[Dovecot] dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): method=PLAIN
John Espiro
john_espiro at yahoo.com
Sun Jan 30 14:06:02 EET 2011
After reading this: http://wiki2.dovecot.org/Authentication/Mechanisms
It seems that PLAIN is OK, if I am using STARTTLS, which I believe I
am. I mean, I've set it up, and it _seems_ to work.
So the question I have, to the list, is... how can I verify that the
passwords are being sent over STARTTLS.
Quoting:
The simplest authentication mechanism is PLAIN. The client simply
sends the password unencrypted to Dovecot. All clients support the
PLAIN mechanism, but obviously there's the problem that anyone
listening on the network can steal the password. For that reason
(and some others) other mechanisms were implemented.
Today however many people use SSL/TLS, and there's no problem with
sending unencrypted password inside SSL secured connections. So if
you're using SSL, you probably don't need to bother worrying about
anything else than the PLAIN mechanism.
On 1/28/2011 2:48 AM, Mark Sapiro wrote:
> O
>
> So you successfully get mail via your pop client in spite of the above.
>
> My guess is somehow the client first tries plain authentication without
> STARTTLS before trying STARTTLS.
>
> In my case with pop3 and T'bird I use
>
> Port 995
> Connection security: SSL/TLS
> Authentication: Normal password
>
> I haven't tried port 110 and STARTTLS (mostly I use IMAP anyway).
>
More information about the dovecot
mailing list