PLAIN authentication is ok, provided that TLS has been activated by the
client (presumably before credentials are sent) or SSL is in use
(unconventional 465 port).
In changing this, each client will need to be manually reconfigured. I'm
not aware of any client that automatically adjusts to changes such as this.
I'm not aware of a practical way to require encrypted passwords for
qmail-smtpd (whether on port 25 or 587) at this point. Spamdyke has a
recent feature allowing it to handle authentication, and I believe that
Sam will be adding a setting to require encryption before authentication
in the next release. When that's available, I'll be changing QMT to use
spamdyke for authentication, which will (at last) allow for enforcement
of this policy (no passwords sent in clear text).
On the retrieval side of things, dovecot provides such a configuration
parameter, #disable_plaintext_auth = yes, which is the default value.
P.S. FWIW, I would have not expected to see (as many) unauthorized
attempts on port 587. Spammers will eventually use this port though.
--
-Eric 'shubes'
On 03/05/2014 08:34 AM, LHTek wrote:
I am using PLAIN text passwords I'm afraid. I will be changing that now
though. I very tired of these password hacks.
Since this will be a new process for me I have questions: In changing
the server to require encrypted passwords, will I need to contact all my
clients and have them change the way they connect? Or will their email
clients just automate the change?
------------------------------------------------------------------------
*From:* "c...@milos.co.za" <c...@milos.co.za>
*To:* vchkpw@inter7.com
*Sent:* Wednesday, March 5, 2014 6:45 AM
*Subject:* [vchkpw] [SPAM] Re: [vchkpw] [SPAM] Re: [vchkpw] [SPAM]
Re: [vchkpw] Qmail maillog vchkpw-submission vs vchkpw-smtp
It doesn't matter how good your password is if you're using
plaintext connections :)
Since every MUA I've used i nthe last few years supports SSL or TLS
I should really get around to deprecating pop3 and imap and only
using pop3s and imaps.
This is especially imporant since some govts are trying to push
through laws forcing ISP's to store all of the data each of their
users downloads meaning that your unencrypted data will remain
stored for however long is legislated with access by who knows how
many people.
\\Clay
On 2014-03-05 07:57, Tom Collins wrote:
The submission entries outside the US could very well be from
hacked accounts.
I'm finding a surprising number of compromised accounts (once a
week?), including users with good passwords, so I have to assume
they're snooped on public wireless, or their computers are
compromised by malware of some sort.
The vckpw-smtp entries from outside the US are probably also
hacked accounts, since mail received from remote servers doesn't
include authentication. Sorry I wasn't thinking clearly in my
previous response -- I forgot these were vchkpw entries and are
only related to authentication. I was thinking about qmail logs.
-Tom
On Mar 4, 2014, at 10:43 PM, LHTek wrote:
Thanks for the reply.
NOTE: None of my users will have sent anything from outside the US.
I've got some log entries for vchkpw-submission (marked as
successful in the log) with non-US IP's (Russia, Egypt, Honk
Kong, etc).In my analysis I'm marking those entries as hacked
accounts.
From what I read from your response, vchkpw-smtp (marked as
successful in the log) entries could be mail sent TO my server
FROM another server on port 25. That tells me those are probably
safe submissions - even if they are from overseas IPs. Am I
thinking correctly?
------------------------------------------------------------------------
*From:* Tom Collins <t...@tomlogic.com <mailto:t...@tomlogic.com>>
*To:* vchkpw@inter7.com <mailto:vchkpw@inter7.com>
*Sent:* Wednesday, March 5, 2014 12:02 AM
*Subject:* Re: [vchkpw] Qmail maillog vchkpw-submission vs
vchkpw-smtp
vchkpw-submission is on port 587, and is typically used for
emai clients relaying mail. It's often set up to require
authentication.
vchkpw-smtp is on port 25, and can be used for email clients
to relay mail, or by other servers delivering mail to your
server.
-Tom
On Mar 4, 2014, at 9:41 PM, LHTek wrote:
In the /var/log/maillog file what is the difference between
these 2 entries (vchkpw-submission, vchkpw-smtp)?
example:
Mar 4 17:27:03 michael vpopmail[14701]: vchkpw-submission:
(PLAIN) login success t...@domain.com:64.185.3.238
Mar 4 10:54:42 michael vpopmail[29027]: vchkpw-smtp:
(PLAIN) login success t...@domain.com:64.57.239.114
!DSPAM:531756ed34261630194476!