Ah, so it’s not a setting I can set as I’m running 1.03-2.1 [production].
I can wait for the 1.03-3.1 to make it into production, then set it up. To me,
I’ve warned all clients to NEVER EVER use port 25 [instead, use 465/587 with
the proper TLS turned on], so this is not a super critical patch.
Thanks!
Carl
From: Eric Broch [mailto:ebr...@whitehorsetc.com]
Sent: Tuesday, June 18, 2019 10:38 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] SMTP configuration
What about the most recent qmail (1.03-3.1) package in the development tree. It
has a patch that forces encryption before authentication.
On 6/18/2019 6:46 AM, CarlC Internet Services Service Desk wrote:
I have my own OpenVAS server to test my Qmail server for security. One of the
things I get as a “medium” warning is
“The remote host is running SMTP server that allows cleartext logins over
unencrypted connections.”
It’s saying we allow LOGIN and PLAIN for SMTP while supporting the “STARTTLS”
command.
I’ve been looking at the /var/qmail/supervise/smtp/run file but don’t see how
to turn off the LOGIN and PLAIN for SMTP [or enforce STARTTLS instead].
Ideas on how to fix this?
Carl
p.s. if anyone needs a good scanning tool, I highly recommend OpenVAS. After
all, like Qmail, it’s freeware [or has a free version]