[Dovecot] problem with disable_plaintext_auth

Olivier Nicole on at cs.ait.ac.th
Thu Jul 30 07:50:13 EEST 2009


Hi,

> > > I am using dovecot with postfix for authentication.
> > >
> > > Everything (TLS/SSL, authentication) is working fine, except that when
> > > I set:
> > >
> > >     disable_plaintext_auth = yes
> > >
> > > I still can authenticate with plain text on a no TLS/SSL session:
> > >
> > >     20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2)
> > >     EHLO [192.41.170.57]
> > >     250-mail2.cs.ait.ac.th
> > >     250-PIPELINING
> > >     250-SIZE 10240000
> > >     250-VRFY
> > >     250-ETRN
> > >     250-STARTTLS
> > >     250-AUTH PLAIN LOGIN
> > >     250-AUTH=PLAIN LOGIN
> > >     250-ENHANCEDSTATUSCODES
> > >     250-8BITMIME
> > >     250 DSN
> > >     AUTH PLAIN XXXX
> > >     235 2.7.0 Authentication successful
> > 
> > disable_plaintext_auth affects logging in to dovecot IMAP/POP3 server.  
> > This is  a SMTP session with Postfix, you'll have to configure Postfix  
> > not to allow plain text authentication before STARTTLS.
> 
> But postfix hands the authentication task to dovecot (dovecot-auth
> daemon).
> 
> And I am sure it does, because if I remove PLAIN from the
> authentication mechanism of dovecot, then the SMTP sessions with
> postfix will not offer AUTH PLAIN anymore.
> 
> So I am confused here.

My mistake, that is managed by postfix parameter:

    smtpd_tls_auth_only = yes

Thank you,

Olivier


More information about the dovecot mailing list