From e973c8212b6ab21cfa44fbb15ffd7345eeea5da1 Mon Sep 17 00:00:00 2001
From: Zhang Huangbin
Date: Thu, 2 Nov 2017 12:51:50 +0800
Subject: [PATCH] Add new error message: Plaintext authentication not allowed
without SSL/TLS
---
en_US/faq/1-errors.md | 24 ++++++++++++++++++++++++
html/errors.html | 23 +++++++++++++++++++++++
2 files changed, 47 insertions(+)
diff --git a/en_US/faq/1-errors.md b/en_US/faq/1-errors.md
index a3e4dbf4..18e4ca91 100644
--- a/en_US/faq/1-errors.md
+++ b/en_US/faq/1-errors.md
@@ -201,6 +201,30 @@ To solve this, please either use a different `myhostname` or don't use this
domain name as mail domain (remove it with iRedAdmin). To use a different value
for Postfix parameter `myhostname`, you must also change server hostname.
+## Dovecot
+
+### Plaintext authentication not allowed without SSL/TLS
+
+Error message in Dovecot log file:
+
+> [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client
+> did it anyway. If anyone was listening, the password was exposed.
+
+Dovecot is configured to force clients to use secure IMAP/POP3 connections,
+but your client is trying to use plain and insecure connection without TLS or
+SSL.
+
+The __BEST__ solution is updating IMAP/POP3 settings in the mail client
+application (e.g. Outlook, Thunderbird) to enable secure connection. Please
+check [this link](./index.html#mua) to see network port numbers and secure
+connection types.
+
+The __NOT RECOMMENDED__ solution is updating Dovecot config file to allow
+insecure connection, this is dangerous because your password is sent in plain
+text, if someone can trace the network traffic with network gateway / firewall,
+your password is explosed. if you clearly understand the risk and still want
+to enable insecure connections, please check [this document](./allow.insecure.pop3.imap.smtp.connections.html).
+
## Amavisd
### connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
diff --git a/html/errors.html b/html/errors.html
index c0d35424..bfccbc7f 100644
--- a/html/errors.html
+++ b/html/errors.html
@@ -35,6 +35,10 @@
warning: do not list domain mydomain.com in BOTH mydestination and virtual_mailbox_domains
+Dovecot
+
Amavisd
@@ -216,6 +220,25 @@ domain mydomain.com in BOTH mydestination and virtual_mailbox_domains
To solve this, please either use a different myhostname
or don't use this
domain name as mail domain (remove it with iRedAdmin). To use a different value
for Postfix parameter myhostname
, you must also change server hostname.
+Dovecot
+Plaintext authentication not allowed without SSL/TLS
+Error message in Dovecot log file:
+
+[ALERT] Plaintext authentication not allowed without SSL/TLS, but your client
+did it anyway. If anyone was listening, the password was exposed.
+
+Dovecot is configured to force clients to use secure IMAP/POP3 connections,
+but your client is trying to use plain and insecure connection without TLS or
+SSL.
+The BEST solution is updating IMAP/POP3 settings in the mail client
+application (e.g. Outlook, Thunderbird) to enable secure connection. Please
+check this link to see network port numbers and secure
+connection types.
+The NOT RECOMMENDED solution is updating Dovecot config file to allow
+insecure connection, this is dangerous because your password is sent in plain
+text, if someone can trace the network traffic with network gateway / firewall,
+your password is explosed. if you clearly understand the risk and still want
+to enable insecure connections, please check this document.
Amavisd
connect to 127.0.0.1[127.0.0.1]:10024: Connection refused
This error means Amavisd service is not running, please try to start it first.