From b0a66b687da99d84110267e9945abeb4a08c50b5 Mon Sep 17 00:00:00 2001
From: Michael Kaufmann <d00p@froxlor.org>
Date: Fri, 4 Nov 2022 19:59:30 +0100
Subject: [PATCH] allow plaintext_auth in dovecot by default in case no ssl
 certificate is used

Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
---
 lib/configfiles/bionic.xml   | 2 +-
 lib/configfiles/bookworm.xml | 1 +
 lib/configfiles/bullseye.xml | 2 +-
 lib/configfiles/buster.xml   | 2 +-
 lib/configfiles/focal.xml    | 2 +-
 lib/configfiles/jammy.xml    | 2 +-
 6 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/lib/configfiles/bionic.xml b/lib/configfiles/bionic.xml
index 256a0556..716600c8 100644
--- a/lib/configfiles/bionic.xml
+++ b/lib/configfiles/bionic.xml
@@ -2775,7 +2775,7 @@ iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
diff --git a/lib/configfiles/bookworm.xml b/lib/configfiles/bookworm.xml
index a5716938..e32f6e27 100644
--- a/lib/configfiles/bookworm.xml
+++ b/lib/configfiles/bookworm.xml
@@ -2480,6 +2480,7 @@ iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3
 						<file name="/etc/dovecot/conf.d/99-froxlor.conf" chown="root:0"
 							chmod="0644" backup="true">
 							<content><![CDATA[
+disable_plaintext_auth = no
 auth_mechanisms = plain login
 !include auth-sql.conf.ext
 mail_location = mbox:~/mail:INBOX=/var/mail/%u
diff --git a/lib/configfiles/bullseye.xml b/lib/configfiles/bullseye.xml
index 00aff1ed..8ffa8d5e 100644
--- a/lib/configfiles/bullseye.xml
+++ b/lib/configfiles/bullseye.xml
@@ -2737,7 +2737,7 @@ iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth and PAM require cache_key to be set for caching to be used.
diff --git a/lib/configfiles/buster.xml b/lib/configfiles/buster.xml
index fb6a6d64..7399af0d 100644
--- a/lib/configfiles/buster.xml
+++ b/lib/configfiles/buster.xml
@@ -2737,7 +2737,7 @@ iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
diff --git a/lib/configfiles/focal.xml b/lib/configfiles/focal.xml
index 7ad90eab..ef624cd6 100644
--- a/lib/configfiles/focal.xml
+++ b/lib/configfiles/focal.xml
@@ -2192,7 +2192,7 @@ iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
diff --git a/lib/configfiles/jammy.xml b/lib/configfiles/jammy.xml
index 82b5a878..5922bc84 100644
--- a/lib/configfiles/jammy.xml
+++ b/lib/configfiles/jammy.xml
@@ -2192,7 +2192,7 @@ iterate_query = "SELECT username AS user FROM mail_users WHERE (imap = 1 OR pop3
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.