Skip to content
  • Solutions
    By Role
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    By Infrastructure
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
  • Product
    • Plesk Features
    • Plesk Editions
    • What’s new
    • Pricing
    • Roadmap
    • Lifecycle Policy
    • Extensions Catalogue
  • Pricing
  • Extensions
    Featured Extensions
    • SocialBee
    • WP Toolkit
    • WP Guardian
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Premium Email
    • Email Security
    • SocialBee
    • WP Toolkit
    • WP Guardian
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Premium Email
    • Email Security
    Bundles and packs:
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack

    See all Extensions

  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • WP Guardian
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • WP Guardian
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
Plesk 360 login
Free Trial

Knowledge Base

How to prevent plaintext authentication via IMAP/POP3 and SMTP in Postfix on Plesk server?

 
centosdebiandovecotimapmail

Question

How to prevent cleartext / plaintext authentication via IMAP/POP3 and SMTP in Postfix on Plesk server?

Answer

Note: If you don't have root access to the Plesk server via SSH, contact your service provider regarding this issue.

Click on a section to expand

Plesk with Dovecot + Postfix

  1. Connect to the server via SSH

  2. Enable PCI compliance to Dovecot service:

    # plesk sbin pci_compliance_resolver --enable dovecot

  3. Enable PCI compliance to Postfix service:

    # plesk sbin pci_compliance_resolver --enable postfix

  4. Edit the file /etc/postfix/main.cf adding the following line:

    smtpd_tls_auth_only=yes

  5.  Open the smtpd.conf file in a text editor (in this example, we are using the vi editor) and remove "PLAIN" and "LOGIN" from mech_list:

    • on CentOS/RHEL-based distributions

      # cat /usr/lib64/sasl2/smtpd.conf

      pwcheck_method: auxprop saslauthd
      auxprop_plugin: plesk
      saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
      mech_list: DIGEST-MD5 CRAM-MD5
      sql_engine: intentionally disabled
      log_level: 4

    • on Debian/Ubuntu-based distributions

      # cat /etc/postfix/sasl/smtpd.conf

      pwcheck_method: auxprop saslauthd
      auxprop_plugin: plesk
      saslauthd_path: /private/plesk_saslauthd
      mech_list: DIGEST-MD5 CRAM-MD5
      sql_engine: intentionally disabled
      log_level: 4

  6. Restart mail services to apply the changes:

    # service saslauthd restart && service postfix restart && service dovecot restart

  7. Enable the RoundCube webmail to use the CRAM-MD5 auth method by adding the following lines to /usr/share/psa-roundcube/config/config.inc.php:

    $config['smtp_auth_type'] = 'CRAM-MD5';
    $config['imap_auth_type'] = 'CRAM-MD5';

 

Note: If Qmail is used, it is recommended to switch to Postfix. Forcing secure connection over SMTP in Qmail requires patching which is not supplied by Plesk.

Read the full article
Related Posts

Setting Up and Configuring a Linux Mail Server

Read More »

Recommended OSs for Plesk

Read More »

CentOS Project Announces Early End-of-Life Date for CentOS 8

Read More »
Knowledge Base

Websites on Plesk server are slow or show error 500 or PHP mail cannot be sent: ap_pass_brigade failed

Read More »

Can’t access mail: Warning: Inotify instance limit for user exceeded

Read More »

Email header analysis reports SPF failed for localhost IP on mail sent from Plesk hosted mailbox: SPF Authentication : SPF Failed for IP – 127.0.0.1

Read More »

Unable to send mail from Plesk server: deferred (delivery temporarily suspended: connect to 127.0.0.1[127.0.0.1]:10024: Connection refused)

Read More »

Hosting Wiki

  • RESTful Web Service
  • Server Redundancy
  • Cloud Service Architecture
  • Virtualizor
  • RoundCube
  • QMAIL
  • Dovecot
  • Sendmail
  • Postfix
  • On-Demand Services
  • Bare Metal Server
  • Denial of Service
  • PhpMyAdmin
  • phpPgAdmin
  • Red Hat Virtualization
  • Virtuozzo
  • Oracle VM Server
  • Citrix Hypervisor
  • Server Virtualization Software
  • Windows Server
  • Linux
  • Virtualization
  • PHP
  • VirtualMin
  • Plesk
  • Web Server
  • DNS Server
  • SSH
  • Email Autoresponder
  • Mailing Lists
  • Email Alias
  • Email Virus Protection
  • Email Forwarding
  • Webmail
  • IMAP
  • SMTP
  • POP3
X-twitter Linkedin Youtube Reddit Github
  • Product
  • Login
  • Pricing
  • Editions
  • For Partners
  • Partner Program
  • Contributor Program
  • Affiliate Program
  • Plesk University
  • Company
  • Blog
  • Careers
  • Events
  • About Plesk
  • Our Brand
  • Resources
  • User and Admin guides
  • Help Center
  • Migrate to Plesk
  • Contact Us
  • Hosting Wiki
  • Forum
  • Legal
  • Legal
  • Privacy Policy
  • Imprint

© 2025 WebPros International GmbH

Part of the WebPros®  Family