No announcement yet.

PCI compliance fails on port 25

  • Filter
  • Time
  • Show
Clear All
new posts

  • PCI compliance fails on port 25

    Hi there... the latest pci compliance scan scan on 2003 sbs showed the following failure... anybody any ideas for a solution as i can't find anything following their resolution :-

    Description: SMTP Service Cleartext Login Permitted Synopsis: The remote mail server allows cleartext logins. Impact: The remote host is running an SMTP server that advertises that it allows cleartext logins over unencrypted connections. An attacker may be able to uncover user names and passwords by sniffing traffic to the server if a less secure authentication mechanism (i.e. LOGIN or PLAIN) is used. See also : Data Received: The SMTP server advertises the following SASL methods over an unencrypted channel : All supported methods : NTLM, LOGIN, GSSAPI Cleartext methods : LOGIN Resolution: Configure the service to support less secure authentication mechanisms only over an encrypted channel. Risk Factor: Medium/ CVSS2 Base Score: 4.0 AV:N/AC:H/Au:N/C:P/I:N/A:N

    Many thanks in advance

  • #2
    Re: PCI compliance fails on port 25

    Turn off all authentication types except anonymous on the SMTP virtual server in Exchange. That will of course stop anything doing authenticated relaying, but you cannot have it both ways. Either allow authenticated relaying and fail the rather dumb automated test, or disable authenticated relay and pass the test.

    Simon Butler
    Exchange MVP

    More Exchange Content:
    Exchange Resources List:
    In the UK? Hire me:

    Sembee is a registered trademark, used here with permission.


    • #3
      Re: PCI compliance fails on port 25

      Hi Simon,

      That was the answer. It worked a treat. Many thanks