I'm seeing lots of: Jun 2 00:00:05 thebighonker exim[57437]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51339 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57439]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51363 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57438]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51355 I=[192.147.25.65]:465: 535 Incorrect authentication data (set_id=web) Jun 2 00:00:06 thebighonker exim[57443]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51385 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker exim[57442]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51368 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker exim[57441]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51361 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker exim[57440]: dovecot_login authenticator failed for ec2-52-40-16-7.us-west-2.compute.amazonaws.com (ADM IN) [52.40.16.7]:51362 I=[192.147.25.65]:465: 435 Unable to authenticate at present: authentication socket read error or premature e of Jun 2 00:00:06 thebighonker dovecot: auth: Fatal: master: service(auth): child 55916 killed with signal 11 (core not dumped - set s ervice auth { drop_priv_before_exec=yes })
The suggestion to drop_priv_before_exec=yes breaks auth totally.
doveconf -n:
# 2.2.30.1 (eebd877): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.18 (29cc74d)
# OS: FreeBSD 11.0-STABLE amd64
auth_default_realm = lerctr.org
auth_mechanisms = plain login
auth_realms = lerctr.org thebighonker.lerctr.org tbh.lerctr.org
auth_username_format = %Ln
default_vsz_limit = 1 G
deliver_log_format = msgid=%m: %$ (subject=%s from=%f size=%w)
lda_mailbox_autocreate = yes
listen = 192.147.25.65, ::
lmtp_save_to_detail_mailbox = yes
login_access_sockets = tcpwrap
mail_attribute_dict = file:%h/mail/.imap/dovecot-mail-attributes
mail_debug = yes
mail_location = mbox:~/mail:INBOX=~/mail/INBOX
mail_plugins = " fts fts_solr notify stats virtual"
mail_privileged_group = mail
mail_server_admin = mailto:ler@lerctr.org
mail_server_comment = LERCTR Mail Server
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader mboxmetadata servermetadata imapsieve vnd.dovecot.imapsieve
namespace archive {
hidden = no
list = no
location = mbox:~/MAIL-ARCHIVE
prefix = ARCHIVE/
separator = /
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox INBOX {
auto = create
}
mailbox Junk {
special_use = \Junk
}
mailbox SA/FN {
special_use = \Junk
}
mailbox SENT {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox virtual/Flagged {
special_use = \Flagged
}
mailbox virtual/all {
special_use = \All
}
prefix =
}
namespace virtual {
hidden = no
list = yes
location = virtual:~/MAIL-VIRTUAL:INDEX=MEMORY
prefix = Virtual/
separator = /
}
passdb {
args = failure_show_msg=yes session=yes max_requests=20
driver = pam
}
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://thebighonker.lerctr.org:8983/solr/dovecot/
fts_tika = http://localhost:9998/tika/
imapsieve_url = sieve://thebighonker.lerctr.org
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append
mail_log_fields = uid box msgid size from subject vsize flags
recipient_delimiter = +
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +editheader +vacation-seconds +mboxmetadata +servermetadata
sieve_plugins = sieve_imapsieve
stats_command_min_time = 1 mins
stats_domain_min_time = 12 hours
stats_ip_min_time = 12 hours
stats_memory_limit = 16 M
stats_refresh = 5s
stats_session_min_time = 15 mins
stats_track_cmds = yes
stats_user_min_time = 1 hours
}
protocols = imap pop3 lmtp sieve
service auth {
unix_listener auth-client {
mode = 0666
}
unix_listener auth-master {
mode = 0666
}
}
service indexer-worker {
drop_priv_before_exec = yes
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0666
user =
}
fifo_listener stats-user {
group =
mode = 0666
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
service tcpwrap {
unix_listener login/tcpwrap {
group = $default_login_user
mode = 0600
user = $default_login_user
}
}
ssl_cert = </home/ler/letsencrypt-home/lerctr.org/fullchain.cer
ssl_cipher_list = EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+AESGCM:EECDH:EDH+AESGCM:EDH+aRSA:HIGH:!MEDIUM:!LOW:!aNULL:!eNULL:!LOW:!RC4:!MD5:!EXP:!PSK:!SRP:!DSS
ssl_key = # hidden, use -P to show it
ssl_protocols = !SSLv2 !SSLv3
userdb {
driver = passwd
}
verbose_proctitle = yes
protocol lmtp {
mail_plugins = " fts fts_solr notify stats virtual sieve mail_log"
}
protocol lda {
mail_plugins = " fts fts_solr notify stats virtual sieve mail_log"
}
protocol pop3 {
mail_plugins = " fts fts_solr notify stats virtual mail_log"
}
protocol !doveadm {
mail_plugins = " fts fts_solr notify stats virtual mail_log"
}
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
imap_logout_format = in=%i out=%o fhc=%{fetch_hdr_count} fhb=%{fetch_hdr_bytes} fbc=%{fetch_body_count} fbb=%{fetch_body_bytes} del=%{deleted} exp=%{expunged} trash=%{trashed}
imap_metadata = yes
mail_max_userip_connections = 50
mail_plugins = " fts fts_solr notify stats virtual mail_log imap_sieve imap_stats stats"
}
Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: larryrtx@gmail.com US Mail: 17716 Limpia Crk, Round Rock, TX 78664-7281