Require secondary authentication to deliver outbound mail

Hal_ shared this idea 2 years ago
Needs Feedback

Within the Exim Configuration Manager of the Advanced Editor, I have a request to add a second user name and password account to send an Outbound Mail Relay to a secure SMTP server.

I believe; this feature is important in order to comply with HIPPA's mandate on the protection of medical records sent by a remote user located outside the premise of a medical facility.

The HIPPA Act is available at http://www.hhs.gov/ocr/privacy/

Here is an example of a modified EXIM table:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Section: AUTH

login:

driver = plaintext

public_name = LOGIN

server_prompts = "username:: : password::"

server_set_id = $1

server_condition = "${if pam{$1:$2}{1}{0}}"

--------------------------------------------------------

Section: ROUTERSTART

send_to_gateway:

driver = manual route

domains = !+local_domains

transport = remote_smtp

route_list = * outbound.xxxxxxx.org

--------------------------------------------------------------------

Section: TRANSPORTSTART

remote_smtp_over_ssh:

driver = smtp

port = 2525

hosts_require_auth = outbound.xxxxxxx.org

--------------------------------------------------------------------

Best Answer
photo

The complexities of existing mail sending clients being compliant with such a change (be it the various webmail clients, desktop mail clients, phones, etc) seems to make this feature request very difficult if not impossible in some situations to implement effectively.

Have you thoroughly tested your proposed changes on all mail platforms? What were your results?This also seems like a gross over-complication to what otherwise has been something tackled before in the industry (encryption). My initial reaction is to simply advise encrypting mail (something your proposed feature request still would not be doing).http://en.wikipedia.org/wiki/Email_encryptionOpenPGP, for example, is a popular means of encrypting mail.

Comments (1)

photo
1

The complexities of existing mail sending clients being compliant with such a change (be it the various webmail clients, desktop mail clients, phones, etc) seems to make this feature request very difficult if not impossible in some situations to implement effectively.

Have you thoroughly tested your proposed changes on all mail platforms? What were your results?This also seems like a gross over-complication to what otherwise has been something tackled before in the industry (encryption). My initial reaction is to simply advise encrypting mail (something your proposed feature request still would not be doing).http://en.wikipedia.org/wiki/Email_encryptionOpenPGP, for example, is a popular means of encrypting mail.