Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SMTP Auth
  FAQ FAQ  Forum Search   Register Register  Login Login

SMTP Auth

 Post Reply Post Reply
Author
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Topic: SMTP Auth
    Posted: 10 June 2018 at 7:34am
Is there any INI setting to disable SpamFilter from announcing SMTP Auth?  We don't have any users sending mail through our server with authentication.

Some PCI compliance guys are making noises that our server is advertising SMTP Auth, since we don't use it we might as well just stop announcing it.
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 10 June 2018 at 8:28am
Uhm.. we're actually going to classify thit as a bug - if SpamFilter is not configured to use authentication, then your PCI guys are right - we should not advertise it being available.

We should be able to have a patch ready within the next 24/48 hours.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 12 June 2018 at 8:36pm
Yapadu,

FYI a patched build (v4.7.4.250) is now available for download in the registered user area. Thanks for the report!
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
mmmctune View Drop Down
Newbie
Newbie


Joined: 09 September 2017
Status: Offline
Points: 15
Post Options Post Options   Thanks (0) Thanks(0)   Quote mmmctune Quote  Post ReplyReply Direct Link To This Post Posted: 11 July 2018 at 8:33am
Running v4.7.4.250, still seeing these - 07/11/18 07:25:19:033 -- (40641232) User failed AUTH LOGIN:
Did I miss a setting? user Authentication is set to none.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 11 July 2018 at 1:40pm
If authentication is disabled in SpamFilter, then SpamFilter will not advertise that it supports authentication in the EHLO response. Per RFC, this should prevent clients from attempting to authenticate.

If a hacker tries to authenticate anyways... SpamFilter is simply sending to NULL the username/password and will simply ignore the auth request (but we are logging the attempted username/password in the logs so admins can see what the hacker is trying to do...). 
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
mmmctune View Drop Down
Newbie
Newbie


Joined: 09 September 2017
Status: Offline
Points: 15
Post Options Post Options   Thanks (0) Thanks(0)   Quote mmmctune Quote  Post ReplyReply Direct Link To This Post Posted: 11 July 2018 at 2:06pm
OK, thanks.
Back to Top
dspan824 View Drop Down
Newbie
Newbie


Joined: 13 September 2018
Location: Wisconsin USA
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote dspan824 Quote  Post ReplyReply Direct Link To This Post Posted: 13 September 2018 at 12:19pm
My mail Server requires Authentication - I am not using SSL or TLS - How do I Pass this through the spam filter to the Server  The Log entry is:  User failed AUTH LOGIN: my IP Address 

Any help would be Appreciated


Edited by dspan824 - 13 September 2018 at 12:20pm
Dan Spangler
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 13 September 2018 at 10:09pm
dspan824,

As mentioned in the support email, the issue is likely caused by this bug that is fixed in the licensed version of SpamFilter but that has not been added to the eval version yet: 

// New to VersionNumber = '4.7.4.250';

{TODO -cFix : Outbound TLS connections were only being made with TLS 1.0, even if TLS 1.1 and TLS 1.2 were configured and in use correctly for inbound emails}

{TODO -cFix : Due to a regression error since v4.5, the AUTH LOGIN appeared in the welcome banner even if authentication was disabled in SpamFilter

We provided a workaround earlier today, but please feel free to contact again either via our support email or via the forum if you need us to assist further!

Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.236 seconds.