Authentication Problem with dovecot-2.3.0.1
Aki Tuomi
aki.tuomi at dovecot.fi
Thu Mar 8 09:09:23 EET 2018
On 07.03.2018 22:07, Odhiambo Washington wrote:
> I am a little confused here.
>
> I have been running 2.2.34 which I installed in /opt/dovecot2.2
> I installed 2.3.0.1 to /opt/dovecot23
>
> I then used config files from /opt/dovecot2.2/etc/dovecot to
> /opt/dovecot2.3/etc/dovecot and all I did was sed -i.BAK
> 's/dovecot2.2/dovecot2.3/g'. Dovecot started and was running file.
>
> Next, I manually crafted config files for 2.3.0.1 based on the example
> config files provided which diff-ing those with what I had for 2.2.34.
> I doub't if I missed something crucial during the process.
>
> 1. I realized that I cannot start 2.3.0.1 when I enable submission,
> since my Exim MTA is already using that port. This persists even if I
> tell the submission protocol to use a different port than 587. I
> tested 2587, but it would appear that 587 is hard-coded!
>
> 2. I realize that "unix_listener auth-client" service ceased to exist!
>
> 3. *I realized that while 2.2.34 runs with default_pass_scheme =
> MD5-CRYPT, 2.3.0.1 would not run with it.*
> *
> *
> 4. I have run dovecot -n from my 2.2.x installation and 2.3.x
> installation and here is the diff from the two files.
>
> I am confused why authentication is failing with dovecot-2.3.0.1 when
> it uses 2.3.x config files using MD5-CRYPT scheme while it is
> succeeding with dovecot-2.2.34 using the same.
> *Mar 07 22:30:22 auth: Info: sql(user.name at domain.name
> <mailto:user.name at domain.name>,192.168.55.97,<4CETl9dmscvAqDdh>):
> Requested DIGEST-MD5 scheme, but we have only MD5-CRYPT*
>
> Maybe the problem is elsewhere??? I need a 3rd eye to help me.
>
> For now
>
> root at gw:~wash/public_html # sdiff dovecot-2.2.txt dovecot-2.3.txt | less
> # 2.2.34 (874deae): /opt/dovecot2.2/etc/dovecot/dovecot.conf | #
> 2.3.0.1 (ffd8a29): /opt/dovecot2.3/etc/dovecot/dovecot.conf
> # OS: FreeBSD 9.3-STABLE i386 ufs # OS:
> FreeBSD 9.3-STABLE i386 ufs
> # Hostname: localhost <
> auth_cache_size = 20 M
> auth_cache_size = 20 M
> auth_master_user_separator = *
> auth_master_user_separator = *
> auth_mechanisms = plain login digest-md5
> auth_mechanisms = plain login digest-md5
> auth_socket_path = /var/run/dovecot/auth-userdb
> auth_socket_path = /var/run/dovecot/auth-userdb
> base_dir = /var/run/dovecot/
> base_dir = /var/run/dovecot/
> default_login_user = dovecot
> default_login_user = dovecot
> disable_plaintext_auth = no
> disable_plaintext_auth = no
> first_valid_gid = 0
> first_valid_gid = 0
> first_valid_uid = 26
> first_valid_uid = 26
> hostname = gw hostname
> = gw
> info_log_path = /var/log/dovecot.log
> info_log_path = /var/log/dovecot.log
> mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE
> mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE
> mail_plugins = " quota" <
> namespace inbox {
> namespace inbox {
> inbox = yes
> inbox = yes
> location =
> location =
> mailbox Drafts {
> mailbox Drafts {
> special_use = \Drafts
> special_use = \Drafts
> } }
> mailbox Junk {
> mailbox Junk {
> special_use = \Junk
> special_use = \Junk
> } }
> mailbox Sent {
> mailbox Sent {
> special_use = \Sent
> special_use = \Sent
> } }
> mailbox "Sent Messages" {
> mailbox "Sent Messages" {
> special_use = \Sent
> special_use = \Sent
> } }
> mailbox Trash {
> mailbox Trash {
> special_use = \Trash
> special_use = \Trash
> } }
> prefix = prefix =
> } }
> passdb { passdb {
> args = /opt/dovecot2.2/etc/dovecot/passwd.master_users.ext | args
> = /opt/dovecot2.3/etc/dovecot/passwd.master_users.ext
> driver = passwd-file
> driver = passwd-file
> master = yes
> master = yes
> pass = yes pass
> = yes
> } }
> passdb { passdb {
> args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args
> = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> driver = sql
> } }
> plugin { plugin {
> mail_log_fields = uid box msgid size
> mail_log_fields = uid box msgid size
> quota_rule = *:storage=1G
> quota_rule = *:storage=1G
> quota_rule2 = Trash:storage=+100M
> quota_rule2 = Trash:storage=+100M
> quota_warning = storage=95%% quota-warning 95 %u
> quota_warning = storage=95%% quota-warning 95 %u
> quota_warning2 = storage=80%% quota-warning 80 %u
> quota_warning2 = storage=80%% quota-warning 80 %u
> quota_warning3 = -storage=100%% quota-warning below %u
> quota_warning3 = -storage=100%% quota-warning below %u
> } }
> service auth {
> service auth {
> unix_listener auth-client { <
> mode = 0600 <
> user = mailnull <
> }
> <
> unix_listener auth-userdb {
> unix_listener auth-userdb {
> group = mailnull
> group = mailnull
> user = mailnull
> user = mailnull
> } }
> } }
> service quota-warning {
> service quota-warning {
> executable = script /opt/dovecot2.2/scripts/quota-warning.s |
> executable = script /opt/dovecot2.3/scripts/quota-warning.s
> unix_listener quota-warning {
> unix_listener quota-warning {
> user = mailnull
> user = mailnull
> } }
> user = dovecot user
> = dovecot
> } }
> ssl_cert = </usr/local/etc/letsencrypt/live/gw.crownkenya.com
> <http://gw.crownkenya.com> ssl_cert =
> </usr/local/etc/letsencrypt/live/gw.crownkenya.com
> <http://gw.crownkenya.com>
> ssl_key = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> >
> submission_max_mail_size = 4 G
> userdb { userdb {
> args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args
> = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext
> driver = sql
> driver = sql
> } }
> protocol lda { <
> mail_plugins = quota <
> } <
> protocol imap {
> protocol imap {
> mail_max_userip_connections = 5
> mail_max_userip_connections = 5
> mail_plugins = " quota imap_quota" <
> } }
> protocol pop3 { |
> protocol lda {
> mail_max_userip_connections = 5 |
> mail_plugins = quota
> } }
>
>
> Maybe I am just suffering brainlock and need to debug auth further,
> but I have see a question about this auth issue already from another
> poster, and it's not been answered by anyone.
>
>
>
>
Can you send 'doveconf -n' for the 2.3.0.1 instance?
Also. You cannot use hashed passwords with DIGEST-MD5. MD5-CRYPT is
hashed password scheme.
To change dovecot's submission service port, use
service submission-login {
inet_listener {
port = 2587
}
}
"auth-client" cannot be missing, since you can specify arbitrary
listeners in dovecot, so
https://wiki.dovecot.org/HowTo/EximAndDovecotSASL is still quite valid.
Aki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180308/a3f2b6fe/attachment-0001.html>
More information about the dovecot
mailing list