Hi:

It appears that at least at one time, Dovecot supported plaintext authentication from localhost, even if disable_plaintext_auth = yes. To wit, the example configuration file reads:

Disable LOGIN command and all other plaintext authentications unless

SSL/TLS is used (LOGINDISABLED capability). Note that 127.*.*.* and

IPv6 ::1 addresses are considered secure, this setting has no effect if

you connect from those addresses.

#disable_plaintext_auth = yes

On brief inspection of the code, there doesn't seem to be any such support. This is corroborated by the fact that 0.99.10 (Debian package) behaves by disallowing plaintext authentication via connections on localhost.

This is a particularly useful feature, as local webmail clients can safely authenticate via the local interface without requiring secure authentication.

So, the question is, is Dovecot supposed to support plaintext auth via localhost even if disallowed in dovecot.conf? If so, any suggestions as to what I may be doing wrong?

Yours truly,

Paul C. Bryan email@pbryan.net