Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » PCI Compliance with port 25 (PCI Compliance with port 25)
  •  
practicalcomputing

Messages: 4
Karma: 0
Send a private message to this user
We have a client that is just getting set up with a credit card machine that is connected via the internet. The bank is requiring a PCI compliance scan. The scan is marking port 25 as unsecured, "Unencrypted Communication Channel Accessibility" . I have my server set to only allow relay for users authenticated through SMTP for outgoing mail. What am I missing. I think this scan is stupid to be honest.
  •  
scottwilkins

Messages: 652
Karma: 7
Send a private message to this user
PCI is a pain for sure. Basically, you'll need to move your kerio server to another IP address in order to pass PCI. Sorry.
  •  
MESB

Messages: 14
Karma: 0
Send a private message to this user
If you know adresses of this scan system, why not just ban them on firewall for some time?
If this happening any time when this machine try connecting, maybe there is sense set time based rule.
  •  
MarkK

Messages: 454
Karma: 46
Send a private message to this user
The issue is that it can allow for unencrypted communication. The problem is that not every email server is setup to only use encryption. So regardless of what port you might change it to use, it will still allow unencrypted communication. I believe that you can set things to require encryption, but that can end up leaving you unable to accept some emails.

Quite a few years ago, I had an auditor criticize the allowance of unencrypted email communication and using one of my public IP addresses for the email server. Unencrypted means someone could listen in on the data stream, and using my own IP address means people can find my email server. I had to remind them that I don't get to dictate how other email servers in the world are configured to talk to mine, and that you can look up our phone number and address in the phone book, much like you can look the email server address in DNS (the internet's phone book). If I use another company's email proxy server to avoid publically publishing my IP, and to scrub the emails for spam and malware, aren't I then allowing a 3rd party to "listen in" on all our emails?

make sure you have set things up in a best practices fashion, doing everything that you can to make it secure, and document it thoroughly.
Previous Topic: mail groups for local use only
Next Topic: Office 2013 64bit not supportet?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Mar 27 10:35:16 CEST 2017

Total time taken to generate the page: 0.00804 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.