PCI Compliance - Courier - Disable SMTP plain text authentication

djdavedawson

• January 23, 2015 16:18

My PCI scan is coming back with "Mail Server Accepts Plaintext Credentials" for ports 25 and 587. I found in this forum a solution for Dovecot (Im on Courier) to solve this issue, simply select the following: "Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."
When I do this, I get sending failures and my mail log gets flooded with the following error:
imapd-ssl: NOTICE: Disconnected during shutdown by signal,
Any suggestions on how to remedy this issue. Thanks in Advance

• 

  cPanelMichael

  • January 26, 2015 15:24

  Hello :) Could you elaborate further on the specific sending failure messages you receive? Are you connecting to the mail server with SSL? Thank you.

  0
• 

  djdavedawson

  • January 26, 2015 20:24

  Ok, so this is 2 different issues when I select "Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."
  Issue #1: Immediately after i turn it on, the mail log gets flooded with
  imapd-ssl: NOTICE: Disconnected during shutdown by signal,
  Issue #2 Email Scripts on the server using smtpauth fail. They are set to use the SSL settings. Hostname and port 465. Thanks

  0
• 

  cPanelMichael

  • January 28, 2015 17:52

  Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you.

  0
• 

  pski

  • February 05, 2015 17:01

  Was a solution to this arise yet? I too am interested.

  0
• 

  cPanelMichael

  • February 16, 2015 19:09

  ]Was a solution to this arise yet? I too am interested.

  
  Are you able to switch to Dovecot, or is there something in particular that's keeping you on Courier? Thank you.

  0

Please sign in to leave a comment.