Some POP3 clients generate an authentication error in the security log, but successfully download new email

Issue encountered

The security log is reporting the following event:

[19/Jul/2006 16:46:47] Failed POP3Post Office Protocol 3 - A protocol used by local email clients to retrieve emails from mailboxes over a TCP/IP connection. login from 10.0.0.187, user someone@domain.com

Cause

Typically this simply means that the user provided the wrong password. In some cases, you may find that the mail client doesn't report any problems, and succesfully downloads new email. This is because the mail client tries to use a secure authentication method that fails, so it switches to insecure authentication.

Solution

In most cases, the client should be able to use secure authentication. There are some circumstances however, when secure authentication cannot be used.

Password is stored in SHA format

In the edit dialog of any user, there is a checkbox to store user passwords in SHA format. If this option is selected, the client will not be able to use any type of secure authentication method. It is recommended therefore to use an SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks. connection and Plain Authentication.

Users are mapped from a Directory Service

If Kerio MailServer is mapping users from a Directory Service, the password is managed by the Directory Server. In order to verify credentials against the Directory Server, Kerio Connect must receive the password in Plain Text. To ensure secure communication, it is recommended to use an SSL connection between the mail client and Kerio Connect. The communication between Kerio Connect and the Directory Server is secured by KerberosAn authentication protocol for client/server applications..