PCI Compliance - Courier - Disable SMTP plain text authentication

[djdavedawson]

My PCI scan is coming back with "Mail Server Accepts Plaintext Credentials" for ports 25 and 587.

I found in this forum a solution for Dovecot (Im on Courier) to solve this issue, simply select the following:

"Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."

When I do this, I get sending failures and my mail log gets flooded with the following error:

imapd-ssl: NOTICE: Disconnected during shutdown by signal,

Any suggestions on how to remedy this issue.

Thanks in Advance

 

[cPanelMichael]

Hello

Could you elaborate further on the specific sending failure messages you receive? Are you connecting to the mail server with SSL?

Thank you.

 

[djdavedawson]

Ok, so this is 2 different issues when I select

"Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server."

Issue #1:

Immediately after i turn it on, the mail log gets flooded with

imapd-ssl: NOTICE: Disconnected during shutdown by signal,

Issue #2

Email Scripts on the server using smtpauth fail. They are set to use the SSL settings. Hostname and port 465.

Thanks

 

[cPanelMichael]

Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[pski]

Was a solution to this arise yet? I too am interested.

 

[cPanelMichael]

Was a solution to this arise yet? I too am interested.

Are you able to switch to Dovecot, or is there something in particular that's keeping you on Courier?

Thank you.