Is it possible to disable SMTP AUTH?
Question asked by Torben Nielsen - 3/15/2020 at 11:02 AM
Unanswered
If using mail clients only from within our private network, or using the Web mail client from the public network, it would be nice to be able to disable the SMTP AUTH on the public network.

Is that possible?

4 Replies

Reply to Thread
0
Douglas Foster Replied
Huh? 
A healthy mail server or gateway allows unauthenticated connections from the Internet only to port 25, and only for message delivery to the local mail server domain(s).   Messages for non-local mail domains should be configured for authentication required.

A mail server which accepts unauthenticated connections from the Internet, for delivery to remote mail domains, is called an open relay, and spammers are constantly probing for them.   If you run an open relay, you take the blame for their dirty deeds.

For Webmail, authentication should always be required, I don't think it can be disabled.

For IMAP, POP, ActiveSync, and EWS, authentication should be used to prevent hacking.  Disabling authentication might be possible, but is a terriible idea.

For applications that submit mail, authentication is always preferred.   If the application is unable to submit credentials, it is possible to configure an authentication exception (from a server admin login, settings, Security, Whitelist, add IP address or range.)    If you do a big enough range, you can configure an open relay, but you should not!

I also recommend using an incoming gateway (SmarterMail+Declude or any other product) in front of your mail server, to further protect your crown jewels from the bad guys..
0
Torben Nielsen Replied
Hi Douglas.

I totally agree with you, but my question remains.

As I would not need anyone accessing neither SMTP nor IMAP nor POP from the internet, thus solely want mailserver-to-mailserver traffic using port 25, no SMTP AUTH is required.  Authentication on the other hand is still needed in the private network.
Enabling SMTP AUTH in SMarterMail seems to also enable authentication from the internet providing means to brute force passwords.

So the question is: can SMTP AUTH be disabled on port 25 accessed from the internet?

Torben Nielsen
0
Kyle Kerst Replied
Employee Post
You can likely add a whitelist entry under Settings>Security>Whitelist that includes SMTP Authentication Bypass. You'd want to add a record only for the internal IP addresses. However, you will want to be certain these local addresses don't send spam (malicious infections) as they will be allowed to relay unhindered.
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
eba rn Replied
If using mail clients only from within our private network, or using the Web mail client from the public network, fence it would be nice to be able to disable the SMTP AUTH on the public network.
Is that possible? 

Select the user, and in the flyout that appears, click Mail. In the Email apps section, click Manage email apps. Verify the Authenticated SMTP setting: unchecked = disabled, checked = enabled. When you're finished, click Save changes. 

Hope this will help.

Reply to Thread