AuthOptions provides a list of general tuning parameters that affect authentication. It is declared like this:

O AuthOptions=string               configuration file (V8.10 and later) 
-OAuthOptions=string               configuration file (V8.10 and later) 
define(`confAUTH_OPTIONS', `string') mc configuration (V8.10 and later) 

The argument, of type string, is a list of characters selected from those shown in Table 24-13, where each character sets a particular tuning parameter. If more than one character is listed, each character must be separated from the next by either a comma or a space.

Table 24-13. AuthOptions character settings




Use the AUTH= parameter from the MAIL FROM: command only when authentication succeeds. This character can be specified as a workaround for broken MTAs that do not correctly implement RFC2554. (Client only)


Provide protection from active (nondictionary) attacks during the authentication exchange. (Server only)


Allow only selected mechanisms (those that can pass client credentials) to be used with client credentials. (Server only)


Don’t permit use of mechanisms that are susceptible to passive dictionary attacks. (Server only)


Require forward-secrecy between sessions (where breaking one won’t help break the next). (Server only)


Don’t permit mechanisms to be used if they are susceptible to simple passive attack (that is, disallow use of PLAIN and LOGIN), unless a security layer is already active (as, for ...

Get Sendmail, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.