54582 - SMTP Service Cleartext Login Permitted

admin4system.com · May 4, 2023, 10:11am

Can it be easily changed?

Should I look for this option here and what can I change the plaintext parameter to?

exim4.conf.template

begin authenticators

smtp_relay_login:
driver = plaintext
public_name = LOGIN
hide client_send = : SMTP_RELAY_USER : SMTP_RELAY_PASS

Information from the scanner:

Description
The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used.
See Also

Solution
Configure the service to support less secure authentication mechanisms only over an encrypted channel.

Plugin Output
tcp/587/smtp

The SMTP server advertises the following SASL methods over an
unencrypted channel on port 587 :

All supported methods : LOGIN, PLAIN
Cleartext methods : LOGIN, PLAIN

eris · May 4, 2023, 10:44am

Close port 587 and force the user to use 465 …

admin4system.com · May 4, 2023, 11:38am

I can’t use 465.
I have to use 587.

linkp · May 4, 2023, 5:00pm

I don’t use the email service on Hestia, nor do I use exim, but based on my postfix configuration of the submission service, which only accepts passwords after the STARTTLS verb, I would expect that such a configuration is possible in exim on Hestia.