Group: netwin.surgemail
Subject: [SurgeMail List] Re: Portauth behavior / auth question
Date: Sat, 28 Jan 2017 10:40:52 +1300

We will change it to reject the login attempt, I was gonna say 'no' you 
can't stop the client sending the login attempt, but then I realized you 
mostly can, so we've done that too, here is a new binary to test.

     http://netwinsite.com/ftp/misc/l64.tar.gz

with:
g_smtp_portauth "587"
g_smtp_portforce "TRUE"

This is a beta, keep your old surgemail binary just in case :-)

ChrisP.


 > I think surge, with this configuration,  should ignore the user/pass 
when authentication is tried and always reject with "554 Please use smtp 
port (587) not (25)"
>
> What do you think?
>
> I'd really like the client to not send a user/pass in the clear at 
> all.  Is there some way prohibit the client from even trying?
>
> -Troy
>
>
>
>
>



From: Surgemail <surgemail@wcta.net>
Date: Mon, 30 Jan 2017 20:12:14 -0600

So far, this tests well.  Thank you!

I do spot one logging issue.  I'm seeing an awful lot of these in 
login_failed.log:

2017-01-30 20:09:13.00:4057122560: 530 530 Please use smtp port (587) 
not (25) for email clients
2017-01-30 20:09:15.00:4049438464: 530 530 Please use smtp port (587) 
not (25) for email clients

It should list the source IP, I think?

-Troy


On 01/27/2017 03:40 PM, surgemail-support wrote:
> We will change it to reject the login attempt, I was gonna say 'no' 
> you can't stop the client sending the login attempt, but then I 
> realized you mostly can, so we've done that too, here is a new binary 
> to test.
>
>     http://netwinsite.com/ftp/misc/l64.tar.gz
>
> with:
> g_smtp_portauth "587"
> g_smtp_portforce "TRUE"
>
> This is a beta, keep your old surgemail binary just in case :-)
>
> ChrisP.
>
>
> > I think surge, with this configuration,  should ignore the user/pass 
> when authentication is tried and always reject with "554 Please use 
> smtp port (587) not (25)"
>>
>> What do you think?
>>
>> I'd really like the client to not send a user/pass in the clear at 
>> all.  Is there some way prohibit the client from even trying?
>>
>> -Troy
>>
>>
>>
>>
>>
>
>



From: surgemail-support <surgemail-support@netwinsite.com>
Date: Tue, 31 Jan 2017 16:38:26 +1300

Ok, I'll fix that.

     chrisP.



On 31/01/2017 3:12 p.m., Surgemail wrote:
> So far, this tests well.  Thank you!
>
> I do spot one logging issue.  I'm seeing an awful lot of these in 
> login_failed.log:
>
> 2017-01-30 20:09:13.00:4057122560: 530 530 Please use smtp port (587) 
> not (25) for email clients
> 2017-01-30 20:09:15.00:4049438464: 530 530 Please use smtp port (587) 
> not (25) for email clients
>
> It should list the source IP, I think?
>
> -Troy
>
>
> On 01/27/2017 03:40 PM, surgemail-support wrote:
>> We will change it to reject the login attempt, I was gonna say 'no' 
>> you can't stop the client sending the login attempt, but then I 
>> realized you mostly can, so we've done that too, here is a new binary 
>> to test.
>>
>>     http://netwinsite.com/ftp/misc/l64.tar.gz
>>
>> with:
>> g_smtp_portauth "587"
>> g_smtp_portforce "TRUE"
>>
>> This is a beta, keep your old surgemail binary just in case :-)
>>
>> ChrisP.
>>
>>
>> > I think surge, with this configuration,  should ignore the 
>> user/pass when authentication is tried and always reject with "554 
>> Please use smtp port (587) not (25)"
>>>
>>> What do you think?
>>>
>>> I'd really like the client to not send a user/pass in the clear at 
>>> all.  Is there some way prohibit the client from even trying?
>>>
>>> -Troy
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>