pabby0612
asked on
Exchange 2003 Authentication Advice
HI, Looking for advice here as I am in uncharted waters, for me , anyway... Been doing these pci compliance scans and up till recently we have been ok - then they add something new that they say is a problem, we fail the test, we fix the problem and then we pass - -the cycle goes on like this and just this week we got a Clear Text password issue on port 25.... So after trawling I found a sembee response to exactly this question and as advised , turned off all authentication except anonymous - and the scan passed the test.
I am happy that it passed the test but am unsure of exactly what was done - because it was through the night, -i.e. if this had been done through the day time, would it have disabled email to the users, what would not have worked - we have web shops that use the mail server to relay email receipts to anyone purchasing goods -I am assuming that these would have failed?
While the switching off of authentication passed the test, for which I am grateful - is there a longer term permanent solution to this issue (and no doubt the scanning company will hit me with others in a couple of months)
Also , has anyone managed to get away from these scanning companies - we tried but they told us we were non compliant when we let the contact lapse - and then got charged by the bank.... all advice welcome - thanks
I am happy that it passed the test but am unsure of exactly what was done - because it was through the night, -i.e. if this had been done through the day time, would it have disabled email to the users, what would not have worked - we have web shops that use the mail server to relay email receipts to anyone purchasing goods -I am assuming that these would have failed?
While the switching off of authentication passed the test, for which I am grateful - is there a longer term permanent solution to this issue (and no doubt the scanning company will hit me with others in a couple of months)
Also , has anyone managed to get away from these scanning companies - we tried but they told us we were non compliant when we let the contact lapse - and then got charged by the bank.... all advice welcome - thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.