Closed measwel closed 6 years ago
andryyy
commented
6 years ago Plain is coming from the authentication method used to post your credentials. It is always wrapped in TLS, so it is secure. Plain/Login are the most common methods.
Please close this issue when your question is answered.
measwel
commented
6 years ago I am trying to login to POP ( port 995 ) both using osx Mail and a test tool: https://www.wormly.com/test-pop3-mail-server
In both cases I get the auth failed message shown above. If I switch off SSL, I get:
S:-ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
ERROR: Login failed -ERR [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
POP3 test failed.With SSL ON:
ERROR: Login failed -ERR [AUTH] Authentication failed.
POP3 test failed.I am completely unable to POP over port 995. Can somebody please help to diagnose the root of the problem?
andryyy
commented
6 years ago I don’t see a port field on this site.
I also don’t know why you disable SSL if you want to use SSL.
This check site looks stupid. Does it use STARTLS? Or is it using a wrapped TLS connection?
I also don’t know your macOS settings. If you want to use STARTTLS, go for port 110. For TLS-wrapped it is port 995. Some clients call a wrapped connection “SSL”. You should check Apples support site how to setup mail.
measwel
commented
6 years ago On the site, I disabled SSL temporarily for testing purposes.
On mac I have tried both 110 and port 995 to connect. It results in the same error - Unable to verify account name or password. Its almost as if the user/password combination cannot be found. The user's mailbox is there. I am using the full user email as login name. I do not know how to check the user database or what other diagnostic actions I can take.
evilstiefel
commented
6 years ago You can firstly try if it works as an IMAP-Account to verify that your credentials are indeed correct. It might have nothing to do with POP.
measwel
commented
6 years ago The result for IMAP is the same:
` | Secured: CN=www.mymailer.comS:
POP:
| Secured: CN=www.mymailer.comS: +OK Dovecot ready.C: CAPAS: +OKCAPATOPUIDLRESP-CODESPIPELININGAUTH-RESP-CODEUSERSASL PLAIN LOGIN. C: USER marek@mymailer.com S: +OK C: PASS <password> S: -ERR [AUTH] Authentication failed.
DNS resolves correctly, port is accessed correctly and certificate is validated and trusted without problems.
In both cases it seems that the username is accepted, while the password is not. I am sure that the password is the same I have set for the mailbox.
I also cannot login as this user via mailcow's web UI. I can only login as admin. Is there a way to check the user's credentials stored in the db ?
andryyy
commented
6 years ago You should reset the password.
measwel
commented
6 years ago I do not see how. I have tried changing the password ( when logged in as admin ) multiple times for the user. But it doesnt seem to have any effect. I just tried resetting the password. No effect. I can connect to the db. What table should I check to see if the user is there? select user from mysql.user; produces: +---------+ | user | +---------+ | mailcow | | root | | root | +---------+
measwel
commented
6 years ago Oh my. I feel very stupid now. The problem was with the domain name. I used a FQDN which produced emails for the users such as: user@www.domain.com instead of user@domain.com. Everything works fine after I corrected the domain name.
Thank you all for the help anyhow!
I keep seeing the following in the logs:
pop3-login: Aborted login (auth failed, 2 attempts in 4 secs): user=<marek@mymail.com>, method=PLAIN, rip=91.64.93.111, lip=172.22.1.3, TLS, TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)I am instructing my client to use SSL. Can somebody explain where the method=PLAIN message is coming from?
I am testing POP with this tool: https://www.wormly.com/test-pop3-mail-server
PS The certificate I copied to mailcow ssl directory seems ok.