You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp
= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date
"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date
"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp
= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 31.01.2017 09:06, Poliman - Serwis wrote: > I set up cram-md5 using this tutorial > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > passdb code block: > listen = *,[::] > protocols = imap pop3 > #auth_mechanisms = plain login cram-md5 > auth_mechanisms = cram-md5 plain login > #dodana nizej linia > ssl = required > disable_plaintext_auth = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_privileged_group = vmail > postmaster_address = postmaster@vps342401.ovh.net > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > ssl_prefer_server_ciphers = yes > ssl_dh_parameters_length = 2048 > > > mail_max_userip_connections = 100 > passdb { > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > Of course I created cram-md5.pwd file. All mails go out and come nicely. > But after I want to do default settings by commented out these two lines: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > and uncomment > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > I can't send emails - I use Thunderbird - get error "logging on server > mail.example.com not work out". Error in logs: > dovecot: auth-worker(22698): Error: Auth worker sees different > passdbs/userdbs than auth server. > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > Is it possible that hashed password from cram-md5.pwd file was written to > database (if yes then where - I have ISPconfig)? I wasn't change any userdb > {} block and this second userdb block has this same lines like default > settings in passdb block. > Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki