Web lists-archives.com

Re: major email problems




Glenn English <ghe2001@xxxxxxxxx> writes:

> Buster, Stretch, Wheezy
>
> I know this is probably the wrong place to ask, but DU is full of
> knowledgeable folks...
>
> This morning I quit receiving IMAP email (Dovecot, Thunderbird). I
> installed and tried several other clients (iMail, Geary, Sylpheed) and
> none worked. They said things like my AuthenticationMethod (PLAINTEXT)
> was wrong -- I tried several others; none worked. They said my
> userName/Password was wrong. I re-entered the password, still nothing.
> But I could log into the server with the name/password.
>
> Since several clients wouldn't work, I looked at Dovecot's config. I
> couldn't find anything there that looked promising -- and besides, it
> was fine yesterday.
>
> I reinstalled Dovecot from a Buster mirror.. Same errors.
>
> I tried 'telnet <srv> 143', and entering IMAP commands by hand. I got
> some useful info: PLAINTEXT was disallowed on non TLS logins. It said
> that right after I entered the userName, not when I entered the
> password. It said the same thing when I did enter the password.
>
> I couldn't find anything in the Dovecot config files that addressed
> that, except a commented out line: "#disable_plaintext_auth = yes."
> But Dovecot seems to be tossing PLAINTEXT anyway. I didn't try
> deleting the line.
>

Set disable_plaintext_auth = no

https://wiki.dovecot.org/BasicConfiguration

> I tried a different computer (old server - Wheezy) thinking there
> might have been a Dovecot update that made all my clients fail. Same
> thing.
>
> The mail log from yesterday shows successful logins all afternoon --
> but this morning is shows authentication fails. So I tried changing
> Dovecot's auth source from PAM to the shadow file. Nope.
>
> I'm completely at a loss. I've been dealing with Dovecot for years
> with no problems. Today, I swear some bit flipped all by itself. And I
> can't find it.
>

The documentation for the disable_plaintext_auth parameter seems like it
is exactly what you need to tweak.  I cannot tell why you didn't run
into this earlier.

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes

> If you have any idea of what I may have missed, I'd sure appreciate
> hearing about it. And since I can't see the debian-user list, please
> respond directly to me at ghe2001@xxxxxxxxx
>
> TIA++.

-- 
regards,
kushal