Is there any strange thing in these config lines?
2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> You are probably wanting to do > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > passdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > Why you want to use cram-md5 is beyond me, because using SSL is much > more safer. > > Aki > > On 01.02.2017 09:41, Poliman - Serwis wrote: >> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >> After restart all work perfectly. But after I added: >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
>> should be changed to resolve this issue. Should I remove "login" from >> auth_mechanism ("login" was default setting and I would like to move back >> to default settings)? >> >> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >> >>> Because cram-md5 needs the user's password for calculating responses, it >>> cannot work with hashed passwords (one-way encrypted). The only >>> supported password schemes are PLAIN and CRAM-MD5. >>> >>> Aki >>> >>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>> I always restart dovecot after change config. ;) Sure, I commented out >>>> added two lines by me, restarted dovecot and here it is: >>>> >>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>> auth_mechanisms = plain login cram-md5 >>>> listen = *,[::] >>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>> mail_max_userip_connections = 100 >>>> mail_plugins = " quota" >>>> mail_privileged_group = vmail >>>> passdb { >>>> args = /etc/dovecot/dovecot-sql.conf >>>> driver = sql >>>> } >>>> plugin { >>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>> sieve = /var/vmail/%d/%n/.sieve >>>> sieve_max_redirects = 25 >>>> } >>>> postmaster_address = postmaster@example.com >>>> protocols = imap pop3 >>>> service auth { >>>> unix_listener /var/spool/postfix/private/auth { >>>> group = postfix >>>> mode = 0660 >>>> user = postfix >>>> } >>>> unix_listener auth-userdb { >>>> group = vmail >>>> mode = 0600 >>>> user = vmail >>>> } >>>> user = root >>>> } >>>> service imap-login { >>>> client_limit = 1000 >>>> process_limit = 512 >>>> } >>>> service lmtp { >>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>> group = postfix >>>> mode = 0600 >>>> user = postfix >>>> } >>>> } >>>> ssl = required >>>> ssl_cert = >>> ssl_cipher_list = >>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>> ssl_dh_parameters_length = 2048 >>>> ssl_key = >>> ssl_prefer_server_ciphers = yes >>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>> userdb { >>>> driver = prefetch >>>> } >>>> userdb { >>>> args = /etc/dovecot/dovecot-sql.conf >>>> driver = sql >>>> } >>>> protocol imap { >>>> mail_plugins = quota imap_quota >>>> } >>>> protocol pop3 { >>>> mail_plugins = quota >>>> pop3_uidl_format = %08Xu%08Xv >>>> } >>>> protocol lda { >>>> mail_plugins = sieve quota >>>> postmaster_address = webmaster@localhost >>>> } >>>> protocol lmtp { >>>> mail_plugins = quota sieve >>>> postmaster_address = webmaster@localhost >>>> } >>>> >>>> >>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>> >>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>> This is debug log files in syslog: >>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ > 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>> m5ldD4= >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as > user, >>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, >>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>> userdb_mail, >>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') >>> AS >>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = > '1' >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>>> but we >>>>>> have only CRYPT >>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 > authentication >>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>> dD4= >>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do > echo >>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ > 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>> m5ldD4= >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as > user, >>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, >>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>> userdb_mail, >>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') >>> AS >>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = > '1' >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >>> but >>>>> we >>>>>> have only CRYPT >>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>> >>>>>> >>>>>> >>>>>> ##################### >>>>>> I added in dovecot.conf lines in passdb block: >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> and commented out default lines >>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>> #driver = sql >>>>>> When I try set again default lines I got above error >>>>> Can you run doveconf -n with the configuration that causes the above >>>>> error? Also it clearly does SQL lookup, so that error is happening > with >>>>> SQL passdb. You need to remember to restart dovecot between >>>>> configuration changes. >>>>> >>>>> Aki >>>>> >>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>> >>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>> I set up cram-md5 using this tutorial >>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>> /etc/dovecot/dovecot.conf >>>>> in >>>>>>>> passdb code block: >>>>>>>> listen = *,[::] >>>>>>>> protocols = imap pop3 >>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>> #dodana nizej linia >>>>>>>> ssl = required >>>>>>>> disable_plaintext_auth = yes >>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>> mail_privileged_group = vmail >>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>> ssl_cert = >>>>>>> ssl_key = >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>> ssl_cipher_list = >>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>> >>>>>>>> >>>>>>>> mail_max_userip_connections = 100 >>>>>>>> passdb { >>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>> # driver = sql >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> } >>>>>>>> userdb { >>>>>>>> driver = prefetch >>>>>>>> } >>>>>>>> userdb { >>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>> driver = sql >>>>>>>> } >>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>> nicely. >>>>>>>> But after I want to do default settings by commented out
two
>>>>> lines: >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> and uncomment >>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>> # driver = sql >>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>> server >>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>> passdbs/userdbs than auth server. >>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>> >>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>> written >>>>> to >>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change > any >>>>>>> userdb >>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( password( these like
>>> default >>>>>>>> settings in passdb block. >>>>>>>> >>>>>>> Try >>>>>>> >>>>>>> auth_debug=yes >>>>>>> auth_verbose=yes >>>>>>> >>>>>>> and see if it gives any more reasonable messages. >>>>>>> >>>>>>> Aki >>>>>>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*