chore: Dovecot: disable_plaintext_auth => auth_allow_cleartext

Signed-off-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>

docs/content/config/security/ssl.md

@@ -791,7 +791,7 @@ Add this to `docker-data/dms/config/dovecot.cf`:
 
 ```cf
 ssl = yes
-disable_plaintext_auth=no
+auth_allow_cleartext = yes
 ```
 
 These options in conjunction mean:

target/dovecot/10-auth.conf

@@ -7,7 +7,7 @@
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-#disable_plaintext_auth = yes
+#auth_allow_cleartext = yes
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
@@ -96,7 +96,7 @@
 # Space separated list of wanted authentication mechanisms:
 #   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp skey
 #   gss-spnego
-# NOTE: See also disable_plaintext_auth setting.
+# NOTE: See also auth_allow_cleartext setting.
 auth_mechanisms = plain login
 
 ##

target/scripts/helpers/ssl.sh

@@ -345,18 +345,10 @@ function _setup_ssl() {
         -e '/smtpd_tls_auth_only/s|yes|no|' \
         "${POSTFIX_CONFIG_MASTER}"
 
-      # Dovecot configuration:
-      # https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/
-      # > The plaintext authentication is always allowed (and SSL not required) for connections from localhost, as they’re assumed to be secure anyway.
-      # > This applies to all connections where the local and the remote IP addresses are equal.
-      # > Also IP ranges specified by login_trusted_networks setting are assumed to be secure.
-      #
-      # no => insecure auth allowed, yes (default) => plaintext auth only allowed over a secure connection (insecure connection acceptable for non-plaintext auth)
-      local DISABLE_PLAINTEXT_AUTH='no'
-      # no => disabled, yes => optional (secure connections not required), required (default) => mandatory (only secure connections allowed)
-      local DOVECOT_SSL_ENABLED='no'
-      sed -i -r "s|^#?(disable_plaintext_auth =).*|\1 ${DISABLE_PLAINTEXT_AUTH}|" /etc/dovecot/conf.d/10-auth.conf
-      sed -i -r "s|^(ssl =).*|\1 ${DOVECOT_SSL_ENABLED}|" "${DOVECOT_CONFIG_SSL}"
+      # ref: https://doc.dovecot.org/2.4.1/core/summaries/settings.html#auth_allow_cleartext
+      sed -i -r "s|^#?(auth_allow_cleartext =).*|\1 no|" /etc/dovecot/conf.d/10-auth.conf
+      # ref: https://doc.dovecot.org/2.4.1/core/summaries/settings.html#ssl
+      sed -i -r "s|^(ssl =).*|\1 no|" "${DOVECOT_CONFIG_SSL}"
       ;;
 
     ( 'snakeoil' ) # This is a temporary workaround for testing only, using the insecure snakeoil cert.