"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this

Christian Balzer chibi at gol.com
Wed Aug 3 04:02:03 UTC 2016


Hello,

talking to oneself seems to be all the rage on this ML, so I shall join
that trend.

As it turns out this was a case of slightly muddled/unclear error
messages, the client sees:
---
-ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
---

But the actual issue  was that the newly added "login_source_ips" (the
main reason for this upgrade, as we're running out of ports) was not not
in the "trusted_networks" of the target mailbox server.

So the failure was between proxy and mailbox server, not client and proxy.

After adding that network all is working now as expected.

Christian

On Tue, 2 Aug 2016 16:02:34 +0900 Christian Balzer wrote:

> 
> Hello,
> 
> this is basically a repeat of this query from last year, which
> unfortunately got a deafening silence for replies:
> ---
> http://dovecot.org/pipermail/dovecot/2015-August/101720.html
> ---
> 
> I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies
> are also of that vintage. 
> 
> So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work,
> as per the documentation
> (http://wiki2.dovecot.org/SSL/DovecotConfiguration)
> and historically expected.
> 
> Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the
> same parameters fails like this:
> ---
> Aug  2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx at gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=<chibixxx at gol.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066
> ---
> 
> Changing things to "ssl=no" doesn't help and setting trusted networks only
> changes the last bit to have "secured" appended  but still fails the same
> otherwise.
> 
> I really need 2.2.x to behave the same way as before and documented. 
> 
> Any ideas and feedback would be most welcome.
> 
> Regards,
> 
> Christian


-- 
Christian Balzer        Network/Systems Engineer                
chibi at gol.com   	Global OnLine Japan/Rakuten Communications
http://www.gol.com/


More information about the dovecot mailing list