"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this
Christian Balzer
chibi at gol.com
Wed Aug 3 04:02:03 UTC 2016
Hello,
talking to oneself seems to be all the rage on this ML, so I shall join
that trend.
As it turns out this was a case of slightly muddled/unclear error
messages, the client sees:
---
-ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
---
But the actual issue was that the newly added "login_source_ips" (the
main reason for this upgrade, as we're running out of ports) was not not
in the "trusted_networks" of the target mailbox server.
So the failure was between proxy and mailbox server, not client and proxy.
After adding that network all is working now as expected.
Christian
On Tue, 2 Aug 2016 16:02:34 +0900 Christian Balzer wrote:
>
> Hello,
>
> this is basically a repeat of this query from last year, which
> unfortunately got a deafening silence for replies:
> ---
> http://dovecot.org/pipermail/dovecot/2015-August/101720.html
> ---
>
> I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies
> are also of that vintage.
>
> So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work,
> as per the documentation
> (http://wiki2.dovecot.org/SSL/DovecotConfiguration)
> and historically expected.
>
> Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the
> same parameters fails like this:
> ---
> Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx at gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=<chibixxx at gol.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066
> ---
>
> Changing things to "ssl=no" doesn't help and setting trusted networks only
> changes the last bit to have "secured" appended but still fails the same
> otherwise.
>
> I really need 2.2.x to behave the same way as before and documented.
>
> Any ideas and feedback would be most welcome.
>
> Regards,
>
> Christian
--
Christian Balzer Network/Systems Engineer
chibi at gol.com Global OnLine Japan/Rakuten Communications
http://www.gol.com/
More information about the dovecot
mailing list