thr3ads.net - dovecot - [Dovecot] problem with disable_plaintext

If this information is useful, please help other people find it:
Share via:

Olivier Nicole

2009-Jul-29 06:08 UTC

[Dovecot] problem with disable_plaintext_auth

Hi,

I am using dovecot with postfix for authentication.

Everything (TLS/SSL, authentication) is working fine, except that when
I set:

    disable_plaintext_auth = yes

I still can authenticate with plain text on a no TLS/SSL session:

    20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2)
    EHLO [192.41.170.57]
    250-mail2.cs.ait.ac.th
    250-PIPELINING
    250-SIZE 10240000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN LOGIN
    250-AUTH=PLAIN LOGIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    AUTH PLAIN XXXX
    235 2.7.0 Authentication successful
    
My dovecot configuration is:

    # 1.1.16: /usr/local/etc/dovecot.conf
    # OS: FreeBSD 7.2-RELEASE-p2 amd64  
    base_dir: /var/run/dovecot/
    protocols: none
    ssl_listen: *
    ssl_ca_file: /usr/local/ssl/ca/ait-itserv.crt
    ssl_cert_file: /usr/local/ssl/crt/mail2.cs.ait.ac.th.crt
    ssl_key_file: /usr/local/ssl/key/mail2.cs.ait.ac.th.key
    ssl_cipher_list: ALL:!LOW:!SSLv2
    login_dir: /var/run/dovecot/login
    login_executable: /usr/local/libexec/dovecot/imap-login
    login_chroot: no
    login_greeting_capability: yes
    verbose_proctitle: yes
    first_valid_uid: 1000
    first_valid_gid: 1000
    mail_privileged_group: mail
    mail_location: mbox:~/mail/:INBOX=/var/mail/%u
    imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
    auth default:
      mechanisms: plain login
      username_format: %Ln
      verbose: yes
      debug: yes
      passdb:
        driver: ldap
        args: /usr/local/etc/dovecot-ldap.conf
      passdb:
        driver: passwd
        args: blocking=yes
      socket:
        type: listen
        client:
          path: /var/spool/postfix/private/auth
          mode: 432
          user: postfix
          group: postfix
        master:
          path: /var/run/dovecot/auth-master
          mode: 384
    
Any help is welcome.

Best regards,

Olivier

Eduardo M KALINOWSKI

2009-Jul-29 13:48 UTC

head link

[Dovecot] problem with disable_plaintext_auth

On Qua, 29 Jul 2009, Olivier Nicole wrote:> Hi,
>
> I am using dovecot with postfix for authentication.
>
> Everything (TLS/SSL, authentication) is working fine, except that when
> I set:
>
>     disable_plaintext_auth = yes
>
> I still can authenticate with plain text on a no TLS/SSL session:
>
>     20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2)
>     EHLO [192.41.170.57]
>     250-mail2.cs.ait.ac.th
>     250-PIPELINING
>     250-SIZE 10240000
>     250-VRFY
>     250-ETRN
>     250-STARTTLS
>     250-AUTH PLAIN LOGIN
>     250-AUTH=PLAIN LOGIN
>     250-ENHANCEDSTATUSCODES
>     250-8BITMIME
>     250 DSN
>     AUTH PLAIN XXXX
>     235 2.7.0 Authentication successful
disable_plaintext_auth affects logging in to dovecot IMAP/POP3 server.  
This is  a SMTP session with Postfix, you'll have to configure Postfix  
not to allow plain text authentication before STARTTLS.



-- 
Eduardo M KALINOWSKI
eduardo at kalinowski.com.br

Maybe Matching Threads

Search for more possibly parallel threads

dovecot - Jul 2009 - problem with disable_plaintext_auth

[Dovecot] problem with disable_plaintext_auth

[Dovecot] problem with disable_plaintext_auth

Maybe Matching Threads