smtp config - user / pass mandatory field
Posted: Fri Dec 05, 2014 3:26 pm
by mike99
Firmware 1.0.7rc6
Smtp configuration username and password are mandatory and shouldn't.
Re: smtp config - user / pass mandatory field
Posted: Fri Dec 05, 2014 5:20 pm
by Rory
You are correct that by default on port 25 most mail servers do not require authentication. (They can though, that is an option on my server.) I will speak with our programmer about making that portion of the config more intelligent, and not requiring and probably greying out / hiding those options unless one of the secure / authenticated ports are used.
However, I would discourage using the unauthenticated smtp options in that module. Normally when the connection is unauthenticated the server relies on a list of IP addresses to control who can relay through the server. So the server initially allows you to send the sender, recipient, subject, and body of the message and runs those parts through the spam filter before sending a response code to the sending party. This mechanism is normally bypassed by giving the server your username and password.
This means that you can have these alerts rejected by the spam filter, or even a malfunctioning DNSBL that the server is using. I have seen that personally a couple years ago when one of the blocklists (spamcop I think) was under a DDOS attack. If the alerts are mission critical in your opinion, please use either port 587 for unencrypted but authenticated or 465 for both encrypted and authenticated (be sure to check the 'secure' button for encrypted channels). Honestly the only reason that port 25 is even in there is for some unknown situation where the other options are not available. If I could guarantee that the authenticated options would work in all situations I would have that removed.
Thank you for your feedback, and have a wonderful weekend!