[Dovecot] Problems with AUTH=PLAIN in pop3
Maykel Moya
moya at infomed.sld.cu
Sat Jan 5 08:39:21 EET 2008
I'm using Dovecot (1.0.10) locally to test SugarCRM. When I tried to set
up a mail account in Sugar, it complains with
--
SECURITY PROBLEM: insecure server advertised AUTH=PLAIN
Please check your settings and try again.
--
don't know if that behaviour is a bug or a feature of php-imap. The case
is that I'm unable to set up the mail account in Sugar.
Timo answered to me on IRC about Dovecot assuming that a connection from
the same ip is considered secured.
I'd rebuild Dovecot with the following patch:
--- dovecot-1.0.10/src/pop3-login/client.c.orig 2008-01-05
00:44:14.000000000 -0500
+++ dovecot-1.0.10/src/pop3-login/client.c 2008-01-05 00:44:30.000000000
-0500
@@ -331,7 +331,7 @@
client->created = ioloop_time;
client->refcount = 1;
client->common.tls = ssl;
- client->common.secured = ssl || net_ip_compare(ip, local_ip);
+ client->common.secured = ssl;
client->common.local_ip = *local_ip;
client->common.ip = *ip;
---
but still not able to make it not accept AUTH PLAIN authentication from
the same ip. I'm missing something?
On the other hand, if I set disable_plaintext_auth to yes I cannot use
the classic USER/PASS pop3 verbs. I'm not sure what the POP3 related
RFCs mandates with respect to this.
Regards,
maykel
More information about the dovecot
mailing list