Hello,
Attached are three files in a tar archive:
debug-grep.log: Dovecot debug log filtered for specific SMTP user. debug-mail.log: Same events filtered from mail.log. postconf.txt
The separate authentication events are using differing methods in Thunderbird but appear to all be using sasl_method=PLAIN. Note that there were some changes to doveconf since my original post. But authentication succeeded in these tests every time. Is it even trying encrypted passwords? Makes me wonder if it is falling back to PLAIN where other clients just fail on encrypted passwords.
Regards, David Koski dkoski@sutinen.com
On 5/13/26 10:34 PM, Aki Tuomi wrote:
On 14/05/2026 02:11 EEST David Koski via dovecot <dovecot@dovecot.org> wrote:
Hello,
I just put a new Postfix with Dovecot 2.4 server on line migrating the email from Dovecot 2.3. I have discovered a number of clients (all copiers so far) that no longer authenticate SMTP. Mechanisms configured:
auth_mechanisms = plain login gssapi cram-md5 digest-md5
I found that if I disable all encrypted password methods (some copiers list them separately with a checkbox) and leave only plain/login on the client side, then it succeeds. But sometimes it is not necessary. It's almost as if it only tries once and gives up if it fails. I'm not sure how it is actually supposed to work. But it worked with Dovecot 2.3. I did test one account with an encrypted password like "{CRAM-MD5}6e3..." successfully. But other accounts failed. It almost looks like the encryption method must be specified on the client side to match the server before it will work consistently. I know that password encryption is unnecessary with STARTTLS but I have to live with it now. I have noticed that Thunderbird configured with encryption silently falls back to plain/login so I didn't notice a problem.
Regards, David Koski dkoski@sutinen.com Hi!
Can you send doveconf and logs with
log_debug=category=authplease?Aki