SMTP authentication is a system where some sort of authentication, such as providing a user name and password, is carried out during the sending of an email message.
Due to the prevalence of abuse, we are forced to restrict the use of some of our email services to those we can identify as our own users. Generally, we allow unrestricted use if the mail comes from a trusted machine (typically, one that connects from on campus), or if the connecting machine has authenticated during the SMTP transaction.
Setting up SMTP authentication is something that you would normally do when configuring your client software. Most current email client software is capable of authentication. If you tell your client software to remember your password, its use of authentication will probably be transparent, until you change your password.
The computer science servers (particularly mp and ux) support authentication. At present I do not know of any campus servers outside this department which are supporting authentication.
There are several different mechanisms available for authentication. The simplest use plain text passwords. The more complex ones use security technology similar to encryption.
In simple terms, with some client software, those that use plain text methods, you will be able to use your unix login and password to authenticate. For others, you will have to arrange with the system administrator, to have a special password setup for your authentication.
With Outlook, Outlook express and Netscape messenger, the default is to use plain text passwords. It is usually not very difficult to setup authentication on these systems. It is so easy on Netscape messenger, that some of our users have been authenticating without even realizing that they were doing so.
The disadvantage of plain text methods is that they are less secure. Somebody sniffing packets coming over the wire could discover your password. The same insecurity applies to POP3, which normally uses plain text methods. You can avoid these problems, by using an encrypted connection.
With Pegasus as a client, you will have to make arrangements with the system administrator, to set an authentication password. Possibly Eudora will have a similar problem.
We currently support the LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 mechanisms. We are experimenting with NTLM, but it is not currently available for general use.
Of these, PLAIN, CRAM-MD5, DIGEST-MD5 are standarized authentication mechanisms, while LOGIN and NTLM are Microsoft proprietary mechanisms.
Only PLAIN and LOGIN can use your unix login password.
Netscape uses PLAIN. Outlook and Outlook express default to using LOGIN, although they can be set to use NTLM.
Pegasus uses CRAM-MD5 or LOGIN. However, you are not able to configure which to use. Since our servers announce the ability to use CRAM-MD5, that is the one that Pegasus will attempt to use.
I have heard that Eudora uses DIGEST-MD5 and NTLM, perhaps LOGIN. I have not tried to verify this information.
Most clients can be configured to use AUTH. If the server does not offer it, then in most cases they will silently continue and not try to AUTH (and not complain). A laptop should be able to be set up to authenticate when connecting from off-campus, and still allow you to send email without authentication from on-campus. If you have problems, contact the postmaster at this site. (Sorry, no email tags -- the spammers harvest those).