I need to solve my vulnerability:
Vulnerability Detection Result:
The remote SMTP server accepts logins via the following cleartext authentication mechanisms over unencrypted connections:
The remote SMTP server supports the 'STARTTLS' command but isn't enforcing the use of it for the cleartext authentication mechanisms.
Already added "ANY" host to "Require TLS Negotiation Hosts/Nets" but the connection an port 25 still offers me "250-AUTH PLAIN LOGIN"
Any idea how to enforce the deny of plain auth?
Thx a lot and cheers
This thread was automatically locked due to age.