Applicable to:
- Plesk Onyx for Linux
Symptoms
-
When trying to set up an IMAP account in Outlook or Samsung Email android app, IMAP option is not available in the "Account type" field:
-
One of the following errors can be found in
/var/log/maillog
on Plesk server:CONFIG_TEXT: server dovecot: imap-login: Disconnected: Inactivity during authentication (client didn't finish SASL auth, waited 179 secs): user=<>, method=DIGEST-MD5, rip=127.0.0.1, lip=127.0.0.1, TLS, session=<Uzcj+sRVW+J/AAAB></>
CONFIG_TEXT: imap-login: Disconnected (auth failed... The issue is not reproduced in other mail clients, like Thunderbird.
CONFIG_TEXT: SASL DIGEST-MD5 authentication failed: authentication failure
Cause
Current implementation of a DIGEST-MD5 authentication in libsasl2-2 package is incompatible with Microsoft Outlook. Additional details can be found here.
Resolution
Note: if you don't have root access to Plesk server via SSH, contact your hosting provider regarding the issue
-
Login to Plesk server over SSH
-
Create a custom configuration file and place the
auth_mechanisms
parameter without digest-md5:# vi /etc/dovecot/conf.d/00-auth_mechs.conf
CONFIG_TEXT: auth_mechanisms = plain login cram-md5 apop
-
Restart Dovecot to apply the configuration changes:
# service dovecot restart
Comments
13 comments
This work-around is not only required for Outlook users, but also for users of the Android app "Samsung Email".
@King555
Thank you for sharing this information.
The article was updated.
Just some extra info for somebody who might encounter this. I am using the Outlook version coming with the Office 365 package. I was unable to setup IMAP. It simply failed without any additional information. A POP3 connection worked. I do use Samsung Mail on my Android phone and there it worked fine.
This solution fixed my Outlook setup problems. And as a bonus made retrieving mails via Samsung mail three times as fast
@Andreas Hendrickx
Thank you for the information! I am sure other Plesk users will find it useful.
The issue returns after a while. The same steps fix it. I assume the configuration file get changed by an update. It is kind of annoying to ind out that suddenly all my customers have outlook problems and to go to the same steps again. Is there a way to fix the change ? Or any sight on a permanent solution.
I understand that in its core this is an Outlook problem. But it is one of the most used application by my customers.
@Andreas I have fixed the article. The custom configuration file should not be rewritten by the updates. Thank you for the reporting the issue.
Alexander Tsmokalyuk Thanks !! I give it a go :)
Thanks for sharing this. This works perfectly!
Hi , I am not a techie. How can i get it to work again in my Outlook? It used to very well until recently. THanks!
Hello Madhavi Chandrasekaran
In that case, the suggestion is to submit a request for support, depending on where Plesk license was purchased https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
Putting the setting in 00-auth_mechs.conf doesn't seem to take effect. When Plesk updated to 18.0.33, the authentication failures started happening again which caused fail2ban to block my clients. It looks like the settings in dovecot.conf takes precedence over anything in conf.d thus overwriting the settings after an update.
Brandon Yap I was concerned regarding your post and tested this on our machines. In the default Dovecot configuration file I see digest-md5 included in the auth mechanism list after the update again (we did remove that previously), but that is expected (see the introductory lines of that file that warns users that this file will be overwritten on updates). I also have the 00-auth_mechs.conf in conf.d where the auth methods are re-defined. After verifying the setting I restarted Dovecot to make sure that it uses the current settings.
Then tested the capabilities with a Telnet connection:
> telnet <host name> 143
returns
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLED IDLE LITERAL+STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
Hi Peter, you're right, I was able to replicate what you did with telnet and digest-md5 did not show up in the list. It must be something else then because after every update I have a spate of clients getting fail2banned via the plesk-dovecot filter. Thanks for taking the time to post your findings.
Please sign in to leave a comment.