Re: dovecot security
On Wed, Oct 20, 2010 at 01:05:08PM +0000, Camaleón wrote:
> On Tue, 19 Oct 2010 16:24:29 -0400, Rob Owens wrote:
> > On Sun, Oct 17, 2010 at 05:56:40PM +0000, Camaleón wrote:
> >> Plaintext Authentication
> >> http://wiki2.dovecot.org/BasicConfiguration
> > Thanks for those links. I had a quick look at my config files again,
> > and they seem to allow plaintext authentication (which I don't want).
> > However, Icedove gives me an error when I try to connect without TLS or
> > SSL. This is good, but I want to make sure that it is dovecot that is
> > refusing to cooperate with plaintext connections.
> Check Dovecot's log files. What error are you getting? :-?
dovecot: imap-login: Aborted login (0 authentication attempts):
And then it shows the IP address of my server and my client.
Icedove's error message is:
You cannot log in to you.server.net because the server has disabled
login. You may need to connect via SSL or TLS. Please check the
account settings for your mail server.
One detail I've left out, and the "cannot log in" error makes me wonder
about it: My user is an LDAP account user, and I did not configure
/etc/dovecot/dovecot-ldap.conf. My reason for not configuring it was
that dovecot seemed to work without it (but I initially used SSL, then
...Well, there goes that theory. I just created a local (non-ldap) user
on the mail server and I get the same error when trying to connect
without SSL or TLS.