sendmail Cookbook by Craig Hunt

Strong authentication uses cryptographic techniques to verify the identity of the end points in a network exchange. For sendmail, strong authentication ensures that the connecting host and the receiving host are who they claim to be. In this chapter, we look at how AUTH can be used for authentication.

Authentication is not the same as encryption. Encryption can be used to hide the content of a piece of mail or to hide the entire SMTP protocol exchange, including the mail. (One technique for encrypting the SMTP exchange, and the mail it carries, is covered in Chapter 8.) Authentication does not hide the contents of mail; rather, it ensures that the mail comes from the correct source.

Traditional sendmail authentication systems are based on the hostname or IP address. Examples of this can be found in Chapter 3, which uses hostnames and IP addresses to grant relaying privileges. However, the current IP address of a valid client may not be known. A mobile client that obtains its address from a DHCP server may have an address that constantly changes. Mobile clients need an authentication scheme that is not dependent on a changeable IP address. Additionally, hostnames and addresses are easily spoofed and thus do not provide strong authentication. Of course, it is debatable whether a service such as mail relaying really needs strong authentication, but it is clear that mobile clients need authentication that is independent of the IP address. ...