On 7/8/2016 2:23 PM, Gordon Messmer wrote:
>
>> As far as rejecting/disabling smtp authentication, I was not aware there was 
>> a setting for this.
> Authentication over plain text is only allowed if ESMTPAUTH is set in
> etc/courier/esmtpd.  To maintain password security, that setting should
> be empty.  Instead, use ESMTPAUTH_TLS to enable authentication only
> after TLS is initialized.

In a world where everything supports TLS now this is good advice. I'm 
feeling my age that I didn't even think of this.

> I wrote earlier that protecting authentication with encryption would
> leave you with only tools like fail2ban.  I should have mentioned that
> the other good option is using an authentication backend that'll lock
> accounts temporarily when there are repeated auth failures.
>

I am using PAM, so I'll research what is possible.  Thanks again.


------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to