Improve SMTP Unencrypted Cleartext Login

PBSH · May 27, 2022, 7:20am

SMTP Unencrypted Cleartext Login (OID: "1.3.6.1.4.1.25623.1.0.108530) reports the SMTP serrver allows cleartext logins over unencrypted connections. The advise is to enable SMTPS or enforce the connection via the “STARTTLS” command.

This is the output of a telnet session:

Connecting to [REDACTED_IP_ADDRESS]

220 [REDACTED_MAIL_SERVER] ESMTP [180 ms]
EHLO keeper-us-east-1b.mxtoolbox.com
250-mail.cloud.bis.eu
250-SIZE 20480000
250-STARTTLS
250-AUTH LOGIN
250 HELP [194 ms]
MAIL FROM:<supertool@mxtoolboxsmtpdiag.com>
530 Must issue STARTTLS first. [194 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
503 must have sender first. [194 ms]

As you can see, the STARTTLS command comes before the AUTH LOGIN command. Is this a false positive?

Lukas · May 27, 2022, 1:14pm

How can you issue a AUTH Login here ? Your “starttls” is broken and so far you speak here clear text.


ehlo XX
250-XXX
250-SIZE 104857600
250-8BITMIME
250-PIPELINING
250-PIPE_CONNECT
250-CHUNKING
250-STARTTLS
250 HELP
starttls
**220 TLS go ahead**