Environment
GWAVA 6 all platforms
SMTP scanner
Situation
How do I stop spammers from abusing the Auth Login feature?
Resolution
For a bit more information on the Do Not Allow AUTH LOGIN feature see this article.
To enable this feature to cut off use of the AUTH LOGIN SMTP interaction:
- Navigate to the SMTP interface settings. (see screenshot below)
- Expand "Show optional SMTP settings"
- Check the box next to "Do Not Allow AUTH LOGIN"
- Save your changes.
After making this change GWAVA will now react to the EHLO command without AUTH LOGIN, as mentioned in this KB. It will also reject anyone who attempts to send the AUTH LOGIN command.
Note: Even thought the AUTH LOGIN will be rejected, if the sender attempts to send a message GWAVA will still accept a "mail from" command. If it's addressed to an internal user that message will still go through. Messages to external sources will be rejected.
Additional Information
This article was originally published in the GWAVA knowledgebase as article ID 2455.