These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for postfix Error Plaintext authentication disabled on the new forum.
After a fresh install of Debian etch i have a problem with postfix: the mailclient says: -ERR Plaintext authentication disabled.
i already checked for some options:
/etc/dovecot/dovecot.conf: mechanisms = plain
/etc/postfix/sasl/smtpd.conf: pwcheck_method: saslauthd mech_list: plain login
/etc/postfix/main.cf: smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous
But login to the mailaccounts still fail
Has anybody the answer?
I checked the authentication with telnet
$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 mail.xx.yy ESMTP Postfix (Debian/GNU)
ehlo localhost
250-mail.xx.yy
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
Hm, for me, it seems ok. But the server did not allow to authenticate.
This is my main.cf:
------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.xx.yy
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain, $mydomain, debian4064m, localhost, Debian-40-etch-64-minimal
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = Maildir/
smtp_bind_address = x.y.z.w
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
This is my main.cf:
------
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
myhostname = mail.xx.yy
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = $myhostname, localhost.$mydomain, $mydomain, debian4064m, localhost, Debian-40-etch-64-minimal
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_alias_maps = hash:/etc/postfix/virtual
home_mailbox = Maildir/
smtp_bind_address = x.y.z.w
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination
Howdy Mathias,
Actually this is a (stupid) default in the Dovecot configuration on Debian, which prevents it from working with PAM or shadow authentication, that we haven't corrected yet in the install script. In /etc/dovecot/dovecot.conf find the option labeled "disable_plaintext_auth = yes", uncomment it, and change the "yes" to "no".
It'll be fixed in the next version of virtualmin-base for Debian. Sorry for the inconvenience.
--
Check out the forum guidelines!
FYI: Looks like it is not (yet) fixed in Virtualmin 3.62 (Pro) on Ubuntu 8.04. The option disable_plaintext_auth = yes was still there and commented out.
Indeed it is!
If you don't hear anything regarding that on the forums here, I might open up a bug in the bug tracker about that.
Thanks,
-Eric
<div class='quote'>FYI: Looks like it is not (yet) fixed in Virtualmin 3.62 (Pro) on Ubuntu 8.04. The option disable_plaintext_auth = yes was still there and commented out.</div>
The Virtualmin module version isn't relevant to this particular nuisance.
It's gotta happen in virtualmin-base, which hasn't seen an update lately (it takes so much more testing, and across a lot of platforms, that it's sort of painful to roll out). But thanks for the reminder. I'd forgotten that there was an outstanding issue with virtualmin-base.
--
Check out the forum guidelines!
My dovecot.conf has disable_plaintext_auth = no uncommented and I still have this error if I use a mail client (evolution or Tbird). I installed roundcubem and it seems to be OK for sending mail
any other thoughts?
First, you did restart Dovecot after uncommenting that, right?
If so, what distribution are you using -- and can you attach a copy of your dovecot.conf?
Thanks!
-Eric
Eric,
My Dovecot and Postfix are working fine, but I'm curious...
QUESTION: Should/can the disable_plaintext_auth be set to YES without a problem?
Thx!
Jim
---snip of dovecot conf.d 10-auth.conf---
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
#disable_plaintext_auth = yes
disable_plaintext_auth = no