On Sat, 2008-01-05 at 01:39 -0500, Maykel Moya wrote:
I'm using Dovecot (1.0.10) locally to test SugarCRM. When I tried to set up a mail account in Sugar, it complains with
-- SECURITY PROBLEM: insecure server advertised AUTH=PLAIN Please check your settings and try again.
It wants to connect with SSL/TLS.
Timo answered to me on IRC about Dovecot assuming that a connection from the same ip is considered secured.
I'd rebuild Dovecot with the following patch: .. but still not able to make it not accept AUTH PLAIN authentication from the same ip. I'm missing something?
That patch just disables the plaintext login completely. So it seems that you'd have to configure Sugar and Dovecot to use SSL/TLS.
On the other hand, if I set disable_plaintext_auth to yes I cannot use the classic USER/PASS pop3 verbs. I'm not sure what the POP3 related RFCs mandates with respect to this.
If you want to disable plaintext auth only for IMAP, move the disable_plaintext_auth=yes setting inside protocol imap {}.