search for: disable_plaintext_auth

Hello Timo, is there a way, either in 1.2.x or in 2.x to activate disable_plaintext_auth=yes only for some address or network ? The idea would be to enable clients from the internal networks to keep making clear text connections while forbidding it to the rest of the world. Thanks. -- Thomas Hummel | Institut Pasteur <hummel at pasteur.fr> | P?le informatique - syst?mes...

Hi, No matter how I try, I cannot make the config disable_plaintext_auth = no to work. I have set it up in 10-auth.conf but when I check with doveconf -a it is still disable_plaintext_auth = yes. Here is my config: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-36-generic x86_64 Ubuntu 18.04.1 LTS auth_mechan...

Help!! I have been trying to get Dovecot configured to allow plaintext auth with no success. After some testing with the mail system I discovered the >dovecot -a commant to dump the config file values from the program. Gee, changing the value of disable_plaintext_auth had no effect on what the program reported this value to be! To eliminate possible errors caused by other config file entries I finally restored the /etc/dovecot/dovecot.conf file that was created by installing the package. I then changed the one line to uncomment disable_plaintext_auth and...

Hi, I am using dovecot with postfix for authentication. Everything (TLS/SSL, authentication) is working fine, except that when I set: disable_plaintext_auth = yes I still can authenticate with plain text on a no TLS/SSL session: 20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2) EHLO [192.41.170.57] 250-mail2.cs.ait.ac.th 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLA...

Hi, I've been using dovecot for some time now, always with the setting: disable_plaintext_auth = yes so that no user can accidentally expose their username/password in the open. However, I'm now trying to configure a webmail client in a nearby server which doesn't support TLS or SSL IMAP connections :-( Is there any way to allow plaintext_auth only for a small set of IP address...

Hello, I have disable_plaintext_auth=yes enabled. ( dovecot-2.0.12 ) But for one internel host I like to allow plaintext. Can somebody point me to the configuration ? I did not found it in the wiki2 ... Thanks Andreas -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3...

I'm using Dovecot 2.1.15. I need to require encryption and only secure auth on public addresses, but allow plaintext auth over an unencrypted connection on localhost. I have so far (excerpts from `doveconf -a`): auth_mechanisms = cram-md5 plain disable_plaintext_auth = yes listen = service imap-login { inet_listener imap-local { address = ::1 port = 143 ssl = no } inet_listener imap-pub { address = 2001:db8::1 port = 993 ssl = yes } } service managesieve-login { inet_listener sieve-local { address = ::1 por...

...nstaafl > <tanstaafl at libertytrek.org> wrote: > On 11/11/2018, 4:02:25 AM, Steve Leung <steveleung597 at yahoo.com > <mailto:steveleung597 at yahoo.com>> wrote: > > > Hi, > > > > No matter how I try, I cannot make the config disable_plaintext_auth = > > no to work. I have set it up in 10-auth.conf but when I check with > > doveconf -a it is still disable_plaintext_auth = yes. > > > As expected. > > doveconf -a shows all DEFAULT settings > > doveconf -n shows your custom/current setting...

found: remote 192.0.2.143/32 { disable_plaintext_auth = no } ( http://dovecot.org/list/dovecot/2011-February/057282.html ) -- Andreas Schulze Internetdienste | P252 DATEV eG 90329 N?rnberg | Telefon +49 911 319-0 | Telefax +49 911 319-3196 E-Mail info @datev.de | Internet www.datev.de Sitz: 90429 N?rnberg, Paumgartnerstr. 6-14 | Registergericht N?...

...cation from Internet, while I allow unencrypted POP3 from the mailserver and private network? (I can require using encryption for IMAP from our internal net, but I must have unencrypted POP3 as we use software that retrieves mail via POP3 that doesn't support encryption). My idea was: - use disable_plaintext_auth for IMAP only - use disable_plaintext_auth for internet, but not our networks - allow connection from the internet only for certain accounts, and limit them to use encryption Internet access for POP3 is not necessary. Is any of this possible with dovecot? Or another way to achieve my goal? Non-p...

...with a question, if I use 143 with STARTTLS, and, force > TLS/SSL in configuration, that's equivalent from security POV, isn't > it? and, same for 110 STARTTLS? Or am I missing something? Interesting point, after some googling, I think you are right, and as long as we have set "disable_plaintext_auth = yes" (and we have that) we should be fine keeping 143 open. Right? One doubt I had: "disable_plaintext_auth = yes" sounds as if only the authentication part is secured, and the rest is kept plain text, whereas with 993/SSL, *everything* would be encrypted? Or am I missing some...

...ance) an argument. For instance, I want to implement the typical case of "let clients from the inside network perform a plain auth over a clear connection, require SSL before auth for the outside network clients". For that, I want to put remote <internal network address> { disable_plaintext_auth = no } in 10-auth.conf and let the 'disable_plaintext_auth = yes' in dovecot.conf But : . why is this default not in 10-auth.conf file ? . would I have been allowed to do, for instance, in that file at the same line protocol imap { remote <internal network address>...

...r email clients, if not enabled already. After a couple of weeks/months I want to disable any (non-local) connections that don't use TLS or SSL. I already asked on IRC whether this was possible, because I was unable to find this on the Wiki. It turns out there is a configuration switch called `disable_plaintext_auth', but looking at the description this only prevents people from using plain-text username/password authentication. It does not actually enforce TLS or SSL. My question: is there support to enforce TLS when people connect to non-SSL ports? If someone comes up with a solution, I'll add it to...

Hi: It appears that at least at one time, Dovecot supported plaintext authentication from localhost, even if disable_plaintext_auth = yes. To wit, the example configuration file reads: # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and # IPv6 ::1 addresses are considered secure, this setting has no effect if # you connect from those addr...

I've included the non-defaulted bits of my dovecot.conf file at the bottom of this email. As I understand my set-up it's using unix authentication methods (/etc/passwd via pam?). Considering disable_plaintext_auth and auth_mechanisms, what exactly is being passed? I was hoping to get auth_mechanism = digest-md5 but that's not working out very well right now. It seems I can only do plaintext authentication. I got stuck on the userdb/auth_passdb settings. Can someone give me an example of how to con...

Dovecot 0.99.13. I've noticed that the condition client->secured = ssl || (IPADDR_IS_V4(ip) && strncmp(addr, "127.", 4) == 0) || (IPADDR_IS_V6(ip) && strcmp(addr, "::1") == 0); (in (imap-login|pop3-login)/client.c) isn't enough, at least not when running from inetd. The thing is that you will come across ::ffff:127.0.0.1, which is secure,

I have it set, but it doesn't show up. However, I noticed that it does show as enabled by default in doveconf -a output. Is this why it doesn't show up in doveconf -n output? -- Best regards, Charles

Hi all, Ok, up until now, I've only always allowed IMAPS connections to dovecot on port 993. I want to also start allowing clients to user port143+STARTTLS, but I walso want to make sure both ports are locked down to ONLY allow secure connections. So... is disable_plaintext_auth = yes in the main config enough to accomplish this? http://wiki2.dovecot.org/SSL/DovecotConfiguration says: There are a couple of different ways to specify when SSL/TLS is required: * disable_plaintext_auth=yes allows plaintext authentication <http://wiki2.dovecot.org/Authenticati...

...e. For the most part everything's working nicely, but I seem to be having problems with (mostly non-SSL) SMTP authentication. In this install Postfix passes SASL authentication to Dovecot. For most clients using SSL this works fine, but as soon as SSL is off it fails. This is despite having disable_plaintext_auth set to 'no'. Furthermore it appears that some clients w/SSL are also failing. Outlook being the major culprit. I'm completely stumped. I've pasted a copy of the output from dovecot -n below. Thanks in advance! Rodti [1] http://workaround.org/articles/ispmail-sarge [2] http://...

...working dovecot settings, which have been running perfectly for well over a year now, are: $ dovecot -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: Linux 3.10.17 x86_64 Slackware 14.1 auth_debug_passwords = yes auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = plain disable_plaintext_auth = no info_log_path = /var/log/dovecot_info mail_location = maildir:~/Maildir passdb { driver = shadow } protocols = imap ssl_cert = </etc/ssl/certs/OHPRS/GoDaddy/Apache/2015-08-14/57aa6ed6ae98b4c7.crt ssl_key = </etc/ssl/certs/OHPRS/GoDaddy/my.server.name.key userdb { driver = passwd } ve...