On Fri, 11 Oct 2019, @lbutlr wrote:
Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts in 33 secs): user=myuser@covisp.net, xx.xx.xx.xx, PLAIN, TLS
This turns out to have been caused by the MUA attempting to connect to port 25 (despite clearly showing port 587 in the MUA settings). Thanks to Mac/iOS account syncing, merely trying to change the port never seemed to work, but removing the account entirely and recreating it got it to connect to port 587 as configured.
Yes, MacOSX Mail.app seems to bumble around, even ignoring your port settings to find the "correct" configuration. (This happens, for example, when there is a transient network problem). You need to disable "Automatically manage connections" to stop these mail readers from wandering around and strictly use your settings.
This behaviour can be exploited to grab credentials using a MITM attacks, by convincing MacOSX clients that the target server does not support SSL/TLS, then providing a cleartext listener or proxy.
Joseph Tam jtam.home@gmail.com