Group: netwin.surgemail
From: Surgemail <surgemail@wcta.net>
Subject: [SurgeMail List] prohibit smtp auth on port 25
Date: Fri, 27 Jan 2017 12:24:19 -0600

Hello,

How can I prohibit non-secure authentication, or any authentication on 
smtp port 25?  My users should be using port 587 for authentication.

We're not ready for "g_ssl_require_login" yet.

-Troy



From: Matthew Beckwell <matthewb@aitech.net>
Date: Fri, 27 Jan 2017 13:11:07 -0600

--94eb2c0b6c32684ceb0547183a4c
Content-Type: text/plain; charset=UTF-8

Hi Troy,
I think a combination of these will accomplish what you're looking for...

g_smtp_portauth "587"
g_smtp_portforce "TRUE"

~Matthew


On Fri, Jan 27, 2017 at 12:24 PM, Surgemail <surgemail@wcta.net> wrote:

> Hello,
>
> How can I prohibit non-secure authentication, or any authentication on
> smtp port 25?  My users should be using port 587 for authentication.
>
> We're not ready for "g_ssl_require_login" yet.
>
> -Troy
>
>
>

--94eb2c0b6c32684ceb0547183a4c
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Hi Troy,<div>I think a combination of these will accomplis=
h what you&#39;re looking for...</div><div><br></div><div><div>g_smtp_porta=
uth &quot;587&quot;</div><div>g_smtp_portforce &quot;TRUE&quot;</div></div>=
<div class=3D"gmail_extra"><div><div class=3D"gmail_signature" data-smartma=
il=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><div dir=3D"ltr"><=
div dir=3D"ltr"><p>~Matthew</p><p></p></div></div></div></div></div></div>
<br><div class=3D"gmail_quote">On Fri, Jan 27, 2017 at 12:24 PM, Surgemail =
<span dir=3D"ltr">&lt;<a href=3D"mailto:surgemail@wcta.net" target=3D"_blan=
k">surgemail@wcta.net</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_q=
uote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1e=
x">Hello,<br>
<br>
How can I prohibit non-secure authentication, or any authentication on smtp=
 port 25?=C2=A0 My users should be using port 587 for authentication.<br>
<br>
We&#39;re not ready for &quot;g_ssl_require_login&quot; yet.<br>
<br>
-Troy<br>
<br>
<br>
</blockquote></div><br></div></div>

--94eb2c0b6c32684ceb0547183a4c--


From: Surgemail <surgemail@wcta.net>
Date: Fri, 27 Jan 2017 14:05:33 -0600

This is a multi-part message in MIME format.
--------------E55EE3745D28ED56A020D9CB
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit

We have those checked already.

Hrm.  I've tested this a bit just now.  I do get a proper "554 - Please 
use smtp port 587" if I try to auth over port 25. This then generates a 
"x.x.x.x user@domain.com NOTSSL" logged in login.log.

So technically, this is working.  I just didn't expect surge to actually 
verify(and thus log) a successful user/pass in this case.

-Troy



On 01/27/2017 01:11 PM, Matthew Beckwell wrote:
> Hi Troy,
> I think a combination of these will accomplish what you're looking for...
>
> g_smtp_portauth "587"
> g_smtp_portforce "TRUE"
>
> ~Matthew
>
>
> On Fri, Jan 27, 2017 at 12:24 PM, Surgemail <surgemail@wcta.net 
> <mailto:surgemail@wcta.net>> wrote:
>
>     Hello,
>
>     How can I prohibit non-secure authentication, or any
>     authentication on smtp port 25?  My users should be using port 587
>     for authentication.
>
>     We're not ready for "g_ssl_require_login" yet.
>
>     -Troy
>
>
>


--------------E55EE3745D28ED56A020D9CB
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    We have those checked already.<br>
    <br>
    Hrm.  I've tested this a bit just now.  I do get a proper "554 -
    Please use smtp port 587" if I try to auth over port 25. This then
    generates a "x.x.x.x <a class="moz-txt-link-abbreviated" href="mailto:user@domain.com">user@domain.com</a> NOTSSL" logged in login.log.  <br>
    <br>
    So technically, this is working.  I just didn't expect surge to
    actually verify(and thus log) a successful user/pass in this case.<br>
    <br>
    -Troy<br>
    <br>
    <br>
    <br>
    <div class="moz-cite-prefix">On 01/27/2017 01:11 PM, Matthew
      Beckwell wrote:<br>
    </div>
    <blockquote
cite="mid:CAHfZdumD=r1sR16PsOm=w6+mE_PzXSmGtxbxSh=T2VhbsXwHVg@mail.gmail.com"
      type="cite">
      <div dir="ltr">Hi Troy,
        <div>I think a combination of these will accomplish what you're
          looking for...</div>
        <div><br>
        </div>
        <div>
          <div>g_smtp_portauth "587"</div>
          <div>g_smtp_portforce "TRUE"</div>
        </div>
        <div class="gmail_extra">
          <div>
            <div class="gmail_signature"
              data-smartmail="gmail_signature">
              <div dir="ltr">
                <div dir="ltr">
                  <div dir="ltr">
                    <div dir="ltr">
                      <p>~Matthew</p>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
          <br>
          <div class="gmail_quote">On Fri, Jan 27, 2017 at 12:24 PM,
            Surgemail <span dir="ltr">&lt;<a moz-do-not-send="true"
                href="mailto:surgemail@wcta.net" target="_blank">surgemail@wcta.net</a>&gt;</span>
            wrote:<br>
            <blockquote class="gmail_quote" style="margin:0 0 0
              .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
              <br>
              How can I prohibit non-secure authentication, or any
              authentication on smtp port 25?  My users should be using
              port 587 for authentication.<br>
              <br>
              We're not ready for "g_ssl_require_login" yet.<br>
              <br>
              -Troy<br>
              <br>
              <br>
            </blockquote>
          </div>
          <br>
        </div>
      </div>
    </blockquote>
    <br>
  </body>
</html>

--------------E55EE3745D28ED56A020D9CB--