On 11:59 AM, John Espiro wrote:
After reading this: http://wiki2.dovecot.org/Authentication/Mechanisms It seems that PLAIN is OK, if I am using STARTTLS, which I believe I am. I mean, I've set it up, and it _seems_ to work. So the question I have, to the list, is... how can I verify that the passwords are being sent over STARTTLS.
Your client is ultimately logging in after STARTTLS because Dovecot is not allowing it to login before, but it apparently is trying and possibly sending a cleartext password or there would be no 'disconnected' log message.
Sniff the port 110 packets during a login from your client and see what's going on.
One other thought - Is there more than one account on this server configured in your client and if so, are they all using STARTTLS?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan