Glenn English <ghe2...@gmail.com> writes: > Buster, Stretch, Wheezy > > I know this is probably the wrong place to ask, but DU is full of > knowledgeable folks... > > This morning I quit receiving IMAP email (Dovecot, Thunderbird). I > installed and tried several other clients (iMail, Geary, Sylpheed) and > none worked. They said things like my AuthenticationMethod (PLAINTEXT) > was wrong -- I tried several others; none worked. They said my > userName/Password was wrong. I re-entered the password, still nothing. > But I could log into the server with the name/password. > > Since several clients wouldn't work, I looked at Dovecot's config. I > couldn't find anything there that looked promising -- and besides, it > was fine yesterday. > > I reinstalled Dovecot from a Buster mirror.. Same errors. > > I tried 'telnet <srv> 143', and entering IMAP commands by hand. I got > some useful info: PLAINTEXT was disallowed on non TLS logins. It said > that right after I entered the userName, not when I entered the > password. It said the same thing when I did enter the password. > > I couldn't find anything in the Dovecot config files that addressed > that, except a commented out line: "#disable_plaintext_auth = yes." > But Dovecot seems to be tossing PLAINTEXT anyway. I didn't try > deleting the line. >
Set disable_plaintext_auth = no https://wiki.dovecot.org/BasicConfiguration > I tried a different computer (old server - Wheezy) thinking there > might have been a Dovecot update that made all my clients fail. Same > thing. > > The mail log from yesterday shows successful logins all afternoon -- > but this morning is shows authentication fails. So I tried changing > Dovecot's auth source from PAM to the shadow file. Nope. > > I'm completely at a loss. I've been dealing with Dovecot for years > with no problems. Today, I swear some bit flipped all by itself. And I > can't find it. > The documentation for the disable_plaintext_auth parameter seems like it is exactly what you need to tweak. I cannot tell why you didn't run into this earlier. # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes > If you have any idea of what I may have missed, I'd sure appreciate > hearing about it. And since I can't see the debian-user list, please > respond directly to me at ghe2...@gmail.com > > TIA++. -- regards, kushal
