[Dovecot] Problems with AUTH=PLAIN in pop3
Timo Sirainen
tss at iki.fi
Fri Jan 11 06:30:18 EET 2008
On Sat, 2008-01-05 at 01:39 -0500, Maykel Moya wrote:
> I'm using Dovecot (1.0.10) locally to test SugarCRM. When I tried to set
> up a mail account in Sugar, it complains with
>
> --
> SECURITY PROBLEM: insecure server advertised AUTH=PLAIN
> Please check your settings and try again.
It wants to connect with SSL/TLS.
> Timo answered to me on IRC about Dovecot assuming that a connection from
> the same ip is considered secured.
>
> I'd rebuild Dovecot with the following patch:
..
> but still not able to make it not accept AUTH PLAIN authentication from
> the same ip. I'm missing something?
That patch just disables the plaintext login completely. So it seems
that you'd have to configure Sugar and Dovecot to use SSL/TLS.
> On the other hand, if I set disable_plaintext_auth to yes I cannot use
> the classic USER/PASS pop3 verbs. I'm not sure what the POP3 related
> RFCs mandates with respect to this.
If you want to disable plaintext auth only for IMAP, move the
disable_plaintext_auth=yes setting inside protocol imap {}.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20080111/2a8a751c/attachment-0001.bin
More information about the dovecot
mailing list