(3/15/2021: Corrected first item to say that we can require all logins to use encryption. The problem is whether logins are alowed at all.)
1) We already have the ability to prevent unencrypted login. This is on the System Adminsitration login, Settings... Protocols... [SMTP In] section. My mistake.
2) There is a great deal of confusion about making TLS mandatory on a particular port binding. My understanding is this:
-- Setting a port to SSL makes encryption mandatory but enables SSLv3.
-- Setting a port to TLS disables SSLv3 but enables STARTTLS, making encryption optional.
-- To make encryption mandatory without enabling SSLv3, set the port to SSL and set the system Security Protocols to anything other than SSL 3.0. (Found on System Administrator... Settings... Protocols... [Security Protocols] section.)
control whether or not authenticated login is required. This is on the System Admnistrator login,
that this is really just a restatement of longstanding issues. If this is correct, it needs to be clearly documented. If it is incorrect, the correct answer needs to be clearly documented.
3) There have been many posts requesting the ability to prevent authe4nticated and unauthenticated logins on the same port, so my request is really old news. It is time to get this fixed. One of the consequences is that, if a submission port is enabled or authenticated users, then spammers can use that port to bypass any incoming gateway and its filters by using the submission port. A security problem this large should have been addressed promptly.https://portal.smartertools.com/community/a92071/splitting-port-25-from-port-587-log-traffic.aspx
This is related to forcing authenticated and unauthenticated traffic onto separate ports.https://portal.smartertools.com/community/a1636/smartermail-not-secure.aspx
This post documents the fact that unauthenticated traffic is allowed on port 587, which means that if IMAP+SMTP or POP3+SMTP is enabled, then attckers can bypass any incoming gateway by using the submission port. Submission ports should require authentication.https://portal.smartertools.com/community/a90675/how-to-disable-smtp-access.aspx
This post requests the ability to disable inbound authenticated SMTP, so that outbound email must use webmail.https://portal.smartertools.com/community/a2109/only-accept-email-from-a-filter-gateway_.aspx
This post is about spammers bypassing an incoming gateway and submitting email directly to the SmarterMail server.https://portal.smartertools.com/community/a89658/is-is-possible-to-disable-port-25-authentication-in-sm.aspx
This post requests the ability to disable authenticated SMTP on port 25.https://portal.smartertools.com/community/a87083/lock-down-port-25.aspx
Another request to disable Authenticated SMTP on port 25.