Steve Dondley
2021-Apr-30 17:17 UTC
Can the disable_plaintext_auth setting get overridden for a specific port?
In 10-auth.conf, I have "disable_plaintext_auth = yes"
For port 143, I'd like to do something like this to override that
setting:
service imap-login {
inet_listener imap {
port = 143
disable_plain_text_auth = no
}
}
Based on https://wiki.dovecot.org/LoginProcess and
https://doc.dovecot.org/configuration_manual/service_configuration/ it
doesn't seem like this is supported. But maybe there is another way to
accomplish this?
@lbutlr
2021-Apr-30 21:55 UTC
Can the disable_plaintext_auth setting get overridden for a specific port?
On 30 Apr 2021, at 11:17, Steve Dondley <s at dondley.com> wrote:> In 10-auth.conf, I have "disable_plaintext_auth = yes" > > For port 143, I'd like to do something like this to override that setting: > > service imap-login { > inet_listener imap { > port = 143 > disable_plain_text_auth = no > } > }Are you sure you want to allow insecure plain text easily intercepted trivially hacked connections to your mail server?> Based on https://wiki.dovecot.org/LoginProcess and https://doc.dovecot.org/configuration_manual/service_configuration/ it doesn't seem like this is supported. But maybe there is another way to accomplish this?You are specifically turning off plaintext auth, the is going to do what it says on the tin. BTW, there is no reasons to turn off plain text auth if you are using SSL as you should be. -- The only good thing ever to come out of religion was the music.
Aki Tuomi
2021-May-03 06:11 UTC
Can the disable_plaintext_auth setting get overridden for a specific port?
> On 30/04/2021 20:17 Steve Dondley <s at dondley.com> wrote: > > > In 10-auth.conf, I have "disable_plaintext_auth = yes" > > For port 143, I'd like to do something like this to override that > setting: > > service imap-login { > inet_listener imap { > port = 143 > disable_plain_text_auth = no > } > } > > Based on https://wiki.dovecot.org/LoginProcess and > https://doc.dovecot.org/configuration_manual/service_configuration/ it > doesn't seem like this is supported. But maybe there is another way to > accomplish this?If you want to allow plaintext auth from trusted proxies, use login_trusted_networks instead. https://doc.dovecot.org/settings/core/#login-trusted-networks Aki