'PLAIN encryption needed to use mechanism' error

Blake Hudson blake at ispn.net
Wed Jul 29 02:39:07 EDT 2009


Thanks for the reply Scott. I can auth as you described using the 
User/Pass method (allowplaintext: is already set to 1 and I've also 
tried sasl_minimum_layer: 0 at the same time).

My concern is that over port 110 the server is only advertising CRAM-MD5 
and DIGEST-MD5. POP3s appears to be advertising PLAIN. Why isn't PLAIN 
advertised over both?

--Blake

-------- Original Message  --------
Subject: Re: 'PLAIN encryption needed to use mechanism' error
From: Scott M. Likens <damm at yazzy.org>
To: Blake Hudson <blake at ispn.net>
Cc: info-cyrus at lists.andrew.cmu.edu
Date: Wednesday, July 29, 2009 1:30:46 AM
> Hi Blake,
>
> Actually pop3 by default should be using plain, like
>
> damm at desolation> telnet localhost 
> pop3                                                                                                                                    
> ~
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> +OK desolation Cyrus POP3 v2.3.14 server ready 
> <8505169291665378509.1248848742 at desolation>
> user root
> +OK Name is a valid mailbox
> pass toor
> +OK Mailbox locked and ready
>
> However, if you man imapd.conf you will notice there is such an option 
> as,
>
> allowplaintext: 0
>
> You may need to change that to 1, in order for plaintext ala pop3 to 
> work.
>
> Scott
>
> On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote:
>
>> -------- Original Message  --------
>> Subject: 'PLAIN encryption needed to use mechanism' error
>> From: Blake Hudson <blake at ispn.net>
>> To: info-cyrus at lists.andrew.cmu.edu
>> Date: Wednesday, July 29, 2009 12:13:52 AM
>>> I recently setup a new server and everything tested well. However, once
>>> in production I am seeing errors like the following:
>>>
>>> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use
>>> mechanism
>>>
>>>
>>> I wasn't aware that POP utilized other mechanisms? I can login just 
>>> fine
>>> with telnet and tbird, and cannot replicate this error myself. Any 
>>> ideas?
>>>
>>> --Blake
>>>
>>
>> Looks like the POP side is not advertising LOGIN/PLAIN auth types while
>> the imap side is. Is this the intended behavior?
>>
>> In my imapd.conf i have the following mech list defined:
>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>>
>> ---------------------- POP3----------------------
>> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
>> <173180331313918
>> 17429.1248845988 at twinP>
>> auth
>> +OK List of supported mechanisms follows
>> DIGEST-MD5
>> CRAM-MD5
>> ..
>> --------------------------------------------
>> ----------------------IMAP----------------------
>>
>> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
>> AUTH=LOGIN
>> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4
>> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
>>
>> --------------------------------------------
>>
>> I suppose this is likely a bad client that is not refreshing its mech
>> list after the server switch, but I'd still like to know how to resolve
>> the issue server side (if possible).
>>
>> -Blake
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>
>> !DSPAM:4a6fe485262521931426455!
>>
>>
>



More information about the Info-cyrus mailing list