3 Authentication

When GNU Anubis accepts incoming connection, it first has to identify the remote party, i.e. to determine whether it is authorised to use Anubis resources and, if so, what configuration settings to use during the session. We call this process authentication. The exact method of authentication depends on Anubis operation mode. Currently there are three modes:

proxy

No authentication is performed. Anubis switches to the unprivileged user (see section user-unprivileged) and acts as an SMTP proxy.

transparent

Anubis relies on AUTH service (identd) to authenticate users. This is the default mode. It is compatible with versions of GNU Anubis up to 3.6.2.

auth

This mode uses SMTP AUTH mechanism to authenticate incoming connections. See section Pixie & Dixie, the original description of this mode.

Proxy mode is special in that no authentication is performed in it. The remaining two modes require authentication. Both have their advantages and deficiencies, which you need to weigh carefully before choosing which one to use. They are discussed below:

Transparent (‘traditional’) mode.

Deficiencies:

1. The user must have identd installed on his machine.
2. The user must have a system account on the machine running GNU Anubis (though the system administrator may relax this limitation by using user name translation, see section TRANSLATION Section).

Advantages:

1. Relative simplicity. No user database is necessary.
2. Authentication is performed immediately after connection is established.

Auth mode.

Deficiencies:

1. A user database is needed
2. MUAs of the users must be able to perform ESMTP AUTH.(1)

Advantages:

1. Improved reliability.
2. Users do not have to run identd on their machines.
3. Users are not required to have accounts on the machine where Anubis runs.
4. Users can remotely modify their configuration files.

This document was generated on January 6, 2024 using texi2html 5.0.