Hi, I am using dovecot with postfix for authentication. Everything (TLS/SSL, authentication) is working fine, except that when I set: disable_plaintext_auth = yes I still can authenticate with plain text on a no TLS/SSL session: 20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2) EHLO [192.41.170.57] 250-mail2.cs.ait.ac.th 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN XXXX 235 2.7.0 Authentication successful My dovecot configuration is: # 1.1.16: /usr/local/etc/dovecot.conf # OS: FreeBSD 7.2-RELEASE-p2 amd64 base_dir: /var/run/dovecot/ protocols: none ssl_listen: * ssl_ca_file: /usr/local/ssl/ca/ait-itserv.crt ssl_cert_file: /usr/local/ssl/crt/mail2.cs.ait.ac.th.crt ssl_key_file: /usr/local/ssl/key/mail2.cs.ait.ac.th.key ssl_cipher_list: ALL:!LOW:!SSLv2 login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login login_chroot: no login_greeting_capability: yes verbose_proctitle: yes first_valid_uid: 1000 first_valid_gid: 1000 mail_privileged_group: mail mail_location: mbox:~/mail/:INBOX=/var/mail/%u imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep auth default: mechanisms: plain login username_format: %Ln verbose: yes debug: yes passdb: driver: ldap args: /usr/local/etc/dovecot-ldap.conf passdb: driver: passwd args: blocking=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 Any help is welcome. Best regards, Olivier
On Qua, 29 Jul 2009, Olivier Nicole wrote:> Hi, > > I am using dovecot with postfix for authentication. > > Everything (TLS/SSL, authentication) is working fine, except that when > I set: > > disable_plaintext_auth = yes > > I still can authenticate with plain text on a no TLS/SSL session: > > 20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2) > EHLO [192.41.170.57] > 250-mail2.cs.ait.ac.th > 250-PIPELINING > 250-SIZE 10240000 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-AUTH PLAIN LOGIN > 250-AUTH=PLAIN LOGIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > AUTH PLAIN XXXX > 235 2.7.0 Authentication successfuldisable_plaintext_auth affects logging in to dovecot IMAP/POP3 server. This is a SMTP session with Postfix, you'll have to configure Postfix not to allow plain text authentication before STARTTLS. -- Eduardo M KALINOWSKI eduardo at kalinowski.com.br