Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 1 subscriber
  • Views 10927 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

End point anti-virus email alerts - SMTP Authentication

ChrisH

Hey guys,

I'm being told from my hosting provider that there is no way to get our Sophos virus killer to use SMTP authentication to send virus alerts.  They are insisting that we install an SMTP server into our web-server group, which I am not happy to do.

While I wouldn't want to question my hosting provider, and I appreciate there are ways around this with firewalls etc, I am stunned that Sophos would promote spam in such a way as to demand an SMTP server which is not completely locked down with SMTP auth be avaliable.

Is there any way to enable this feature?  Or do I have to bite the bullet and make an SMTP server without auth avaliable?

Many Thanks,

CH.

:22699


This thread was automatically locked due to age.
Parents
  • 0
    Hello CH,

    as Jak has said, SEC now supports authentication (still with a hack, but soon to be configurable) for alerts sent by the management server, one set of credentials, no bells and whistles. 

    The lack of SMTP authentication does not promote SPAM. It can help with relaying - but when used for this purpose  it is: "authenticated may send everywhere, unauthenticated only IN". Normally you can "lock down" only inside SMTPs - and if you are worried about potential SPAM from the inside ... well, AUTH is not the most powerful means to tackle this. It might seem simple to add this feature - adding authentication means adding support for "secure" protocols as well though. 

    In short: 
    Sounds like your provider has some knowledge
    AUTH might come but not anytime soon
    An IUO SMTP (perhaps with a restricted set of recipients) will not promote SPAM

    Christain
    :22717
Reply
  • 0
    Hello CH,

    as Jak has said, SEC now supports authentication (still with a hack, but soon to be configurable) for alerts sent by the management server, one set of credentials, no bells and whistles. 

    The lack of SMTP authentication does not promote SPAM. It can help with relaying - but when used for this purpose  it is: "authenticated may send everywhere, unauthenticated only IN". Normally you can "lock down" only inside SMTPs - and if you are worried about potential SPAM from the inside ... well, AUTH is not the most powerful means to tackle this. It might seem simple to add this feature - adding authentication means adding support for "secure" protocols as well though. 

    In short: 
    Sounds like your provider has some knowledge
    AUTH might come but not anytime soon
    An IUO SMTP (perhaps with a restricted set of recipients) will not promote SPAM

    Christain
    :22717
Children
No Data
Unfiltered HTML