"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this
Hello,
this is basically a repeat of this query from last year, which unfortunately got a deafening silence for replies:
http://dovecot.org/pipermail/dovecot/2015-August/101720.html
I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies are also of that vintage.
So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, as per the documentation (http://wiki2.dovecot.org/SSL/DovecotConfiguration) and historically expected.
Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the same parameters fails like this:
Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx@gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=chibixxx@gol.com, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066
Changing things to "ssl=no" doesn't help and setting trusted networks only changes the last bit to have "secured" appended but still fails the same otherwise.
I really need 2.2.x to behave the same way as before and documented.
Any ideas and feedback would be most welcome.
Regards,
Christian
Christian Balzer Network/Systems Engineer
chibi@gol.com Global OnLine Japan/Rakuten Communications
http://www.gol.com/
Hello,
talking to oneself seems to be all the rage on this ML, so I shall join that trend.
As it turns out this was a case of slightly muddled/unclear error messages, the client sees:
-ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
But the actual issue was that the newly added "login_source_ips" (the main reason for this upgrade, as we're running out of ports) was not not in the "trusted_networks" of the target mailbox server.
So the failure was between proxy and mailbox server, not client and proxy.
After adding that network all is working now as expected.
Christian
On Tue, 2 Aug 2016 16:02:34 +0900 Christian Balzer wrote:
Hello,
this is basically a repeat of this query from last year, which unfortunately got a deafening silence for replies:
http://dovecot.org/pipermail/dovecot/2015-August/101720.html
I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies are also of that vintage.
So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, as per the documentation (http://wiki2.dovecot.org/SSL/DovecotConfiguration) and historically expected.
Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the same parameters fails like this:
Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx@gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=chibixxx@gol.com, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066
Changing things to "ssl=no" doesn't help and setting trusted networks only changes the last bit to have "secured" appended but still fails the same otherwise.
I really need 2.2.x to behave the same way as before and documented.
Any ideas and feedback would be most welcome.
Regards,
Christian
--
Christian Balzer Network/Systems Engineer
chibi@gol.com Global OnLine Japan/Rakuten Communications
http://www.gol.com/
participants (1)
-
Christian Balzer