| Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
| config:sbbsecho.ini [2018/06/28 15:48] – Updated with a lot of missing info/keys digital man | config:sbbsecho.ini [2018/09/08 15:05] – Details about the current BinkP Session-Security related settings digital man |
|---|
| | ''BinkpPort'' | ''24554'' | TCP port number of this link's BinkP mailer | | | ''BinkpPort'' | ''24554'' | TCP port number of this link's BinkP mailer | |
| | ''BinkpPoll'' | ''false'' | Poll this link (e.g. as part of the ''BINKPOLL'' timed event) for incoming mail | | | ''BinkpPoll'' | ''false'' | Poll this link (e.g. as part of the ''BINKPOLL'' timed event) for incoming mail | |
| | ''BinkpAllowPlainAuth'' | ''false''| Allow plain-password authentication for this linked node | | | ''BinkpAllowPlainAuth'' | ''false''| Allow plain-password (in addition to CRAM-MD5) when authenticating with this linked node | |
| | ''BinkpAllowPlainText'' | ''false''| Allow plain-text (unencrypted) communication with this linked node | | | ''BinkpPlainAuthOnly'' | ''false''| //Only// support plain-password authentication with this linked node | |
| | | ''BinkpAllowPlainText'' | ''true'' | Allow plain-text (unencrypted) communication with this linked node | |
| | ''BinkpSourceAddress'' | | Use an alternative FTN address as the source address when communicating with this node via BinkP | | | ''BinkpSourceAddress'' | | Use an alternative FTN address as the source address when communicating with this node via BinkP | |
| |
| The wildcard ''ALL'' may replace one or more fields of the configured node's FTN address. Configured node's with wildcard addresses cannot have an Inbox our Outbox set. | The wildcard ''ALL'' may replace one or more fields of the configured node's FTN address. Configured node's with wildcard addresses cannot have an Inbox our Outbox set. |
| |
| Example: | === Example === |
| <file> | <file> |
| [node:1:218/700] | [node:1:218/700] |
| Route = 1:218/700 | Route = 1:218/700 |
| </file> | </file> |
| | |
| | === BinkP Session-Security === |
| | |
| | The evolution of the BinkIT/BinkP session-security related settings has lead to a potentially confusing array of 3 interrelated Boolean options with only 4 valid combinations of values. Here is a table to explain these valid combinations and their impact on the security and interoperability of BinkP sessions with the linked-node: |
| | |
| | ^ Security Level ^ BinkpPlainAuthOnly ^ BinkpAllowPlainAuth ^ BinkpAllowPlainText ^ Notes ^ |
| | | Minimum | ''true'' | ''true'' | ''true'' | Passwords and message packets will always be sent as clear-text (maximum interoperability) | |
| | | Normal | ''false'' | ''true'' | ''true'' | Passwords //may// be obscured via CRAM-MD5 authentication | |
| | | Enhanced | ''false'' | ''false'' | ''true'' | Passwords //must// be obscured via CRAM-MD5 authentication | |
| | | Maximum | ''false'' | ''false'' | ''false'' | Passwords and message packets //must// be obscured or encrypted ((using the BinkD method of session encryption)) | |
| | |
| | In general, the lower the security setting, the higher the level of insured compatibility with other BinkP mailers. When debugging authentication (password) issues, it might be a good idea to use the minimum level of security and increase the security level incrementally once you have the minimum level of secured-session working with the linked-node. |
| | |
| | Also note: authentication is performed by the //answering// BinkP node (server/service), so while one security level may work okay for outgoing connections to a linked-node, its possible that there could be problems (incompatibilities) with incoming connections from that same linked-node. It's a good idea to test both incoming and outgoing connections with a linked-node before increasing the BinkP session security level. |
| |
| ==== Domain Sections ==== | ==== Domain Sections ==== |
