PCI Compliance - Courier - Disable SMTP plain text authentication

djdavedawson

Member
Jul 18, 2007
11
0
51
My PCI scan is coming back with "Mail Server Accepts Plaintext Credentials" for ports 25 and 587.

I found in this forum a solution for Dovecot (Im on Courier) to solve this issue, simply select the following:

"Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."
When I do this, I get sending failures and my mail log gets flooded with the following error:

Code:
imapd-ssl: NOTICE: Disconnected during shutdown by signal,
Any suggestions on how to remedy this issue.

Thanks in Advance
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello :)

Could you elaborate further on the specific sending failure messages you receive? Are you connecting to the mail server with SSL?

Thank you.
 

djdavedawson

Member
Jul 18, 2007
11
0
51
Ok, so this is 2 different issues when I select

"Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."
Issue #1:

Immediately after i turn it on, the mail log gets flooded with

Code:
imapd-ssl: NOTICE: Disconnected during shutdown by signal,
Issue #2

Email Scripts on the server using smtpauth fail. They are set to use the SSL settings. Hostname and port 465.

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Was a solution to this arise yet? I too am interested.
Are you able to switch to Dovecot, or is there something in particular that's keeping you on Courier?

Thank you.