Improving PCI Compliance and preventing cleartext authentication


In order to achieve PCI compliance you may need to make various setting changes. This article will help you make those changes. The same changes can also be used to ensure authentication is not done over cleartext. In order for these changes to be made you must have an SSL certificate for use on the server.


You may wish to prevent plain SMTP authentication if the client is not on a secure connection (SSL or TLS). Be careful when setting this value, as it will prevent users from sending email if they have not configured their email client to use SSL/TLS. Setting the option is done through the administration program. Expand the Servers->localhost->Services and Connectors branch, right click on the SMTP icon and select Properties from the popup menu. In the window that appears select the Inbound tab and click Settings... under Port Settings. For each port you listen on, you can select the option "Only allow secure authentication (using SSL or TLS)".

You need to restart the SMTP service after any change. For IMAP, when you expand the Services and Connectors branch, right click on the IMAP icon and select Properties from the popup menu. In the window that appears, click the Settings tab and enable the option "Clients can only authenticate whne using SSL/TLS". You must either have IMAP set to listen on an SSL port, and/or have enabled the checkbox "Enable SSL/TLS support". The POP service requires that you have "Requires SSL" option enabled for the POP port, normally port 995 for SSL.

For webmail, by default the cookies are not required to be sent over SSL, so it will work if you have not configured SSL for the web mail site. If you have configured web mail to only be accessible over SSL you can help improve PCI compliance by forcing cookies to require SSL. This is done by editing the web.config file in the Mail Enable\bin\Netwebmail directory and adding the following line inside the <system.web> element.

<httpCookies requiresSSL="true" />


Configuring extra SMTP ports with this option:

Article ME020571


Product:MailEnable (ME-5.X ME-6.X Pro-5.X Pro-6.X Ent-5.X Ent-6.X)
Class:HOWTO: Product Instructions
Revised:Monday, October 16, 2023