Categories

Backup & Restore
4
Billing
2
CloudLinux
10
cPanel
24
Databases
11
Domains
10
Email
18
FTP
9
General
3
ISPConfig
5
Linux
3
Mail Filters & SPAM
9
Mobile
11
Nextcloud
1
Other
3
Plesk
46
Security
11
Softaculous
70
SSL
5
Tutorials
2
WHM
13
WordPress
22

  Categories

  Tag Cloud

account address Admin affiliate api apple apple email setup guide apple mail setup guide Archive Authentication Autoresponder backups billing blog cli Cloud Compliance contact create cron cryptocurrency Dashboard debian Dedicated Deliverability DIGEST-MD5 directories disk space disk usage DKIM DMARC Docker domain domains Dovecot email email account setup email client emails error files Filtering form forward forwarder forwarding hosting imap inodes IPv6 ispconfig large mailboxes Limits linux list lists local log Login macbook mail mail setup mailbox microsoft migration monero mozilla name Nextcloud occ Office 2024 LTS open source outlook outlook alternative payment PCI Performance permissions pgp encryption Phishing PHPMyAdmin plesk pointing POPIA Private PST RAID register registration rest rsync saving scheduled search security Server set up setup softaculous Software spam SPF Spoofing Storage support thunderbird TLS tools transfer troubleshooting tutorial Ubuntu User website whois Windows WordPress wp wp-cron.php

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Outlook IMAP login fails with correct password due to DIGEST-MD5 on Plesk mail server Print

  • Outlook, imap, Authentication, Plesk, Dovecot, DIGEST-MD5, Office 2024 LTS
  • 0

Summary

Some Outlook (Office 2021/2024 LTS) clients fail to log in via IMAP even when the correct password is used. Outlook shows a “check credentials” error. Webmail and Thunderbird work. The root cause is the server advertising the legacy DIGEST-MD5 authentication mechanism, which Outlook attempts first and fails to use.

Diagnosis (Plesk on Debian: logs at /var/log/maillog)

Replace user@example.com with the affected mailbox.

1) Show all IMAP auth activity for the user

grep -F "imap-login" /var/log/maillog | grep -F "user=<user@example.com>"

Compare failures vs successes. Look for the method= field.

2) Highlight failing attempts only

grep -F "imap-login" /var/log/maillog | grep -F "user=<user@example.com>" | grep -i "auth failed"

Typical failing line:

dovecot[...]: imap-login: Disconnected: Connection closed (auth failed, 1 attempts ...): user=<user@example.com>, method=DIGEST-MD5, ...

3) See which auth methods Outlook is attempting (quick summary)

grep -F "imap-login" /var/log/maillog | grep -F "user=<user@example.com>" | grep -o "method=[^,)]*" | sort | uniq -c

If you see counts for method=DIGEST-MD5 alongside successful method=PLAIN, you’ve confirmed the Outlook/DIGEST-MD5 issue.

4) Watch live while user retries from Outlook

tail -f /var/log/maillog | grep -F "user=<user@example.com>"

5) Verify what the server advertises

doveconf -n | grep -i "^auth_mechanisms"

Default often includes digest-md5, which triggers Outlook’s bad path.

Cause

auth_mechanisms = plain login digest-md5 cram-md5 apop

Outlook tries DIGEST-MD5 first and fails; it does not reliably fall back to PLAIN. Thunderbird and webmail go straight to PLAIN over TLS, so they work.

Resolution (Plesk-supported)

  1. Create an override file to restrict mechanisms (do not edit default files): 
    echo "auth_mechanisms = plain login" > /etc/dovecot/conf.d/00-auth_mechs.conf
  2. Reload or restart Dovecot: 
    systemctl reload dovecot
# or
systemctl restart dovecot
  3. Confirm the change: 
    doveconf -n | grep -i "^auth_mechanisms"
# Expected:
auth_mechanisms = plain login
  4. Optionally confirm capabilities on 993 (pre-auth should no longer show DIGEST-MD5): 
    openssl s_client -connect mail.example.com:993 -crlf
a CAPABILITY
b LOGOUT
  5. Retest Outlook. It should now succeed using PLAIN over TLS.

Notes

  • This is a server-wide change on the Plesk host (Postfix + Dovecot).
  • Using PLAIN/LOGIN over TLS is the recommended modern approach; legacy DIGEST-MD5/CRAM-MD5/APOP are obsolete and cause Outlook interoperability issues.
  • SMTP auth errors mentioning DIGEST-MD5 will also disappear if Postfix uses Dovecot SASL (Plesk default).

Was this answer helpful?

Related Articles

Why some email apps stop working after a mail security upgrade From time to time, you may notice that an email program which previously worked suddenly starts... Why Outlook mailboxes over 50 GB may cause corruption issues When using Microsoft Outlook, very large mailboxes can cause performance issues and even file... Winmail.dat attachments: cause, impact, and fixes (Microsoft TNEF) Summary: If your recipients see a single winmail.dat file instead of normal attachments, the...
« Back

  Tag Cloud

account address Admin affiliate api apple apple email setup guide apple mail setup guide Archive Authentication Autoresponder backups billing blog cli Cloud Compliance contact create cron cryptocurrency Dashboard debian Dedicated Deliverability DIGEST-MD5 directories disk space disk usage DKIM DMARC Docker domain domains Dovecot email email account setup email client emails error files Filtering form forward forwarder forwarding hosting imap inodes IPv6 ispconfig large mailboxes Limits linux list lists local log Login macbook mail mail setup mailbox microsoft migration monero mozilla name Nextcloud occ Office 2024 LTS open source outlook outlook alternative payment PCI Performance permissions pgp encryption Phishing PHPMyAdmin plesk pointing POPIA Private PST RAID register registration rest rsync saving scheduled search security Server set up setup softaculous Software spam SPF Spoofing Storage support thunderbird TLS tools transfer troubleshooting tutorial Ubuntu User website whois Windows WordPress wp wp-cron.php

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket