correcting my own typo now
On 12/03/2016 05:44 PM, John Fawcett wrote:
> On 12/03/2016 05:25 PM, rich.gre...@hushmail.com wrote:
>> Here I am, replying to my own post again. What I said in the prior post
>> wasn't entirely true. I realized that I used the wrong password in my prior
>> attempt. I am still granted access to the SMTP service after authenticating
>> in plaintext on port 25.
>>
>> So I'm somewhat confused how to prevent/discourage users from sending their
>> authentication detail in the clear when there are secure methods that exist
>> (such as, $ openssl s_client -starttls smtp -connect example.com:587)
>>
>>
>> $ telnet example.com 25
>> Trying 87.138.xxx.yyy...
>> Connected to example.com.
>> Escape character is '^]'.
>> 220 example.com ESMTP Postfix (Ubuntu)
>> ehlo example.com
>> 250-example.com
>> 250-PIPELINING
>> 250-SIZE 10240000
>> 250-VRFY
>> 250-ETRN
>> 250-STARTTLS
>> 250-AUTH PLAIN LOGIN
>> 250-AUTH=PLAIN LOGIN
>> 250-ENHANCEDSTATUSCODES
>> 250-8BITMIME
>> 250 DSN
>> AUTH LOGIN
>> 334 VXNlcm5hbWU6
>> dXNlckBleGFtcGxlLmNvbQ==
>> 334 UGFzc3dvcmQ6
>> eW91IHdvdWxkIGRlY29kZSB0aGlz
>> 235 2.7.0 Authentication successful
>> quit
>>
>>
>> Thanks
>>
> Sounds as though you have not disabled auth on port 25, so you have
> still got
>
> smtpd_sasl_auth_enable=yes
>
> for the smtpd service. You may have configured that in main.cf by changing
> the default value or in master.cf for the specific smtpd entry.
>
> John
>
>
