• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Resolved Which e-Mail client authentication method is secure?

S

Sebo

New Pleskian
Hi all,

I have a question regarding the security of the different e-Mail authentication methods (DIGEST-MD5 CRAM-MD5 PLAIN LOGIN).
At the moment I'm providing all of them but I want to restrict them to most secure ones.

What I can see from the maillog is, that most clients are using the PLAIN method by default.
Also the email.mobilconfig profile for iPhone and iPad, which is automatically provided by Plesk, is preconfigured with the PLAIN method.

So I'm not sure if it make sense, to disable the PLAIN method.

I assume that DIGEST-MD5 and CRAM-MD5 are more secure than PLAIN and LOGIN but I'm not sure.
I did't find enough information about this.

Hopefully someone has some more insights.

Thanks for you support!
 
Hello Sebo,

It all depends on various conditions (if there is a secure connection or not, etc).
You can check:
security.stackexchange.com

What is the most secured SMTP authentication type?

Say you have to choose only one among the following authentication types for your own SMTP server: LOGIN, PLAIN CRAM-MD5 DIGEST-MD5 NTLM/SPA/MSN Which one would you recommend for optimal security? ...
security.stackexchange.com security.stackexchange.com
security.stackexchange.com

How secure is using CRAM-MD5 for email authentication, when not using an SSL connection?

Background: My current server-provider tells me it's no problem to store the passwords in plain-text in the database, saying he has to do so because they use CRAM-MD5 for email authentication. My b...
security.stackexchange.com security.stackexchange.com
security.stackexchange.com

Is DIGEST-MD5 secure if done over HTTPS?

If the DIGEST-MD5 negotiation is done over an HTTPS connection instead of HTTP, does that prevent this list of disadvantages from Wikipedia?: Digest access authentication is intended as a security...
security.stackexchange.com security.stackexchange.com

Our KB article just for your reference:
support.plesk.com

How to prevent plaintext authentication via IMAP/POP3 and SMTP in Postfix on Plesk server?

Applicable to: Plesk for Linux Question How to prevent cleartext / plaintext authentication via IMAP/POP3 and SMTP in Postfix on Plesk server? Answer Note: If you don't have root access to the P...
support.plesk.com support.plesk.com
 
Hi Aytalina,

thanks a lot for the links.

If I understand right, it is basically OK to have the PLAIN method active as long as you use SSL.

Thanks again!
Sebo
 
You must log in or register to reply here.

Similar threads

T
Resolved connection webmail to mailserver fails
Replies
8
Views
3K
Strangelove
Strangelove
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
2K
mizar
mizar
P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
2K
PeterKi
P
M
Issue Problem Mail SpamHaust - HELO/EHLO & DNS CHECKS
Replies
8
Views
2K
meditrust
M
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
Back
Top