On 2023-04-23 11:53, Benny Pedersen wrote:
dovecot--- via dovecot skrev den 2023-04-23 20:25:
I tried to enable it on postfix smtp_sasl_auth_enable, but it is was not advertise.
That is because "smtp" is not the same as "smtpd".
http://www.postfix.org/postconf.5.html#smtpd_sasl_auth_enable
port 25 should not support sasl auth, make this a override in master.cf so it only is on port 465, or 587
when remote mta's blindly just try sasl auth on port 25 thay miss a password, and give up, after wasting resourses in both ends
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
FYI, +1...
Especially since some email clients STILL fallback to insecure password auth attempts on port 25, resulting in sending email passwords across the internet in plain text.
Everyone should adopt this policy by default. Turning off AUTH on insecure connections has shown to reduce email compromise levels by up to 90%.
Reminder, this also applies to POP/IMAP.
-- "Catch the Magic of Linux..."
Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.