strange interaction with MacOSX calendar server

Jim Reid jim at rfc1035.com
Thu Jan 7 23:22:01 UTC 2016 

I’ve installed and configured Apple’s calendar server. It seems to be working just fine.

However it keeps trying to speak to my IMAP server — don’t know why — and the authentication attempts fail every 30 seconds or so.

Here’s what’s in the calendar server logs:
2016-01-07 22:42:38+0000 [-] [caldav-1]  [IMAP4DownloadProtocol (TLSMemoryBIOProtocol),client] [txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error] IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:08+0000 [-] [caldav-1]  [IMAP4DownloadProtocol (TLSMemoryBIOProtocol),client] [txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error] IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:39+0000 [-] [caldav-1]  [IMAP4DownloadProtocol (TLSMemoryBIOProtocol),client] [txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error] IMAP login failed for com.apple.calendarserver

And in dovecot’s logs I see:
Jan  7 22:47:43 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2 attempts in 4 secs): user=<com.apple.calendarserver>, method=PLAIN, rip=195.54.233.70, lip=195.54.233.70, TLS, session=<wkMAQsYoVADDNulG>
Jan  7 22:48:10 hutch dovecot[63067]: auth-worker(65378): Error: pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission denied
Jan  7 22:48:14 --- last message repeated 1 time ---
Jan  7 22:48:14 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2 attempts in 4 secs): user=<com.apple.calendarserver>, method=PLAIN, rip=195.54.233.70, lip=195.54.233.70, TLS, session=<dSvTQ8YoXQDDNulG>
Jan  7 22:48:40 hutch dovecot[63067]: auth-worker(65378): Error: pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission denied
Jan  7 22:48:44 --- last message repeated 1 time —

I tweaked dovecot to use AUTH PLAIN as well as CRAM-MD5. [The MD5 stuff has always worked fine for SMTP and IMAP over TLS.] I think /etc/pam.d/dovecot is OK too:

% cat /etc/pam.d/dovecot 
#
#	as documented on Dovecot wiki
auth       required       pam_opendirectory.so try_first_pass
account    required       pam_nologin.so
account    required       pam_opendirectory.so
password   required       pam_opendirectory.so

Here’s my dovecot.conf:

# 2.2.5: dovecot.conf
# OS: Darwin 12.5.0 x86_64  
auth_mechanisms = plain login cram-md5
base_dir = /var/run/dovecot/
listen = *, [::]
mail_debug = yes
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  hidden = yes
  inbox = yes
  list = no
  location = mbox:~/mail:INBOX=/var/mail/%u
  prefix = "#mbox/"
  separator = /
  type = private
}
namespace {
  inbox = no
  list = yes
  location = maildir:/var/imap/%u:LAYOUT=fs
  prefix = 
  separator = /
  type = private
}
passdb {
  driver = pam
  args = failure_show_msg=yes
}
passdb {
  args = /usr/local/etc/dovecot-md5
  driver = passwd-file
}
protocols = imap
service auth {
  executable = /usr/local/libexec/dovecot/auth
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = root
}
service imap-login {
  client_limit = 32
  executable = /usr/local/libexec/dovecot/imap-login
  inet_listener imap {
    port = 0
  }
  process_limit = 128
  process_min_avail = 3
  service_count = 1
  vsz_limit = 64 M
}
service imap {
  executable = /usr/local/libexec/dovecot/imap
  process_limit = 32
}
service pop3-login {
  client_limit = 32
  process_limit = 128
  process_min_avail = 3
  service_count = 1
  vsz_limit = 64 M
}
service pop3 {
  process_limit = 32
}
ssl_cert = </usr/local/etc/ssl/certs/dovecot.pem
ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_key = </usr/local/etc/ssl/private/dovecot.pem
syslog_facility = local4
userdb {
  driver = passwd
}
protocol imap {
  mail_max_userip_connections = 10
  mail_plugin_dir = /usr/local/lib/dovecot/imap
}
protocol lda {
  postmaster_address = postmaster at example.com
}

Can someone please explain what’s going on and how to fix/troubleshoot it? Thanks.

The endless error messages in the log don’t seem to be causing any problems to either the mail setup or the calendaer server. Famous last words… However they are a bit annoying and probably point to an underlying problem or misconfiguration that really should be fixed. By the way, the password used by the calendar server is for my MacOSX login (which should be getting picked up via PAM, right?) while a different one is used for the SMTP/IMAP MD5 challenge-response.

I hope someone can clear up my confusion.

More information about the dovecot mailing list