AuthOptions provides a list of general tuning
parameters that affect authentication. It is declared like this:
O AuthOptions=string 
configuration file (V8.10 and later)
-OAuthOptions=string configuration file (V8.10 and later)
define(`confAUTH_OPTIONS', `string') mc configuration (V8.10 and later)
The argument, of type string, is a list of
characters selected from those shown in Table 24-13,
where each character sets a particular tuning parameter. If more than
one character is listed, each character must be separated from the
next by either a comma or a space.
Table 24-13. AuthOptions character settings
|
A
|
Use the AUTH= parameter from the MAIL FROM: command only when
authentication succeeds. This character can be specified as a
workaround for broken MTAs that do not correctly implement RFC2554.
(Client only)
|
|
a
|
Provide protection from active (nondictionary) attacks during the
authentication exchange. (Server only)
|
|
c
|
Allow only selected mechanisms (those that can pass client
credentials) to be used with client credentials. (Server only)
|
|
d
|
Don't permit use of mechanisms that are susceptible
to passive dictionary attacks. (Server only)
|
|
f
|
Require forward-secrecy between sessions (where breaking one
won't help break the next). (Server only)
|
|
p
|
Don't permit mechanisms to be used if they are
susceptible to simple passive attack (that is, disallow use of PLAIN
and LOGIN), unless a security layer is already active (as, for
example, provided by STARTTLS). (Server only)
|
|
T
|
The opposite of A (pre-V8.12 only, client only)
|
|
y
|
Don't permit the use of any mechanism that allows
anonymous login. (Server only)
|
If string is missing,
sendmail will issue the following error and skip
this option declaration:
Warning: Option: AuthOptions requires parameter(s)
If any letter is specified other than those listed in the
table—for example,
H—sendmail issues the
following warning and skips this option declaration:
Warning: Option: AuthOptions unknown parameter 'H'
Note that macros cannot be used to define the list of characters.
The AuthOptions option is available only if
sendmail is compiled with SASL (SASL) defined as true.
The AuthOptions option is not safe. If specified
from the command line, it can cause sendmail to
relinquish its special privileges.
