On Monday, July 18, 2016 at 9:08:14 PM UTC-4, mdudl...@gmail.com wrote:
> I am failing a PCI certification test because my newly installed sendmail=
on a FreeBSD system is giving me the following problem:
> "The service running on this port appears to make use of a plaintext (une=
ncrypted) communication channel. The PCI DSS forbids the use of such insecu=
re services/protocols. Unencrypted communication channels are vulnerable to=
the disclosure and/or modification of any data transiting through them (in=
cluding usernames and passwords), and as such the confidentially and integr=
ity of the data in transit cannot be ensured with any level of certainty."
> This is showing up on both port 25 and 587.
> I have been searching for hours on how to turn off the plain text on send=
mail, but have been unsuccessful.
> Any assistance would be appreciated.
Perhaps this excerpt from sendmail.mc will point you in the right direction=
dnl # The following allows relaying if the user authenticates, and disallow=
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.=20
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGI=