On Wednesday, June 25, 2008, 18:50:43, Matt wrote:
I have never heard of an authentication scheme that fails a protocol and
then tries something more secure instead. The only claim for the server
being involved is that it allows people to mistakenly use a less secure
means by
I am currently scanning all of my servers, including my IMail server for
PCI compliance. In the report I am failing PCI compliancy because of 2
IMail issues dealing with plaintext authentication on SMTP and POP3.
Here is what they say about SMTP:
THREAT:
Your Mail Server responds to the EHLO
Tom,
You can't require it with your version. You need to upgrade and then
hack the registry if you want to do this:
http://support.ipswitch.com/kb/IM-20071231-JH01.htm
The real issue however is when an E-mail client sends in plain-text.
Just because you accept plain-text authentication
On Wednesday, June 25, 2008, 14:52:08, Matt wrote:
You can't require it with your version. You need to upgrade and then
hack the registry if you want to do this:
http://support.ipswitch.com/kb/IM-20071231-JH01.htm
The real issue however is when an E-mail client sends in plain-text.
Rod,
I have never heard of an authentication scheme that fails a protocol and
then tries something more secure instead. The only claim for the server
being involved is that it allows people to mistakenly use a less secure
means by misconfiguration.
On our server where we host a very wide
