Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: GSOY
GSOY Author
User level: Level 1
19 points

iOS 9: Mail login for OSX server account only PLAIN?

Hi everybody,


I have upgraded my OS X Server to 10.11 El Capitan and Server 5.0.4. Also, iOS 9 has gained the convenient ability to add an OS X Server account with automatic setup for all services, so I went ahead and added my personal account on the server on my phone. Calendars, Contacts etc. are working fine, but there's a severe issue:


iOS Mail wants to authenticate to the server only through PLAIN login over TLS. When I set my Mail service authentication (Server.app -> Mail -> Authentication) to Open Directory, iOS Mail fails to connect and states “Logins are disabled on the server”. When I set authentication to “automatic” or “custom” with plaintext checked, it works just fine.

Adding an OS X server account on iOS offers no settings beside username + password. How can I convince iOS to use CRAM-MD5 or MD5-Digest authentication instead of PLAIN login? If that's not an option, how can I make sure that iOS sends no password unencrypted, i.e. before a TLS connection is established? At the moment, my router only forwards port 993 for IMAPS.

Mac mini Server (Mid 2010), Mac OS X (10.7.4)

Posted on Oct 13, 2015 12:05 AM

Reply
4 replies
User profile for user: hemmes
hemmes
User level: Level 1
25 points

Nov 9, 2015 4:56 PM in response to emailboy

I'm not sure editing anything in dovecot will help, as I have no issue manually configuring the OS X server account in iOS, with MD5, via IMAP. I'm thinking something is up with the iOS implementation. I'm pretty sure the new OS X mail account option in iOS 9 is also stuck with plain text, but will have to test to be sure.

Reply
User profile for user: UptimeJeff
UptimeJeff
User level: Level 4
3,479 points

Jan 4, 2016 6:27 AM in response to hemmes

PLAIN text authentication inside TLS/SSL is secure.

This is the preferred mechanism for many providers.

Ex: Rackspace dropped cram-md5 not long ago, they support PLAIN over TLS/SSL.



Somewhat related note

Digest-MD5 can cause serious issues (dovecot crashes) for an OS X Server. I alwas disable Digest-MD5.

Yosemite & ElCapitan Mail.app have the new "Automatically detect and maint account settings" option. This will cause Mail.app to attempt Digest-MD5, and thats when you might see dovecot crashing.

IMPORTANT: Cram-MD5 and Digest-MD5 are different. Cram works fine, Digest is the one with issues.

Reply

iOS 9: Mail login for OSX server account only PLAIN?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up