SMTP Unencrypted Cleartext Login (OID: "1.3.6.1.4.1.25623.1.0.108530
) reports the SMTP serrver allows cleartext logins over unencrypted connections. The advise is to enable SMTPS or enforce the connection via the “STARTTLS” command.
This is the output of a telnet session:
Connecting to [REDACTED_IP_ADDRESS]
220 [REDACTED_MAIL_SERVER] ESMTP [180 ms]
EHLO keeper-us-east-1b.mxtoolbox.com
250-mail.cloud.bis.eu
250-SIZE 20480000
250-STARTTLS
250-AUTH LOGIN
250 HELP [194 ms]
MAIL FROM:<supertool@mxtoolboxsmtpdiag.com>
530 Must issue STARTTLS first. [194 ms]
RCPT TO:<test@mxtoolboxsmtpdiag.com>
503 must have sender first. [194 ms]
As you can see, the STARTTLS
command comes before the AUTH LOGIN
command. Is this a false positive?