[BlueOnyx:27257] Disabling plain text login for Postfix
Chris Gebhardt - VIRTBIZ Internet
cobaltfacts at virtbiz.com
Tue Sep 24 15:09:18 -05 2024
Working with a customer on a 5210R box, they've had a PCI scan fail due
to allowing plaintext authentication over port 25. No matter that
they don't process credit cards over port 25... anyhow....
Is there a recommended method for disabling plaintext authentication in
Postfix (or Dovecot if Postfix is using Dovecot's auth?)
Also getting dinged for the mailserver (on TCP 25, 465 and 587) allowing
anonymous authentication. The recommendation? Literally "Disable
support for anonymous authentication to mitigate this
vulnerability." Not sure how to proceed with that under BlueOnyx.
--
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ
More information about the Blueonyx
mailing list