Christian Balzer
2016-Aug-02 07:02 UTC
"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this
Hello, this is basically a repeat of this query from last year, which unfortunately got a deafening silence for replies: --- http://dovecot.org/pipermail/dovecot/2015-August/101720.html --- I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies are also of that vintage. So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, as per the documentation (http://wiki2.dovecot.org/SSL/DovecotConfiguration) and historically expected. Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the same parameters fails like this: --- Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx at gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=<chibixxx at gol.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066 --- Changing things to "ssl=no" doesn't help and setting trusted networks only changes the last bit to have "secured" appended but still fails the same otherwise. I really need 2.2.x to behave the same way as before and documented. Any ideas and feedback would be most welcome. Regards, Christian -- Christian Balzer Network/Systems Engineer chibi at gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/
Christian Balzer
2016-Aug-03 04:02 UTC
"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this
Hello, talking to oneself seems to be all the rage on this ML, so I shall join that trend. As it turns out this was a case of slightly muddled/unclear error messages, the client sees: --- -ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections. --- But the actual issue was that the newly added "login_source_ips" (the main reason for this upgrade, as we're running out of ports) was not not in the "trusted_networks" of the target mailbox server. So the failure was between proxy and mailbox server, not client and proxy. After adding that network all is working now as expected. Christian On Tue, 2 Aug 2016 16:02:34 +0900 Christian Balzer wrote:> > Hello, > > this is basically a repeat of this query from last year, which > unfortunately got a deafening silence for replies: > --- > http://dovecot.org/pipermail/dovecot/2015-August/101720.html > --- > > I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies > are also of that vintage. > > So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work, > as per the documentation > (http://wiki2.dovecot.org/SSL/DovecotConfiguration) > and historically expected. > > Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the > same parameters fails like this: > --- > Aug 2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibixxx at gol.com): Login failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on non-secure (SSL/TLS) connections.: user=<chibixxx at gol.com>, method=PLAIN, rip=x.x.x.x, lip=x.x.x.x, pid=16066 > --- > > Changing things to "ssl=no" doesn't help and setting trusted networks only > changes the last bit to have "secured" appended but still fails the same > otherwise. > > I really need 2.2.x to behave the same way as before and documented. > > Any ideas and feedback would be most welcome. > > Regards, > > Christian-- Christian Balzer Network/Systems Engineer chibi at gol.com Global OnLine Japan/Rakuten Communications http://www.gol.com/