I have my own OpenVAS server to test my Qmail server for security. One of the things I get as a “medium” warning is “The remote host is running SMTP server that allows cleartext logins over unencrypted connections.” It’s saying we allow LOGIN and PLAIN for SMTP while supporting the “STARTTLS” command. I’ve been looking at the /var/qmail/supervise/smtp/run file but don’t see how to turn off the LOGIN and PLAIN for SMTP [or enforce STARTTLS instead]. Ideas on how to fix this? Carl p.s. if anyone needs a good scanning tool, I highly recommend OpenVAS. After all, like Qmail, it’s freeware [or has a free version]
[qmailtoaster] SMTP configuration
CarlC Internet Services Service Desk Tue, 18 Jun 2019 05:48:06 -0700
- [qmailtoaster] SMTP configuration CarlC Internet Services Service Desk
- Re: [qmailtoaster] SMTP configur... Eric Broch
- RE: [qmailtoaster] SMTP conf... CarlC Internet Services Service Desk