On 2023-04-23 11:53, Benny Pedersen wrote:
dovecot--- via dovecot skrev den 2023-04-23 20:25:
I tried to enable it on postfix smtp_sasl_auth_enable, but it is was
not advertise.
That is because "smtp" is not the same as "smtpd".
http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable
port 25 should not support sasl auth, make this a override in master.cf
so it only is on port 465, or 587
when remote mta's blindly just try sasl auth on port 25 thay miss a
password, and give up, after wasting resourses in both ends
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
FYI, +1...
Especially since some email clients STILL fallback to insecure password
auth attempts on port 25, resulting in sending email passwords across
the internet in plain text.
Everyone should adopt this policy by default. Turning off AUTH on
insecure connections has shown to reduce email compromise levels by up
to 90%.
Reminder, this also applies to POP/IMAP.
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
