On Sat, 2008-01-05 at 01:39 -0500, Maykel Moya wrote: > I'm using Dovecot (1.0.10) locally to test SugarCRM. When I tried to set > up a mail account in Sugar, it complains with > > -- > SECURITY PROBLEM: insecure server advertised AUTH=PLAIN > Please check your settings and try again.
It wants to connect with SSL/TLS.
> Timo answered to me on IRC about Dovecot assuming that a connection from
> the same ip is considered secured.
>
> I'd rebuild Dovecot with the following patch:
..
> but still not able to make it not accept AUTH PLAIN authentication from
> the same ip. I'm missing something?
That patch just disables the plaintext login completely. So it seems
that you'd have to configure Sugar and Dovecot to use SSL/TLS.
> On the other hand, if I set disable_plaintext_auth to yes I cannot use
> the classic USER/PASS pop3 verbs. I'm not sure what the POP3 related
> RFCs mandates with respect to this.
If you want to disable plaintext auth only for IMAP, move the
disable_plaintext_auth=yes setting inside protocol imap {}.
signature.asc
Description: This is a digitally signed message part
