Authenticated SMTP and protecting the account password
FIXED- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Authenticated SMTP and protecting the account ...
28-05-2019 3:26 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Fixed! Go to the fix.
28-05-2019 5:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@glocal Yes there is. The username & pw used to authenticate can be any mailbox & it's associated password.
I've suggested in the past that one creates a mailbox called smtp with it's own password purely for smtp authentication. Use 'accountname+smtp' as the username and the password as that you've created for the smtp mailbox in the email client smtp authentication settings
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: Authenticated SMTP and protecting the account password
28-05-2019 5:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
This works. Good idea and thanks. A leaked SMTP password now only gives access to sending email with our credentials. Account password and fetching email passwords remain protected. Not using the default mailbox to collect email completely protects the account password. But the POP3/IMAP passwords remain exposed.
It is ridiculous really that PN won't do something about this after so many years. If they don't want to offer password encryption for the mailservers, they should at least make sure that the account password is not exposed in this way with the user not even realising the risks.
Re: Authenticated SMTP and protecting the account password
30-05-2019 11:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.
Re: Authenticated SMTP and protecting the account password
31-05-2019 7:19 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
You're not missing anything, it purely protects the main account password. The problem is that AFAIK the standard instructions for authenticated SMTP say that the main account details should be used when in fact any mailbox details can be used.
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: Authenticated SMTP and protecting the account password
31-05-2019 4:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not using the default account mailbox for incoming or outgoing email protects the account password against exposure while away from your landline connection. One way to do this is to use only account+mailboxname mailboxes for incoming/outgoing email.
There is no way to avoid exposing the password for a mailboxname if you use it, but I think you can at least connect to PN's servers via a trusted provider you can connect to securely. This way at least the vulnerable connection is between providers, reducing the risk of casual wifi-level sniffing. Not that google is to be trusted, but gmail allows authenticated SMTP access which you can use with any From address, and multipop incoming email collection. I am sure there will be more privacy-conscious email providers doing something similar.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- :
- Re: Authenticated SMTP and protecting the account ...