Until recently it has been possible for users to submit e-mail to the University's mail servers (mail.ru.ac.za) from outside the University without first securing (encrypting) the connection provided they made use of the CRAM-MD5 authentication method. During the course of tomorrow we will discontinue support of the CRAM-MD5 authentication method, meaning that this will no longer be possible.

Users who wish to submit e-mail through our mail servers from outside the University should ensure that their e-mail clients are configured to negotiate encryption before they authenticate. For most e-mail clients this means checking the "Use a secure connection" of "Use SSL/TLS" option in the account configuration. More details of how to configure e-mail clients to do authenticated submission is available on help.ru.ac.za.

At the same time we will also discontinue support of the proprietary SPA authentication method. This authentication method is used almost exclusively by Microsoft Outlook and Outlook Express, and is only used when a user chooses the "Log on using Secure Password Authentication (SPA)" option in these e-mail clients. Outlook and Outlook express appear to handle this change gracefully by automatically disabling SPA when it is no longer advertised, but users who make use of these clients and have authentication problems should check whether SPA is still enabled.

The reason for the discontinuation of the CRAM-MD5 and SPA authentication methods is that they both require that the server have access to a cleartext copy of the user's password. This will not be the case in the foreseeable future, and supporting these two authentication methods is stalling other authenticator changes we wish to make.