Postfix/Dovecot - Enable Remote Plaintext Authentication

Discussion in 'Server Operation' started by n1netyn1ne, Sep 20, 2013.

  1. n1netyn1ne

    n1netyn1ne New Member

    Hello,
    I've successfully installed Ubuntu Linux 12.04.2. and ISPConfig 3 (3.0.5.2)

    I'm trying to get remote clients such as Outlook or ThunderBird to login and retrieve/send mail from Dovecot 2.0.19 PostFix 2.9.6 using plaintext authentication. (i know its not secure)

    Currently I have SquirrelMail working perfect setup with Imap.. It sends and receives. I know SquirrelMail connects via LocalHost, so it is considered secure.

    Also I have Outlook and ThunderBird able to send and receive using ONLY IMAP 993 and SMTP 465 while having SSL/TLS.. BUT It prompts to use the Self Signed Certificate that cant be validated every time.. This is very annoying.. and i'm not going to buy a valid cert $$$.

    I want a remote Outlook client to connect with either POP3 or IMAP using plaintext and without SSL.

    I've been trying for days... and searching the web.. but cant figure out the proper settings to change... Its probably something simple... Can anyone help?

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NETSTAT -a (Incomplete list)
    Proto Recv-Q Send-Q Local Address Foreign Address State
    tcp 0 0 localhost:9000 *:* LISTEN
    tcp 0 0 localhost:10025 *:* LISTEN
    tcp 0 0 *:mysql *:* LISTEN
    tcp 0 0 *:submission *:* LISTEN
    tcp 0 0 localhost:11211 *:* LISTEN
    tcp 0 0 *:pop3 *:* LISTEN
    tcp 0 0 *:imap2 *:* LISTEN
    tcp 0 0 *:webmin *:* LISTEN
    tcp 0 0 *:http-alt *:* LISTEN
    tcp 0 0 *:http *:* LISTEN
    tcp 0 0 *:ssmtp *:* LISTEN
    tcp 0 0 *:tproxy *:* LISTEN
    tcp 0 0 *:ftp *:* LISTEN
    tcp 0 0 192.168.1.111:domain *:* LISTEN
    tcp 0 0 localhost:domain *:* LISTEN
    tcp 0 0 *:ssh *:* LISTEN
    tcp 0 0 localhost:9015 *:* LISTEN
    tcp 0 0 *:smtp *:* LISTEN
    tcp 0 0 localhost:953 *:* LISTEN
    tcp 0 0 *:https *:* LISTEN
    tcp 0 0 *:imaps *:* LISTEN
    tcp 0 0 *:pop3s *:* LISTEN
     
    Last edited: Sep 3, 2015
  2. TiTex

    TiTex Member

    have you tried setting IMAP/POP3 default port on your client?
    which service is not allowing plain login ? smtp (postfix) or imap/pop3 (dovecot) ?
     
  3. n1netyn1ne

    n1netyn1ne New Member

    Thanks for the reply.. I've made some progress on my own..
    Prior it was both postfix and dovecot.. not allowing plain login.

    I now got postfix to accept mail without tls, By changing this line in the its master.cf -o smtpd_tls_security_level=none (I don't know if this is the best solution but its working)

    Now the problem is just allowing plain login to dovecot it seems.

    When I try port 110.. I get an error the server was found but there was no response... "Verify the port and ssl information".
    When I try port 995 with ssl checked.. it prompts to use the self signed certificate before working.
     
  4. TiTex

    TiTex Member

    can you telnet in from the client pc to your server on port 110 or 143 ?
    Code:
    telnet server.ip.address 110
    i think you can remove that line from the master.cf since you already have smtpd_tls_security_level=may in main.cf which offer tls encryption but doesn't force it

    -- Edit --

    are you sure you're not trying to do ssl/tls on port 110 ?
     
    Last edited: Sep 21, 2013
  5. n1netyn1ne

    n1netyn1ne New Member

    I cannot telnet from the client pc to ports 110 or 143 ...both timeout.

    From the server itself I can telnet localhost and both ports reply.

    Also Ports are verified open in the firewall .. they belong to the same rule.. and all the other ports are working...
     
  6. TiTex

    TiTex Member

    can you try from a diferrent client and see if it's the same ? ... maybe a client with no firewalls or something that can block traffic
    if you get the same result than most likely the server is the culprit , you could also try disabling the firewall on the server completely
     
  7. n1netyn1ne

    n1netyn1ne New Member

    I just tried from a completely separate network and client and got the same timeouts on both ports 110 and 143.

    Unfortunately I don't have direct access to the hardware firewall the server sits behind. However I did clear the linux firewall iptables to allow all incoming.

    I was thinking other rules in the hardware firewall maybe conflicting with those ports.. i was going to have the network administrator open new ports and tell dovecot to listen on new ports for those protocols... But i'm not sure how to tell dovecot to listen on those new ports for each protocol.

    Can you verify would these be the settings to add in the dovecot.conf to change the ports for each protocol?

    service imap-login {
    process_min_avail = 16
    user = dovecot

    inet_listener imap {
    port = 144
    }
    }
    service pop3-login {
    process_min_avail = 16
    user = dovecot

    inet_listener pop3 {
    port = 111
    }
    }

    Otherwise i'm not sure what to do.. it seems it should be working as it..
     
  8. TiTex

    TiTex Member

    try to use ports above 1024 , like
    10110 for pop3
    10143 for imap
     
  9. n1netyn1ne

    n1netyn1ne New Member

    SOLVED
    THANKS FOR ALL YOUR HELP!!!
    Everything is working perfect now. :)

    Using different ports fixed Dovecot...
    I'm assuming the hardware firewall had conflicting ports.... figures :eek:
     

Share This Page