Thanks for the reply Scott. I can auth as you described using the User/Pass method (allowplaintext: is already set to 1 and I've also tried sasl_minimum_layer: 0 at the same time). My concern is that over port 110 the server is only advertising CRAM-MD5 and DIGEST-MD5. POP3s appears to be advertising PLAIN. Why isn't PLAIN advertised over both? --Blake -------- Original Message -------- Subject: Re: 'PLAIN encryption needed to use mechanism' error From: Scott M. Likens <damm@xxxxxxxxx> To: Blake Hudson <blake@xxxxxxxx> Cc: info-cyrus@xxxxxxxxxxxxxxxxxxxx Date: Wednesday, July 29, 2009 1:30:46 AM > Hi Blake, > > Actually pop3 by default should be using plain, like > > damm@desolation> telnet localhost > pop3 > ~ > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > +OK desolation Cyrus POP3 v2.3.14 server ready > <8505169291665378509.1248848742@desolation> > user root > +OK Name is a valid mailbox > pass toor > +OK Mailbox locked and ready > > However, if you man imapd.conf you will notice there is such an option > as, > > allowplaintext: 0 > > You may need to change that to 1, in order for plaintext ala pop3 to > work. > > Scott > > On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote: > >> -------- Original Message -------- >> Subject: 'PLAIN encryption needed to use mechanism' error >> From: Blake Hudson <blake@xxxxxxxx> >> To: info-cyrus@xxxxxxxxxxxxxxxxxxxx >> Date: Wednesday, July 29, 2009 12:13:52 AM >>> I recently setup a new server and everything tested well. However, once >>> in production I am seeing errors like the following: >>> >>> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use >>> mechanism >>> >>> >>> I wasn't aware that POP utilized other mechanisms? I can login just >>> fine >>> with telnet and tbird, and cannot replicate this error myself. Any >>> ideas? >>> >>> --Blake >>> >> >> Looks like the POP side is not advertising LOGIN/PLAIN auth types while >> the imap side is. Is this the intended behavior? >> >> In my imapd.conf i have the following mech list defined: >> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 >> >> ---------------------- POP3---------------------- >> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >> <173180331313918 >> 17429.1248845988@twinP> >> auth >> +OK List of supported mechanisms follows >> DIGEST-MD5 >> CRAM-MD5 >> .. >> -------------------------------------------- >> ----------------------IMAP---------------------- >> >> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 >> AUTH=LOGIN >> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 >> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >> >> -------------------------------------------- >> >> I suppose this is likely a bad client that is not refreshing its mech >> list after the server switch, but I'd still like to know how to resolve >> the issue server side (if possible). >> >> -Blake >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> >> >> !DSPAM:4a6fe485262521931426455! >> >> > ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
