f



How to turn off plain text

I am failing a PCI certification test because my newly installed sendmail o=
n a FreeBSD system is giving me the following problem:

"The service running on this port appears to make use of a plaintext (unenc=
rypted) communication channel. The PCI DSS forbids the use of such insecure=
 services/protocols. Unencrypted communication channels are vulnerable to t=
he disclosure and/or modification of any data transiting through them (incl=
uding usernames and passwords), and as such the confidentially and integrit=
y of the data in transit cannot be ensured with any level of certainty."

This is showing up on both port 25 and 587.

I have been searching for hours on how to turn off the plain text on sendma=
il, but have been unsuccessful.

Any assistance would be appreciated.

Thanks,

Marshall
0
mdudley250
7/19/2016 1:08:13 AM
comp.mail.sendmail 13518 articles. 1 followers. jfretby (35) is leader. Post Follow

2 Replies
180 Views

Similar Articles

[PageSpeed] 54

mdudley250@gmail.com wrote:
> I have been searching for hours on how to turn off the plain text on
> sendmail, but have been unsuccessful.

Didn't
	cf/README, chapter STARTTLS, section Allowing Connections
work out for you?

							Martin
0
neitzel
7/20/2016 11:38:06 AM
On Monday, July 18, 2016 at 9:08:14 PM UTC-4, mdudl...@gmail.com wrote:
> I am failing a PCI certification test because my newly installed sendmail=
 on a FreeBSD system is giving me the following problem:
>=20
> "The service running on this port appears to make use of a plaintext (une=
ncrypted) communication channel. The PCI DSS forbids the use of such insecu=
re services/protocols. Unencrypted communication channels are vulnerable to=
 the disclosure and/or modification of any data transiting through them (in=
cluding usernames and passwords), and as such the confidentially and integr=
ity of the data in transit cannot be ensured with any level of certainty."
>=20
> This is showing up on both port 25 and 587.
>=20
> I have been searching for hours on how to turn off the plain text on send=
mail, but have been unsuccessful.
>=20
> Any assistance would be appreciated.
>=20
> Thanks,
>=20
> Marshall

Perhaps this excerpt from sendmail.mc will point you in the right direction=
..

dnl #
dnl # The following allows relaying if the user authenticates, and disallow=
s
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #=20
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.=20
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGI=
N PLAIN')dnl

Bill
0
wfmakowski
8/10/2016 2:48:38 AM
Reply: