Question DIGEST-MD5 and CRAM-MD5 (Microsoft Outlook 365 Email collection)

[MHC_1]

Server operating system version

AlmaLinux 9.6

Plesk version and microupdate number

Obsidian 18.0.73

We have a client with MS Outlook 365 and inability to access emails on the server.

Having a look at the logs the failure is caused by a connection attempt using DIGEST-MD5 .

Having a check of other emails they are connecting ok choosing CRAM-MD5

Seeing This topic: Resolved - Plesk 18.0.73 - postfix/smtpd fatal: no SASL authentication mechanisms it suggests having multiple mechanisms;

And checking our SMTPd.conf file this shows:

pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN

Which to me implies we can use both DIGEST-MD5 or CRAM-MD5 .

There is a lot of documentation online showing that CRAM-MD5 is less secured than DIGEST-MD5 but also that Microsoft Outlook doesn't handle DIGEST-MD5 that well and often fails.
WE have also found this Plesk documentation: Cannot set up Plesk mail IMAP account in Outlook: SASL DIGEST-MD5 authentication failed: authentication failure - Support Cases from Plesk Knowledge Base

So , this is a Microsoft issue rather than a server issue, so I really want some confirmation on my belief that if we remove DIGEST-MD5 from the "mech-list" will MS Outlook265 try to connect by CRAM-MD5 and therefore more likely connect ok?

 

[MHC_1]

Ok so checking the logs; 193 of 237 connections in the last 36 hours shows authentication failed using DIGEST-MD5. I think we should disable DIGEST-MD5

 

[Sebahat.hadzhi]

@MHC_1 , Outlook is known to have compatibility issues with DIGEST-MD5. It is indeed recommended to disable the method:

• https://support.plesk.com/hc/en-us/...ASL-authentication-failure-On-Plesk-for-Linux