Disable smtp plain auth in port 25


I want to disable the whole smtp auth on port 25, so only we can login by TLS or SSL port.

I searched a lot and I didn’t find the correct confiugration for that in the forums.

May you guide me for this?
Thank you.

Interesting question. A quick Google search offers the following solution (note: I haven’t tried it, because I never used Exim4 before HestiaCP):

The common solution is to advertise the AUTH only for hosts that have chosen STARTTLS after unencrypted connection to the port 25:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

After the STARTTLS command is performed and TLS connection is established the $tls_cipher variable for current session becomes non-empty. Client now is advertized that AUTH is allowed while session is secured by TLS and no plaintext passwords are passed over the unuencripted connection.
smtp - How to deny authentication on port 25 in Exim mail server - Ask Ubuntu

Thanks a lot, it is done with the below configuration:

  driver = dovecot
  public_name = PLAIN
  server_socket = /var/run/dovecot/auth-client
  server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
  server_set_id = $auth1

  driver = dovecot
  public_name = LOGIN
  server_socket = /var/run/dovecot/auth-client
  server_advertise_condition = ${if eq{$tls_cipher}{}{no}{yes}}
  server_set_id = $auth1

With this way no SMTP auth can be done by port 25, but I already bind 26 in exim, I want to configure PLAIN SMTP in this port , any connection PLAIN SMTP will be allowed on 26 only.
Is it possible to do this ? server_advertised_condition ?
So 465 , 587 will be working normal as it is
port 25 only receiving .
port 26 can send smtp plain.

looking forward @kpv

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.