Setting to enforce authentication on specific SMTP ports
Idea shared by echoDreamz - 4/7/2020 at 12:03 PM
Under Consideration
We are looking to possibly get a setting adding that tells SM that x SMTP port(s) (possibly a setting per port), that authentication is required to send thru x port, unless the IP is SMTP whitelisted/smtp auth bypassed.
We are looking for this too. Usually the submission port that allows authentication should only allow AUTH if a TLS session was negotiated first (STARTLS). Port 25 shouldn't allow AUTH. That's the best practices.

But I don't know how to do this with smartermail :/



Sébastien Riccio
System & Network Admin

Kyle Kerst Replied
Employee Post
Thanks for getting this posted. I have a feature request submitted on behalf of EchoDreamz and this community post will help gather/build a use case that this would benefit the rest of the community. I'll keep an eye on this and will link the post to the ticket as well. 
Kyle Kerst
Lead Internal Network/System Administrator
SmarterTools Inc.
The main reason, we disabled port 25, and after about 3 days, the spammers figured it out and simply updated whatever they were using to hammer our server with crap to our alternative ports.

Also agree, we should be able to state which ports are TLS required.
Plus one!
Maybe a setting per SMTP port that says "Authentication Required", though, I am not sure how hard that is to implement on a per port basis, so maybe a setting on the SMTP In card that says "Authentication Required" and enforce it globally.

I'd think a per-port setting may be better, where as a global setting may be easier to implement. This setting can still by bypassed by IPs that are whitelisted for "SMTP Auth Bypass".
Employee Replied
Employee Post
I have added this to our features request list.
Thanks Robert! This would be an awesome addition to SM, especially since we use external anti-spam gateways.
Any transaction on this idea? Specially port 587, we have a client who is bugging about it as their security scanner service is flagging SmarterMail for allowing unauthenticated mail over the SMTP submission port (587).

We' love a setting to require SMTP auth on ALL smtp ports (unless the IP is SMTP whitelisted).
Any transaction on this idea? Specially port 587, we have a client who is bugging about it as their security scanner service is flagging SmarterMail for allowing unauthenticated mail over the SMTP submission port (587).

We' love a setting to require SMTP auth on ALL smtp ports (unless the IP is SMTP whitelisted).

Maybe I am not understanding your request:

Are you saying you do not want to accept ANY EMAIL from ANYONE unless you have specificlly whitelisted the IP?

So, unless you specificly whitelist the IP addresses used by SmarterMail Cummunity Threads, you do not want to receive email notifications?
Our primary SM server sits behind a few SM gateways that process incoming mail and then hand it off to our primary SM server. So, we want it our primary SM server to be SMTP AUTH only (unless an IP is whitelisted).

Since the primary SM host is what runs webmail, SMTP/IMAP/POP we cannot really fully firewall off the primary SM host from the world. 

Reply to Thread

Enter the verification text