From e973c8212b6ab21cfa44fbb15ffd7345eeea5da1 Mon Sep 17 00:00:00 2001 From: Zhang Huangbin Date: Thu, 2 Nov 2017 12:51:50 +0800 Subject: [PATCH] Add new error message: Plaintext authentication not allowed without SSL/TLS --- en_US/faq/1-errors.md | 24 ++++++++++++++++++++++++ html/errors.html | 23 +++++++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/en_US/faq/1-errors.md b/en_US/faq/1-errors.md index a3e4dbf4..18e4ca91 100644 --- a/en_US/faq/1-errors.md +++ b/en_US/faq/1-errors.md @@ -201,6 +201,30 @@ To solve this, please either use a different `myhostname` or don't use this domain name as mail domain (remove it with iRedAdmin). To use a different value for Postfix parameter `myhostname`, you must also change server hostname. +## Dovecot + +### Plaintext authentication not allowed without SSL/TLS + +Error message in Dovecot log file: + +> [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client +> did it anyway. If anyone was listening, the password was exposed. + +Dovecot is configured to force clients to use secure IMAP/POP3 connections, +but your client is trying to use plain and insecure connection without TLS or +SSL. + +The __BEST__ solution is updating IMAP/POP3 settings in the mail client +application (e.g. Outlook, Thunderbird) to enable secure connection. Please +check [this link](./index.html#mua) to see network port numbers and secure +connection types. + +The __NOT RECOMMENDED__ solution is updating Dovecot config file to allow +insecure connection, this is dangerous because your password is sent in plain +text, if someone can trace the network traffic with network gateway / firewall, +your password is explosed. if you clearly understand the risk and still want +to enable insecure connections, please check [this document](./allow.insecure.pop3.imap.smtp.connections.html). + ## Amavisd ### connect to 127.0.0.1[127.0.0.1]:10024: Connection refused diff --git a/html/errors.html b/html/errors.html index c0d35424..bfccbc7f 100644 --- a/html/errors.html +++ b/html/errors.html @@ -35,6 +35,10 @@
  • warning: do not list domain mydomain.com in BOTH mydestination and virtual_mailbox_domains
    • +
  • Dovecot +
  • Amavisd @@ -216,6 +220,25 @@ domain mydomain.com in BOTH mydestination and virtual_mailbox_domains

    To solve this, please either use a different myhostname or don't use this domain name as mail domain (remove it with iRedAdmin). To use a different value for Postfix parameter myhostname, you must also change server hostname.

    +

    Dovecot

    +

    Plaintext authentication not allowed without SSL/TLS

    +

    Error message in Dovecot log file:

    +
    +

    [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client +did it anyway. If anyone was listening, the password was exposed.

    +
    +

    Dovecot is configured to force clients to use secure IMAP/POP3 connections, +but your client is trying to use plain and insecure connection without TLS or +SSL.

    +

    The BEST solution is updating IMAP/POP3 settings in the mail client +application (e.g. Outlook, Thunderbird) to enable secure connection. Please +check this link to see network port numbers and secure +connection types.

    +

    The NOT RECOMMENDED solution is updating Dovecot config file to allow +insecure connection, this is dangerous because your password is sent in plain +text, if someone can trace the network traffic with network gateway / firewall, +your password is explosed. if you clearly understand the risk and still want +to enable insecure connections, please check this document.

    Amavisd

    connect to 127.0.0.1[127.0.0.1]:10024: Connection refused

    This error means Amavisd service is not running, please try to start it first.