Solved Dovecot Update

floyd

Verified User
Joined
Mar 29, 2005
Messages
6,270
I updated dovecot through custom build. Soon after my users started complaining of this error:

Code:
Authentication error.
Server returned error "[AUTH] Cleartext authentication disallowed on non-secure
(SSL/TLS) connections."

I figured out how to solve the problem. https://docs.directadmin.com/other-hosting-services/dovecot/customizing-dovecot.html

However I think there should be some kind of warning before making such a major change. In fact it should not make that change at all. If I want to make that kind of change then I will do it.
 
In fact it should not make that change at all.
It's a Dovecot version change, not a DA change. Also some other things were changed in the new Dovecot version. And it was announced in the release. You always have the choice to either update or not.
 
Who makes the changes is not the point. Anytime ANYONE makes changes that could adversely affect customers a warning should be given. We should be given the choice of accepting that change or not. But I can see I am alone in this thinking so I will shut up now because I must live in a different world that the rest. I believe in making my own choices rather than them being forced upon me. Let me choose to disable cleartext authentication.
 
But I can see I am alone in this thinking
Depends on what you mean by a warning. But you're not alone in the thinking that on important changes a warning should be given. I have the same opinion.
But the warning was given in the release overview, even with red exclamation marks, which can be seen as a warning, like this:
‼️ Disable POP / IMAP authentication over non-encrypted connections custombuild improved

To me that is a warning to at least check what it does. So as of that point, there is the choice to do the upgrade or don't.
I don't see any other software around the world that I personally know of, that give other kinds of warnings.

So I do agree with you, but it looks like either you missed the warning given, or expected some other kind of warning.
 
So I do agree with you, but it looks like either you missed the warning given, or expected some other kind of warning.

Probably DA developers could print release notes on the update page in DirectAdmin. So if admins use DA interface they would need to click a confirm button, before a task for an upgrade of DA is submitted.

The same way could they print release notes and/or warning in CLI, when run da update and no warning with da update --accept=yes

This way admin could not complain about critical changes accepted with an upgrade.

@fln
 
Warnings of some sort would be great, no doubt. But I am also concerned when an update actually changes the configuration. I get that updates might have new features. But enabling these features should be my choice. It should not be done for me. I hope this is not the road Dovecot is going down or any other software.
 
Back
Top