Disable Cleartext Login on port 587 tcp submission

You are here: Index > Webuzo > General Support > Topic : Disable Cleartext Login on port 587 tcp submission

Disable Cleartext Login on port 587 tcp submission (2 Replies, Read 14318 times)

Guest	# January 2, 2016, 10:27 pm
Group: Guest Status:	The SMTP server advertises the following SASL methods over an unencrypted channel: All supported methods: LOGIN, PLAIN Cleartext methods: LOGIN, PLAIN Recommended Solution: Configure the service to support less secure authentication mechanisms only over an encrypted channel. Impact: An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used. How to fix this? How to secure Dovecot or Exim to disable that insecure login plain? Thanks
IP: --

Disable Cleartext Login on port 587 tcp submission

valley	# January 19, 2016, 6:03 pm \| Post: 1
Group: Webuzo Team Post Group: Super Member Posts: 1644 Status:	The Dovercot Sieve plugin can be implemented to overcome this. You can try tweaking the Dovecot configurations for once, ----------------------- Webuzo : Single User Control Panel Join Webuzo : Facebook Twitter
IP: --

Disable Cleartext Login on port 587 tcp submission

Guest	# January 19, 2016, 6:08 pm \| Post: 2
Group: Guest Status:	Solution is more simple: You can add the same under: Ubuntu: /etc/exim4/exim4.conf.template (UBUNTU) or CentOS: /etc/exim.conf Search for string "dovecot_" and then add below mentioned property at the bottom of every dovecot drivers: ------------- server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}} ------------- After making the changes do: Ubuntu: update-exim.conf and service exim4 restart CentOS: service exim restart The above changes will only advertise auth when the connection is secure.
IP: --

Jump To :

Users viewing this topic
	1 guests, 0 users.

All times are GMT. The time now is May 3, 2025, 11:18 am.

Queries: 10 | Page Created In:1.370