Articles in this section

See more

How to prevent plaintext authentication via IMAP/POP3 and SMTP in Postfix on Plesk server?

Avatar
Marc Vidal
Updated
Follow

Applicable to:

  • Plesk for Linux

Question

How to prevent cleartext / plaintext authentication via IMAP/POP3 and SMTP in Postfix on Plesk server?

Answer

Note: If you don't have root access to the Plesk server via SSH, contact your service provider regarding this issue.

Click on a section to expand

Plesk with Dovecot + Postfix

  1. Connect to the server via SSH

  2. Enable PCI compliance to Dovecot service:

    # plesk sbin pci_compliance_resolver --enable dovecot

  3. Enable PCI compliance to Postfix service:

    # plesk sbin pci_compliance_resolver --enable postfix

  4. Edit the file /etc/postfix/main.cf adding the following line:

    CONFIG_TEXT: smtpd_tls_auth_only=yes

  5.  Open the smtpd.conf file in a text editor (in this example, we are using the vi editor) and remove "PLAIN" and "LOGIN" from mech_list:

    • on CentOS/RHEL-based distributions

      # cat /usr/lib64/sasl2/smtpd.conf

      pwcheck_method: auxprop saslauthd
      auxprop_plugin: plesk
      saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
      mech_list: DIGEST-MD5 CRAM-MD5
      sql_engine: intentionally disabled
      log_level: 4

    • on Debian/Ubuntu-based distributions

      # cat /etc/postfix/sasl/smtpd.conf

      pwcheck_method: auxprop saslauthd
      auxprop_plugin: plesk
      saslauthd_path: /private/plesk_saslauthd
      mech_list: DIGEST-MD5 CRAM-MD5
      sql_engine: intentionally disabled
      log_level: 4

  6. Restart mail services to apply the changes:

    # service saslauthd restart && service postfix restart && service dovecot restart

 

Note: If Qmail is used, it is recommended to switch to Postfix. Forcing secure connection over SMTP in Qmail requires patching which is not supplied by Plesk.

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles