Email+ Unsupported Authentication Type?

After upgrading to 2022.2 (from 7.3), Email+ would not log into previously existing POP or IMAP servers, complaining about authentication errors:

Email+ POP Server: POP server connection error: -ERR [AUTH] Unsupported authentication mechanism.

The mail server in question is a local server. The only way I was able to get the Email+ plugin to log in was to enable "cleartext" authentication (tried digest, Kerberos, Digest-MD5, APOP).

What authentication methods should Email+ support?

I assume you actually mean Indigo 2021.2?

What authentication methods should Email+ support?

It's more a case of what the server supports, as the plugin uses the standard Python POP library: https://docs.python.org/2.7/library/poplib.html

OK, well I need to do some sleuthing. Email+ is connecting to a dovecot server and IMAP and POP won't connect without "plaintext" passwords enabled.

That server is local to your network? Does it have valid SSL certs? Not being able to do SSL would require sending unencrypted passwords, which may require that option.

The server has a valid cert, and I'm using the proper name. The auth error occurs both when I've selected "SSL" or "None", so I don't *think* it is a SSL related issue. Thanks for the help....

Do you have debug logging turned on?

The Email+ debug log says:

Email+ Debug Email+ POP Server: Connecting to POP Server
Email+ Error Email+ POP Server: POP server connection error: -ERR [AUTH] Unsupported authentication mechanism.
Email+ Debug connErrorTriggerCheck: Checking Triggers for Device Email+ POP Server (1636847217)

The email server log is:
Apr 18 19:44:56 pop3-login: Info: Disconnected (tried to use unsupported auth mechanism): user=<>, method=PLAIN, rip=192.168.241.3, lip=192.168.241.3, TLS: Disconnected

The server thinks the Email+ plugin is requesting plain authentication, based on this log message.

If I configure Mail+ to use SSL, it works when the server is set to accept "plain" auth, so I think that rules out an SSL issue.

When "plain" is enabled in the server, the indigo log is:
Email+ Debug Email+ POP Server: Connecting to POP Server
Email+ Debug Email+ POP Server: No messages to process
Email+ Debug Email+ POP Server: Logged out from POP server

Server log is (user name redacted):
Apr 18 19:52:57 pop3-login: Info: Login: user=<******>, method=PLAIN, rip=192.168.241.3, lip=192.168.241.3, mpid=36403, TLS
Apr 18 19:52:57 pop3(pid 36403 user alert): Info: Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0

[matt (support)]

I believe Email+ only supports PLAIN authentication which means you should use SSL / TLS if you are concerned about the password being sent in-the-clear.

(Joe: I checked the code and the plugin is using the the user() and pass_() methods. It potentially could use apop() but that adds complexity because we'd have to sniff the welcome response from the mail server for a timestamp to see if it supports apop authen is supported. I believe apop is a pretty old technique and most mail servers / clients these days use SSL / TLS so everything is encrypted and the client/server don't have to worry about more complex authentication handshakes. That said, I might not know what I'm talking about on all this)

Personally, I would stop using POP entirely and switch to IMAP.

I'll set for ssl=required on the mail server to secure things.

Ideally, you have the tls/ssl *and* the password digest or other protection in case a client connects and blurts out a plaintext password, but clients are mostly better behaved these days.

Thanks for your help Joe and Matt..