Allow insecure authentication

Question

Level 1

9 points

Allow insecure authentication

After upgrading my iMac (late 2007 vintage) from OS10.9.5 to 10.11.6 I found that Mail will not send messages, with the error message:

"The server returned the error: Mail cannot send your password securely to the server. You can remove this restriction in the Accounts preferences by setting “Allow insecure authentication”, which could put your password at risk."

I first checked with my ISP/email provider, who advised me that due a difference between their system and Mail (which I won't pretend to understand), SSL must not be enabled. (Password is correct, and thus webmail access to my incoming mail is ok.) Advice was to contact Apple to see how to address SSL matter.

Apple Chat Support could not provide specific advice because the iMac in question is no longer supported but directed me to a https://support.apple.com/en-gb/guide/mail/cpmlprefacctadv/mac which seems to be tailored to OS10.14

After checking Mail>preferences>accounts I can see that SSL is already unchecked. (Password is correct, and thus webmail access to my incoming mail is ok.)

I later found the "Allow insecure authentication" option and unticked it, which has allowed me to receive email in Mail.

What this particular setting was before the upgrade I do not know. I've not changed the ISP/email details for several years. What are the implications of insecure authentication?

Mail version is 9.3.

Any insight appreciated please. Thank you.

Posted on Sep 15, 2019 8:17 AM

Reply

Answer 1

Best reply

MrHoffman

Community+ 2024

Level 10

118,185 points

Sep 15, 2019 8:34 AM in response to Fflobalob

If your ISP is not running SSL with mail, they’re.... well behind what’s considered current security practices, and I would want to find a different email provider. That’s leaking all your mail all over your network connections. Credit card info, password recovery messages, whatever. From home, that’s (probably) tolerable (to some folks). Remotely accessing mail from other networks, not so much.

Biggest issue with turning off SSL (and getting things to work) is making sure you’re on the appropriate TCP ports. TCP 110 for insecure POP, and TCP 143 for insecure IMAP. SMTP may be on TCP 587, TCP 465, or (maybe) on TCP 25.

But I’d find a different mail provider. Hosting plans are cheap, if you’re not inclined to use one of the free mail providers.

Reply

Answer 2

Fflobalob Author

Level 1

9 points

Sep 16, 2019 11:08 AM in response to MrHoffman

Thank you for your advice. I'm told by the ISP that the webmail access they provide to the email account is secure ( it begins with https:// etc ), so I'll restrict my access to that from now on. It's my understanding that SSL issues don't arise on PCs with, say Outlook, for the email access, it's just with Apple's Mail that it doesn't work, for some reason...

As long as I can find an alternative mail provider that doesn't repeat this SSL complication with Mail, your suggestion seems the way to proceed.

Thanks again.

Reply

Answer 3

Sep 16, 2019 12:25 PM in response to Fflobalob

Apple mail SSL works just fine, and it’s the default path.

Attempts to use insecure paths are generating diagnostics. As they should.

If any email ISP is telling you to use insecure ports for mail access, they’re inept, or uncaring, or foolish.

Reply

Allow insecure authentication

Similar questions