenticate.
- Jerry Berkman
On Tue, 1 Mar 2005, Aron Roberts wrote:
> In the message "Re: [Micronet] Expect 'name and password' errors on CalMail",
> dated 2005-03-01, nancy lin wrote:
>
>> A quick question for you. when you say:
>>
>> Authentication (SMTP AUTH) when sending mail to non-CalMail addresses will
>> also be required.
>>
>> Do you mean that a @berkeley.edu user will always need to be authenticated
>> when sending email to non @berkeley.edu address?? Even other addresses
>> w/in UCB?
>
> Thank you for asking about this, Nancy. You're correct. My error: this
> should have stated:
>
>> Authentication (SMTP AUTH) when sending mail to non-berkeley.edu [not
>> "non-CalMail"] addresses will also be required.
>
> Nonetheless, as this is typically an either/or choice in desktop email
> programs, *all* users should have SMTP AUTH authentication enabled in their
> programs in order to avoid relaying errors when sending mail.
>
> Detailed information about this requirement is provided below, courtesy of
> my colleague Anthony Roybal, and CalMail sysadmin Paul Fisher.
>
> Aron Roberts
> Workstation Software Support Group
>
> --
>
> Beginning March 1, 2005, relaying email through the CalMail system will
> require secure authentication. The authentication method to be
> used is SMTP AUTH (authentication) with PLAIN and LOGIN mechanisms
> secured via an SSL/TLS connection. "POP or IMAP before send" will no longer
> be supported as an authentication method for outgoing mail.
>
> Additionally, CalMail will support port 587 (RFC 2476), the mail submission
> port for outgoing mail.
>
> Authentication is not required for local delivery: mail addressed
> to .berkeley.edu, CalMail and CalMail hosted departmental domains.
> However all users should turn on SMTP AUTH with SSL/TLS in their
> email client.
>
> The configuration options are:
>
> - Set outgoing mail server to calmail.berkeley.edu using port 587, AUTH, and
> STARTTLS
>
> - Set outgoing mail server to calmail.berkeley.edu using port 25, AUTH, and
> STARTTLS (Using the required, not optional setting for STARTTLS)
>
> - Set outgoing mail server to calmail.berkeley.edu using port 465, AUTH, and
> SSL/TLS (In some clients this is called "Alternate port SSL" for SMTP)
>
> ...
> -------------------------------------
> Sent via the ucb-security mailing list.
>
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Tue Mar 1 11:55:25 2005
This archive was generated by hypermail 2.1.8 : Tue Mar 01 2005 - 11:55:25 PST