subject:"\"Plaintext authentication disallowed on non\-secure \(SSL\/TLS\) connections\" despite correct configuration to allow this"

Re: "Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this

2016-08-02 Thread Christian Balzer


Hello,

talking to oneself seems to be all the rage on this ML, so I shall join
that trend.

As it turns out this was a case of slightly muddled/unclear error
messages, the client sees:
---
-ERR Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
---

But the actual issue  was that the newly added "login_source_ips" (the
main reason for this upgrade, as we're running out of ports) was not not
in the "trusted_networks" of the target mailbox server.

So the failure was between proxy and mailbox server, not client and proxy.

After adding that network all is working now as expected.

Christian

On Tue, 2 Aug 2016 16:02:34 +0900 Christian Balzer wrote:

> 
> Hello,
> 
> this is basically a repeat of this query from last year, which
> unfortunately got a deafening silence for replies:
> ---
> http://dovecot.org/pipermail/dovecot/2015-August/101720.html
> ---
> 
> I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies
> are also of that vintage. 
> 
> So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work,
> as per the documentation
> (http://wiki2.dovecot.org/SSL/DovecotConfiguration)
> and historically expected.
> 
> Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the
> same parameters fails like this:
> ---
> Aug  2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibi...@gol.com): Login 
> failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on 
> non-secure (SSL/TLS) connections.: user=, method=PLAIN, 
> rip=x.x.x.x, lip=x.x.x.x, pid=16066
> ---
> 
> Changing things to "ssl=no" doesn't help and setting trusted networks only
> changes the last bit to have "secured" appended  but still fails the same
> otherwise.
> 
> I really need 2.2.x to behave the same way as before and documented. 
> 
> Any ideas and feedback would be most welcome.
> 
> Regards,
> 
> Christian


-- 
Christian BalzerNetwork/Systems Engineer
ch...@gol.com   Global OnLine Japan/Rakuten Communications
http://www.gol.com/

"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this

2016-08-02 Thread Christian Balzer


Hello,

this is basically a repeat of this query from last year, which
unfortunately got a deafening silence for replies:
---
http://dovecot.org/pipermail/dovecot/2015-August/101720.html
---

I have mostly 2.1.7 (Debian Wheezy) mailbox servers and the current proxies
are also of that vintage. 

So with "ssl=yes" and "disable_plaintext_auth=no" plaintext logins work,
as per the documentation
(http://wiki2.dovecot.org/SSL/DovecotConfiguration)
and historically expected.

Trying to use a 2.2.24 (Debian Jessie backports) dovecot proy with the
same parameters fails like this:
---
Aug  2 15:45:57 smtp12 dovecot: pop3-login: proxy(chibi...@gol.com): Login 
failed to mbxx.xxx.gol.com:110: Plaintext authentication disallowed on 
non-secure (SSL/TLS) connections.: user=, method=PLAIN, 
rip=x.x.x.x, lip=x.x.x.x, pid=16066
---

Changing things to "ssl=no" doesn't help and setting trusted networks only
changes the last bit to have "secured" appended  but still fails the same
otherwise.

I really need 2.2.x to behave the same way as before and documented. 

Any ideas and feedback would be most welcome.

Regards,

Christian
-- 
Christian BalzerNetwork/Systems Engineer
ch...@gol.com   Global OnLine Japan/Rakuten Communications
http://www.gol.com/

Re: "Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this

"Plaintext authentication disallowed on non-secure (SSL/TLS) connections" despite correct configuration to allow this

2 matches

Site Navigation

Mail list logo

Footer information