Turn off SMTP Authentication?

[JMGarcía]

Hello,

I have a customer that have a windows desktop aplication that he use to manage their email but we can't send email with this, receives without problems but when send it gives this error, ... the email works well in Outlook,...

Following the recommendation in another post if I disabled this option the email send without problems:

whm>>Exim Configuration manager>>Security>> I have to turn off this option:
"Require clients to connect with SSL or issue the STARTTLS command before they are allowed to authenticate with the server"

But also read that this is a risk security,... "by allowing the plaintext transmission of authentication credentials"

My questions are:

How bad is set this option to off?
This is a security risk for all server or only for this account?
Only risk for email account o risk for all credetial account?
There are some way to enable this only in one account?

Thanks.
Regards.

 

[sparek-3]

What port is the user using to check mail with?

Is the user using STARTTLS for their POP3 or IMAP (receiving mail) connection?

What version of Outlook is the user using?

I would guess that the user is not using secure POP3 or IMAP and is using an older version of Outlook that perhaps does not support TLSv1.2 and your server is only accepting TLSv1.2 connections, that's why the user is unable to start a secure connection.

When you don't use TLS, then everything you send and receive along that connection is passed in plain text. This means anyone that happens to be listening on the connection can read everything that passes through it - including password information if it is sent.

 

[JMGarcía]

The user don't use Outlook, is a custom desktop application made in .net I think,...

So if the rest of the cpanel accounts in this VPS use TLS o SSL, there would be no security problems in these?

 

[sparek-3]

If the user's application works without TLS but does not work with TLS... then the issue is with TLS.

I would suspect that the client's custom desktop application is relying on old TLS libraries and needs to be updated, otherwise it won't be able to use TLS.

Is not using TLS good or bad? That's entirely up to you and the client.

 

[cPanelLauren]

It seems like ultimately the issue is that the outlook client you're client is using isn't utilizing the TLS protocol instead it's trying to connect over SSL which the server does not accept as noted by @sparek-3. Microsoft did add fixes in the forum of a patch for this https://support.microsoft.com/en-us...and-tls-1-2-as-default-secure-protocols-in-wi

Ultimately though, you've only got a few options:

1. Have the user use an up to date client or a free one like Mozilla thunderbird - Recommended
2. Begin accepting the SSL connections - NOT Recommended
3. Stop requiring clients to connect over SSL/TLS - NOT Recommended