Password issue
Joseph Tam
jtam.home at gmail.com
Fri Oct 11 23:00:54 EEST 2019
On Fri, 11 Oct 2019, @lbutlr wrote:
>>> Oct 09 16:02:50 imap-login: Info: Aborted login (auth failed, 5 attempts in 33 secs): user=<myuser at covisp.net>, xx.xx.xx.xx, PLAIN, TLS
>
> This turns out to have been caused by the MUA attempting to connect to
> port 25 (despite clearly showing port 587 in the MUA settings). Thanks
> to Mac/iOS account syncing, merely trying to change the port never
> seemed to work, but removing the account entirely and recreating it got
> it to connect to port 587 as configured.
Yes, MacOSX Mail.app seems to bumble around, even ignoring your
port settings to find the "correct" configuration. (This happens,
for example, when there is a transient network problem). You need to
disable "Automatically manage connections" to stop these mail readers
from wandering around and strictly use your settings.
This behaviour can be exploited to grab credentials using a MITM attacks,
by convincing MacOSX clients that the target server does not support
SSL/TLS, then providing a cleartext listener or proxy.
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list