diff --git a/en_US/faq/1-errors.md b/en_US/faq/1-errors.md index a3e4dbf4..18e4ca91 100644 --- a/en_US/faq/1-errors.md +++ b/en_US/faq/1-errors.md @@ -201,6 +201,30 @@ To solve this, please either use a different `myhostname` or don't use this domain name as mail domain (remove it with iRedAdmin). To use a different value for Postfix parameter `myhostname`, you must also change server hostname. +## Dovecot + +### Plaintext authentication not allowed without SSL/TLS + +Error message in Dovecot log file: + +> [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client +> did it anyway. If anyone was listening, the password was exposed. + +Dovecot is configured to force clients to use secure IMAP/POP3 connections, +but your client is trying to use plain and insecure connection without TLS or +SSL. + +The __BEST__ solution is updating IMAP/POP3 settings in the mail client +application (e.g. Outlook, Thunderbird) to enable secure connection. Please +check [this link](./index.html#mua) to see network port numbers and secure +connection types. + +The __NOT RECOMMENDED__ solution is updating Dovecot config file to allow +insecure connection, this is dangerous because your password is sent in plain +text, if someone can trace the network traffic with network gateway / firewall, +your password is explosed. if you clearly understand the risk and still want +to enable insecure connections, please check [this document](./allow.insecure.pop3.imap.smtp.connections.html). + ## Amavisd ### connect to 127.0.0.1[127.0.0.1]:10024: Connection refused diff --git a/html/errors.html b/html/errors.html index c0d35424..bfccbc7f 100644 --- a/html/errors.html +++ b/html/errors.html @@ -35,6 +35,10 @@
To solve this, please either use a different myhostname
or don't use this
domain name as mail domain (remove it with iRedAdmin). To use a different value
for Postfix parameter myhostname
, you must also change server hostname.
Error message in Dovecot log file:
+++[ALERT] Plaintext authentication not allowed without SSL/TLS, but your client +did it anyway. If anyone was listening, the password was exposed.
+
Dovecot is configured to force clients to use secure IMAP/POP3 connections, +but your client is trying to use plain and insecure connection without TLS or +SSL.
+The BEST solution is updating IMAP/POP3 settings in the mail client +application (e.g. Outlook, Thunderbird) to enable secure connection. Please +check this link to see network port numbers and secure +connection types.
+The NOT RECOMMENDED solution is updating Dovecot config file to allow +insecure connection, this is dangerous because your password is sent in plain +text, if someone can trace the network traffic with network gateway / firewall, +your password is explosed. if you clearly understand the risk and still want +to enable insecure connections, please check this document.
This error means Amavisd service is not running, please try to start it first.