30 Jul
2009
30 Jul
'09
7:10 a.m.
Hi,
I am using dovecot with postfix for authentication.
Everything (TLS/SSL, authentication) is working fine, except that when I set:
disable_plaintext_auth = yesI still can authenticate with plain text on a no TLS/SSL session:
20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2) EHLO [192.41.170.57] 250-mail2.cs.ait.ac.th 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN XXXX 235 2.7.0 Authentication successfuldisable_plaintext_auth affects logging in to dovecot IMAP/POP3 server.
This is a SMTP session with Postfix, you'll have to configure Postfix
not to allow plain text authentication before STARTTLS.
But postfix hands the authentication task to dovecot (dovecot-auth daemon).
And I am sure it does, because if I remove PLAIN from the authentication mechanism of dovecot, then the SMTP sessions with postfix will not offer AUTH PLAIN anymore.
So I am confused here.
Best regards,
Olivier