This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Anybody ever disabled "AUTH PLAIN LOGIN" in smtp

Hi crowd,

I need to solve my vulnerability:

Vulnerability Detection Result:
The remote SMTP server accepts logins via the following cleartext authentication mechanisms over unencrypted connections:
PLAIN
LOGIN
The remote SMTP server supports the 'STARTTLS' command but isn't enforcing the use of it for the cleartext authentication mechanisms.

Already added "ANY" host to "Require TLS Negotiation Hosts/Nets" but the connection an port 25 still offers me "250-AUTH PLAIN LOGIN"

Any idea how to enforce the deny of plain auth?

Thx a lot and cheers

Marcus

This thread was automatically locked due to age.

0 BAlfson over 3 years ago

Hallo Marcus and welcome to the UTM Community!

Please show a picture of the 'Authenticated Relay' and 'Host-based Relay' boxes on the 'Relaying' tab.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel