Re: major email problems
- Date: Sat, 18 May 2019 16:29:35 -0700
- From: Kushal Kumaran <kushal@xxxxxxxxxxxxx>
- Subject: Re: major email problems
Glenn English <ghe2001@xxxxxxxxx> writes:
> Buster, Stretch, Wheezy
> I know this is probably the wrong place to ask, but DU is full of
> knowledgeable folks...
> This morning I quit receiving IMAP email (Dovecot, Thunderbird). I
> installed and tried several other clients (iMail, Geary, Sylpheed) and
> none worked. They said things like my AuthenticationMethod (PLAINTEXT)
> was wrong -- I tried several others; none worked. They said my
> userName/Password was wrong. I re-entered the password, still nothing.
> But I could log into the server with the name/password.
> Since several clients wouldn't work, I looked at Dovecot's config. I
> couldn't find anything there that looked promising -- and besides, it
> was fine yesterday.
> I reinstalled Dovecot from a Buster mirror.. Same errors.
> I tried 'telnet <srv> 143', and entering IMAP commands by hand. I got
> some useful info: PLAINTEXT was disallowed on non TLS logins. It said
> that right after I entered the userName, not when I entered the
> password. It said the same thing when I did enter the password.
> I couldn't find anything in the Dovecot config files that addressed
> that, except a commented out line: "#disable_plaintext_auth = yes."
> But Dovecot seems to be tossing PLAINTEXT anyway. I didn't try
> deleting the line.
Set disable_plaintext_auth = no
> I tried a different computer (old server - Wheezy) thinking there
> might have been a Dovecot update that made all my clients fail. Same
> The mail log from yesterday shows successful logins all afternoon --
> but this morning is shows authentication fails. So I tried changing
> Dovecot's auth source from PAM to the shadow file. Nope.
> I'm completely at a loss. I've been dealing with Dovecot for years
> with no problems. Today, I swear some bit flipped all by itself. And I
> can't find it.
The documentation for the disable_plaintext_auth parameter seems like it
is exactly what you need to tweak. I cannot tell why you didn't run
into this earlier.
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
> If you have any idea of what I may have missed, I'd sure appreciate
> hearing about it. And since I can't see the debian-user list, please
> respond directly to me at ghe2001@xxxxxxxxx