How to prevent cleartext logins to POP and SMTP?

Created:

2016-11-16 13:12:33 UTC

Modified:

2017-08-16 17:14:48 UTC

1

Was this article helpful?


Have more questions?

Submit a request

How to prevent cleartext logins to POP and SMTP?

Applicable to:

  • Plesk for Linux

Question

How to prevent POP and SMTP clear text logins according to PCI compliance?

Answer

Remove LOGIN string in the following line at /etc/courier-imap/pop3d file

POP3AUTH="CRAM-MD5 CRAM-SHA1 CRAM-SHA256"

If qmail is used, this is recommended to switch to Postfix. Forcing secure connection over SMTP in Qmail requires patching. Qmail entered extended support .

Add the following line to /etc/postfix/main.cf Postfix configuration file :

smtpd_tls_auth_only=yes
Have more questions? Submit a request
Please sign in to leave a comment.