Hello:
SecurityMetrics is now complaining about cleartext logins.
Description: SMTP Service Cleartext Login Permitted Synoposis: The remote mail server allows cleartext logins. Impact: The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used. See also : http://tools.ietf.org/html/rfc4422 http://tools.ietf.org/html/rfc4954 Data Received: The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : PLAIN, LOGIN Cleartext methods : PLAIN, LOGIN Resolution: Configure the service to support less secure authentication mechanisms only over an encrypted channel. Risk Factor: Medium/ CVSS2 Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:N/A:N [Less]
What do I need to do to fix this? I only send mail on port 587.
Thanks, Bill
Howdy,
One way to do that would be to edit /etc/postfix/main.cf, and set this:
smtpd_tls_auth_only = yesAnd then restart Postfix.
That will only allow authentication over TLS.
-Eric
Thanks Eric, that did the trick!
Bill