search for: logindisabled

...operly > configuring the server and client. Dovecot, by default, requires STARTTLS before accepting plaintext authentication when SSL is configured and you are not connecting from localhost. You can verify this by telnetting to port 143 from somewhere else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you have enabled something like cram-md5. I think postfix, by default, will also prevent authentication without transport security. Also, you should probably using 587/tcp (submission) for sending mail, instead of 25. Some reputable ISPs prevent connecting to random MX servers to port 25 t...

...issue IMAP commands: 01 CAPABILITY 02 LOGIN user password 03 LOGOUT That should be successful and you should have seen the configured AUTH mechanisms. Now try without transport layer security: telnet <your server IP address> 143 01 LOGIN user password That should be forbidden because of LOGINDISABLED. Regards Alexander

...ot. However, in dovecot.conf I configured mechanisms = plain login digest-md5 cram-md5 when I connect to the server via telnet 143, I get this: 2 CAPABILITY * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS LOGINDISABLED 2 OK Capability completed. So I can't authenticate using cram-md5. What may I be missing? Regards & happy new year! Eggert

Hi: It appears that at least at one time, Dovecot supported plaintext authentication from localhost, even if disable_plaintext_auth = yes. To wit, the example configuration file reads: # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and # IPv6 ::1 addresses are considered secure, this setting has no effect if # you connect from those addresses. #disable_plaintext_auth = yes On brief inspection of the code, there doesn't seem to be any such support. This is corroborated by the fact that 0....

...works via secure connections. I have it working fine over SSL, now I wish to get TLS to work. I have set imap and imaps to both listen on *, and have disable_plaintext_auth = yes, which according to the docs, Disable LOGIN command and all other plaintext authentications unless SSL/TLS is used (LOGINDISABLED capability). So the problem is now, that TLS doesn't work. Trying it with thunderbird, I get a message about login being disabled, and to check my settings and such. The port is correct (imap, not imaps), and I have it to always use TLS. I see the following in my logs Jul 14 16:35:46 mafeking...

...rom doveconf -n with regards to mail_plugins: --cut-- mail_plugins = zlib protocol imap { mail_plugins = zlib imap_zlib } --cut But it seem like the feature is not announced when connecting to the IMAP server: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. I would expect something like COMPRESS=DEFLATE. I haven't enabled any compression for the Maildir files, zlib_save_level and zlib_save is not set. Does IMAP COMPRESS only work if the mailbox is compressed? Best regards Henrik Larsson

azurit at pobox.sk and Tom Sommer asks: > How this ID extension can be enabled in Dovecot? From which version is > it supported? Accordind to Dovecot CAPA's response, it is already enabled * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Ready. However, as a previous poster noted, Dovecot doesn't do anything with it other than to log it. The client can elect to ignore it or send an ID string. The ID extension is documented here https://www.ietf.org/rfc/rfc2971.txt I speculated it could be used as a client-side CAPA info...

I'm trying to adapt http://wiki2.dovecot.org/HowTo/ImapcProxy to our Exchange Server, which has LOGINDISABLED on Port 143, and I offering LOGIN on Port 993. How do I go about this? Simply changing imapc_port to: imapc_port = 993 doesnt work: Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN]...

...e] completed: XXXXXX.XXX/XXX.XXX.XXX.XXX:143, time = 0.10 sec 2018.09.15 23:27:57.374 +0200 [NETWRK.2652] Buffer sizes: 524288 send, 1132800 receive 2018.09.15 23:27:57.449 +0200 [IMAP_RAW.2652] Data is <124>: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot (Debian) ready. 2018.09.15 23:27:57.449 +0200 [IMAP.2652] Server greeting: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS LOGINDISABLED] Dovecot (Debian) ready. 2018.09.15 23:27:57.450 +0200 [IMAP.2652] Server is Dovecot 2018.09.15 23:27:57.450 +0200 [...

...phil /home/phil 162> telnet 172.30.0.24 143 Trying 172.30.0.24... Connected to 172.30.0.24. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS LIST-EXTENDED I18NLEVEL=1 STARTTLS LOGINDISABLED] AUTHORIZED USERS ONLY -- unauthorized access strictly prohibited STARTTLS STARTTLS BAD Error in IMAP command received by server. ^]quit telnet> quit Connection closed. altair/phil /home/phil 163> telnet 64.26.60.229 143 Trying 64.26.60.229... Connected to 64.26.60.229. Escape character is &...

...ecot/master-users webmail2:{DIGEST-MD5}458af98b24dce5db79f852d146d5a5ca $ gsasl -m DIGEST-MD5 --imap imap.corp.example.com -z dieken -a webmail2 -p 123456 -r corp.example.com Trying `gold.corp.example.com'... * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. . CAPABILITY * CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 . OK Pre-login capabilities listed, post-login capabilities have more. . STARTTLS . OK Beg...

IMAP logins via fetchmail are failing on my mailserver root at grelber:/home/esr# tail -f /var/log/mail.err Nov 24 16:56:48 grelber dovecot: IMAP(cathy): mail_location not set and autodetection failed: Mail storage autodetection failed with home=/home/cathy Nov 24 16:56:48 grelber dovecot: IMAP(cathy): Fatal: Namespace initialization failed Nov 24 16:57:39 grelber dovecot: IMAP(cathy):

...jaa.org.uk/emailAddress=ja at jaa.org.uk --- Server certificate ... * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] maui.jaa.org.uk Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-13.el6_6 server ready a1 LOGIN username password al OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged...

On Mon, 2015-09-07 at 20:37 +0300, Timo Sirainen wrote: > It says "tried to use unsupported auth mechanism". In your later mail > you say that telnet shows AUTH=GSSAPI in capabilities. So that would > mean that the client isn't using AUTHENTICATE GSSAPI but something > else. I'd been considering that perhaps my version of Evolution was too old, so I upgraded from

...Zd2zm86prr8tziEZ3wmYQbVsx3rEG1lJ193Z++S2yj 57+fGoJ7jA56GXNChfB/hFNx4xs2QSzCjccy0D+3RI= 1441680001.087279 1441680001.087982 BQQE/wAMAAAAAAAAFP2szwH///9yYW5iaXKB/Devj+/oz2utdNs= Here's the out rawlog: 1441680000.950204 * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN -REFERRALS ID ENABLE IDLE LOGINDISABLED AUTH=GSSAPI] Dovecot ready. 1441680001.049592 + 1441680001.085562 + YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv03ycmqWKFL9 foDag8BqF5je64ekOG0UCpcDfT4v3ZwNLLhZL/Fo0THb+xD09LJcGM2AtTzRMFFV8V7YHSV L1q+/X9exo0mxU6tMeHmXhMDq71PDcqB5zKdCpTmhakqny5x/vLM47xlnzj+oqwgnY 1441680001.087338 +...

On Tue, 22 Aug 2017, Aki Tuomi wrote: > else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you > have enabled something like cram-md5. Hi, exactly, this is the reason, why plain-text is still needed. You don't need encryption for authentication, if you have secure authentication. Without knowing original password, the MITM cannot generate correct hash for login, so th...

This release was actually tested with reading my inbox (500+ messages, mbox, Solaris 8) using Outlook and Evolution v0.96 2002-08-08 Timo Sirainen <tss at iki.fi> * Changed to LGPL v2.1 license + STARTTLS support and optional disabling of plaintext authentication (LOGINDISABLED capability) + Support for custom message flags, each folder can have 26 different. + New configuration file options: imap_listen, max_logging_users, max_imap_processes + You can specify config file location to imap-master with -c <path> + All IMAP processes can now write to specified l...

dovecot-bounces at dovecot.org wrote: > I noticed that... > > # Disable LOGIN command and all other plaintext authentications unless > # SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and > # IPv6 ::1 addresses are considered secure, this setting has > no effect if > # you connect from those addresses. > #disable_plaintext_auth = yes > > ...was added to the latest release. Thanks Timo! This takes the > localhost-SSL burden o...

Hi Following my last posts, i succeed to connect pop3 in localhost but not in mydomain.org (with dovecot 0.99 it worked) I have this error : -ERR Plaintext authentication disabled. Thanks

I finally got Dovecot working pretty good I just have one small problem. I can't seem to log in via IMAP, now everything works great through POP but when I try to login via IMAP I get the following error: "PLAIN authentication failed. None of the authentication methods supported by your IMAP server are supported this computer" Anyone seen this before? -------------- next part