Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

iOS 9: Mail login for OSX server account only PLAIN?

Hi everybody,


I have upgraded my OS X Server to 10.11 El Capitan and Server 5.0.4. Also, iOS 9 has gained the convenient ability to add an OS X Server account with automatic setup for all services, so I went ahead and added my personal account on the server on my phone. Calendars, Contacts etc. are working fine, but there's a severe issue:


iOS Mail wants to authenticate to the server only through PLAIN login over TLS. When I set my Mail service authentication (Server.app -> Mail -> Authentication) to Open Directory, iOS Mail fails to connect and states “Logins are disabled on the server”. When I set authentication to “automatic” or “custom” with plaintext checked, it works just fine.

Adding an OS X server account on iOS offers no settings beside username + password. How can I convince iOS to use CRAM-MD5 or MD5-Digest authentication instead of PLAIN login? If that's not an option, how can I make sure that iOS sends no password unencrypted, i.e. before a TLS connection is established? At the moment, my router only forwards port 993 for IMAPS.

Mac mini Server (Mid 2010), Mac OS X (10.7.4)

Posted on Oct 13, 2015 12:05 AM

Reply
4 replies

Nov 9, 2015 4:56 PM in response to emailboy

I'm not sure editing anything in dovecot will help, as I have no issue manually configuring the OS X server account in iOS, with MD5, via IMAP. I'm thinking something is up with the iOS implementation. I'm pretty sure the new OS X mail account option in iOS 9 is also stuck with plain text, but will have to test to be sure.

Jan 4, 2016 6:27 AM in response to hemmes

PLAIN text authentication inside TLS/SSL is secure.

This is the preferred mechanism for many providers.

Ex: Rackspace dropped cram-md5 not long ago, they support PLAIN over TLS/SSL.



Somewhat related note

Digest-MD5 can cause serious issues (dovecot crashes) for an OS X Server. I alwas disable Digest-MD5.

Yosemite & ElCapitan Mail.app have the new "Automatically detect and maint account settings" option. This will cause Mail.app to attempt Digest-MD5, and thats when you might see dovecot crashing.

IMPORTANT: Cram-MD5 and Digest-MD5 are different. Cram works fine, Digest is the one with issues.

iOS 9: Mail login for OSX server account only PLAIN?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.