email secure connection

I am connecting to my emailboxes (multiple accounts) with an email client. It's set for "TLS to dedicated port" for both incoming and outgoing, port 465 outgoing and 995 incoming. My connection logs typically show a successful TLS handshake, and then a "plain" authentication. So it looks like I'm logging in in plaintext. When I check the "require secure authentication", the connection gets denied, so I can't send/receive mail at all. This happens for all my email accounts, which are with multiple different vendors.
I have looked at the FAQ's and other sources, and I think the settings in my email accounts are correct for ssl login, so why can't I get a secure login?

 

I'm not an expert, though I do run an email server on WHS 2011 for personal use. It depends on what the email server has set for options. I only use Thunderbird, but can you try setting port 110/25 with the 'StartTLS' command, and encrypted password? If 25 doesn't work (sending), try 587.

You may still have an encrypted connection and are just logging in, in plain text, through the tunnel.

110/143/25 and 993/995/465 can both do encryption, one is called 'implicit' and the other 'explicit'.

It is my understanding that Implicit 'StartTLS' on 110/143/25/587, with 'Encrypted Password', is the most secure.

P

 

PaulyDefran,
Thanks for the comments. It is possible that my connection is encrypted, and it just shows as "plain" but is going through the tunnel. That would make sense because there is a successful TLS handshake prior to the "plain" authentication. Still, I wish there was a way I could make sure that the authentication is secure. I'm also puzzled about why when I check the "require secure authentication" box, the connections get denied no matter what email vendor I use. I have read from some sources that you are not getting a secure connection unless you check that box, and other sources suggest that that setting is just an automated way to set the ports to 465/995 and the connection type to TLS.

 

What client are you using? If it's not Thunderbird, there is a portable version of it you might try for diagnostic purposes. It will attempt to auto configure, and from there you can tweak the server settings. It might give you a better idea to what is going on.

P

 

If the connection is secure, why do you care if your password is sent in the clear inside the secure tunnel? Outsiders cannot get it anyway.