[Dovecot] problem with disable_plaintext_auth

Eduardo M KALINOWSKI eduardo at kalinowski.com.br
Wed Jul 29 16:48:11 EEST 2009


On Qua, 29 Jul 2009, Olivier Nicole wrote:
> Hi,
>
> I am using dovecot with postfix for authentication.
>
> Everything (TLS/SSL, authentication) is working fine, except that when
> I set:
>
>     disable_plaintext_auth = yes
>
> I still can authenticate with plain text on a no TLS/SSL session:
>
>     20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2)
>     EHLO [192.41.170.57]
>     250-mail2.cs.ait.ac.th
>     250-PIPELINING
>     250-SIZE 10240000
>     250-VRFY
>     250-ETRN
>     250-STARTTLS
>     250-AUTH PLAIN LOGIN
>     250-AUTH=PLAIN LOGIN
>     250-ENHANCEDSTATUSCODES
>     250-8BITMIME
>     250 DSN
>     AUTH PLAIN XXXX
>     235 2.7.0 Authentication successful

disable_plaintext_auth affects logging in to dovecot IMAP/POP3 server.  
This is  a SMTP session with Postfix, you'll have to configure Postfix  
not to allow plain text authentication before STARTTLS.



-- 
Eduardo M KALINOWSKI
eduardo at kalinowski.com.br



More information about the dovecot mailing list