Hi, On some of the various mail servers I run I have absolutely no use for authentication, but encryption is always a nice thing to have. In addition, some vulnerability scanners pick up on the availability of PLAIN and/or LOGIN authentication methods as a potential security issue. It isn't, as I know full well no one uses it, but that isn't the point. The TLS and SMTP-AUTH patches come from separate sources anyway, can they be applied separately, and optionally please? It'd perhaps be more sensible to not offer any AUTH mechanisms if QMAIL_SMTP_CHECKPASSWORD isn't set, but I have almost no knowledge of C. Thanks Mike
So set your USE flags accordingly if you don't want the patches.
USE=-ssl then? That isn't very useful. Encryption and authentication are different patches, from different locations, combined by a third party. They aren't dependant on each other, although the patches can't be applied together separately due to at least one conflict. So, I wrote a simple patch of my own to turn auth on and off at runtime. You can already turn encryption on and off in almost exactly the same way (i.e. by having or not having a cert). Mike
Created attachment 129953 [details, diff] turn auth on and off at runtime If control/noauth exists qmail-smtpd won't promote any AUTH capability, although it's likely still possible it'll be able too. Don't set QMAIL_SMTP_CHECKPASSWORD and it wouldn't be able to anyway.
Erm, you apparently misunderstood the whole thing. We are not adding *more* patches, the whole point of this ebuild is to make it maintainable, not a horrible patches mess like qmail. If you dislike the patches provided in the ebuild, then turn off the use flag that applies them and use QMAIL_PATCH_DIR to apply your own ones instead (and maintain the patches yourself).
