Discussion:
smtp authenticating as "plain"
d***@wayne.edu
2008-06-08 19:06:17 UTC
Permalink
Hello,

When I send mail from mutt (1.5.18), using mutt's own smtp_url feature rather than msmtp, I see a bunch of stuff flash by on the bottom of the screen. That "stuff" looks like mutt is contacting the smtp server, etc. But I see something that looks like it says "AUTHENTICATING (PLAIN)". (it goes fast, so I can't get a good look).

Is mutt sending my password as plain text over the internet? I'm using ssl with my smtp, as in "set smtp_url=smtps://mail.mydomain.com". So I'm a bit concerned here that it's not working right.

Thanks.
-gmn
Sahil Tandon
2008-06-08 19:21:36 UTC
Permalink
Post by d***@wayne.edu
When I send mail from mutt (1.5.18), using mutt's own smtp_url feature
rather than msmtp, I see a bunch of stuff flash by on the bottom of the
screen. That "stuff" looks like mutt is contacting the smtp server, etc.
But I see something that looks like it says "AUTHENTICATING (PLAIN)". (it
goes fast, so I can't get a good look).
Is mutt sending my password as plain text over the internet? I'm using ssl
with my smtp, as in "set smtp_url=smtps://mail.mydomain.com". So I'm a bit
concerned here that it's not working right.
Sending your password in PLAIN over an encrypted transport (i.e. SSL/TLS) is
OK.
--
Sahil Tandon <***@tandon.net>
Rocco Rutte
2008-06-09 09:36:34 UTC
Permalink
Hi,
Post by d***@wayne.edu
Is mutt sending my password as plain text over the internet? I'm using
ssl with my smtp, as in "set smtp_url=smtps://mail.mydomain.com". So
I'm a bit concerned here that it's not working right.
IIRC mutt uses SASL for SMTP AUTH and I also think it negotiates and
sets up SSL encryption before attempting authentication. Please see
$smtp_authenticators for details.

Rocco

Loading...