Gmail POP3 Accounts Error [AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections

by Geoff Jackson · Published April 29, 2015 · Updated April 29, 2015

When adding POP3 email accounts under Gmail’s ‘Check email from other accounts (using POP3):’ setting, you may encounter the following error message Server returned error "[AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections."

This refers to a configuration within Dovecot which is a module packaged on Apache servers. This module is an open source IMAP and POP3 email server for Linux.

We had to modify Dovecot’s configuration on a VPS running Plesk and if you are familiar with Plesk at all, you will know that they auto-generate countless configuration files on the server and often it is not a case of editing the original conf file that comes with the module, in this instance /etc/dovecot/dovecot.conf.

As per the note contained within dovecot.conf:-

# PLEASE DON'T EDIT ANYTHING IN THIS FILE! ANY CHANGES WILL BE LOST ON UPGRADE.
# Instead add your custom configuration to /etc/dovecot/conf.d/

To extend the dovecot.conf file, we had to navigate to /etc/dovecot/conf.d on the server:-

cd /etc/dovecot/conf.d

And then you can display the contents of the directory:-

ls

You will see the existing Plesk configuration files, they may look like this:-

10-plesk-security.conf

11-plesk-security-pci.conf

15-plesk-auth.conf

90-plesk-sieve.conf

The naming convention using numbers at the start represent the order in which they are loaded. At the bottom of dovecot.conf, you can find more details on this:-

# Customizable part of configuration gets included below. The filenames are # first sorted by their ASCII value and parsed in that order. The 00-prefixes # in filenames are intended to make it easier to understand the ordering. # # Prefixes 10 through 20 and 90 through 95 (inclusive) are reserved for Plesk. # Please do not occupy them or edit files with these prefixes!

So it’s important to not extend the dovecot.conf file with new configuration files that start with any number between 10 and 20 nor 90 to 95 (and also don’t use a number higher than 99).

We created a new conf file with the prefix 50:-

vi 50-gmail.conf

As the file doesn’t exist, it will create it as a new file, then you just need to configure the plaintext auth as per the error message received in Gmail (or can be any other email client/solution) "[AUTH] Plaintext authentication disallowed on non-secure (SSL/TLS) connections." by inserting the following into your new conf file:-

disable_plaintext_auth = no

You need to press the ‘Insert’ key on your keyboard to edit the file and once you have inserted the above, press the ‘Esc’ key to get to command mode, then type ‘:wq’ to save and exit.

Be sure to then restart the Dovecot service after saving your new conf file:-

/etc/init.d/dovecot restart

Then go back to Gmail (or whichever email client yielded the error) and retry connecting to your POP3 account. You should find it connects without error now, feel free to leave a comment below if any issues though.

Tags: email pop3

Geoff Jackson

Geoff Jackson (more commonly known by his online pseudonym zigojacko) is the founder of Design Haven and The Clubnet Group which hosts numerous agencies including the most widely recognised of them, Clubnet Digital, a full service digital marketing and creative design/development agency. He also has a personal blog but it doesn't get updated as much as he'd like.