Hi,
> > > I am using dovecot with postfix for authentication.
> > >
> > > Everything (TLS/SSL, authentication) is working fine, except that when
> > > I set:
> > >
> > > disable_plaintext_auth = yes
> > >
> > > I still can authenticate with plain text on a no TLS/SSL session:
> > >
> > > 20 mail2.cs.ait.ac.th ESMTP Postfix (2.6.2)
> > > EHLO [192.41.170.57]
> > > 250-mail2.cs.ait.ac.th
> > > 250-PIPELINING
> > > 250-SIZE 10240000
> > > 250-VRFY
> > > 250-ETRN
> > > 250-STARTTLS
> > > 250-AUTH PLAIN LOGIN
> > > 250-AUTH=PLAIN LOGIN
> > > 250-ENHANCEDSTATUSCODES
> > > 250-8BITMIME
> > > 250 DSN
> > > AUTH PLAIN XXXX
> > > 235 2.7.0 Authentication successful
> >
> > disable_plaintext_auth affects logging in to dovecot IMAP/POP3 server.
> > This is a SMTP session with Postfix, you'll have to configure Postfix
> > not to allow plain text authentication before STARTTLS.
>
> But postfix hands the authentication task to dovecot (dovecot-auth
> daemon).
>
> And I am sure it does, because if I remove PLAIN from the
> authentication mechanism of dovecot, then the SMTP sessions with
> postfix will not offer AUTH PLAIN anymore.
>
> So I am confused here.
My mistake, that is managed by postfix parameter:
smtpd_tls_auth_only = yes
Thank you,
Olivier
