On 7/8/2016 2:23 PM, Gordon Messmer wrote: > >> As far as rejecting/disabling smtp authentication, I was not aware there was >> a setting for this. > Authentication over plain text is only allowed if ESMTPAUTH is set in > etc/courier/esmtpd. To maintain password security, that setting should > be empty. Instead, use ESMTPAUTH_TLS to enable authentication only > after TLS is initialized.
In a world where everything supports TLS now this is good advice. I'm feeling my age that I didn't even think of this. > I wrote earlier that protecting authentication with encryption would > leave you with only tools like fail2ban. I should have mentioned that > the other good option is using an authentication backend that'll lock > accounts temporarily when there are repeated auth failures. > I am using PAM, so I'll research what is possible. Thanks again. ------------------------------------------------------------------------------ Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San Francisco, CA to explore cutting-edge tech and listen to tech luminaries present their vision of the future. This family event has something for everyone, including kids. Get more information and register today. http://sdm.link/attshape _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users