-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 1 Feb 2017, Poliman - Serwis wrote:
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something?
run
doveadm log find
as root.
Maybe: doveadm log errors
My config (default passdb block and auth_mechanisms, nothing more changed):
Is this still a question about CRAM ? I don't see it there.
root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
Error from mail.err: Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication mechanisms Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms
Error from syslog: Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from host9323131.internet.3s.com[12.34.45.56] Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process /usr/lib/postfix/smtpd pid 773 exit status 1 Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
/bin/date
"$line" >> /var/log/ispconfig/cron.log; do ne) Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date
"$line" >> /var/log/ispconfig/cron.log; done )2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
On 01.02.2017 09:51, Poliman - Serwis wrote: > It still use: > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > When I delete above and delete "cram-md5" in auth_mechanisms it still not > working. > > 2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> You are probably wanting to do >> passdb { >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> passdb { >> driver = sql >> args = /etc/dovecot/dovecot-sql.conf >> } >> >> Why you want to use cram-md5 is beyond me, because using SSL is much >> more safer. >> >> Aki >> >> On 01.02.2017 09:41, Poliman - Serwis wrote: >>> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >>> After restart all work perfectly. But after I added: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> I can't set default lines because I got error. Please tell me which lines >>> should be changed to resolve this issue. Should I remove "login" from >>> auth_mechanism ("login" was default setting and I would like to move back >>> to default settings)? >>> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> Because cram-md5 needs the user's password for calculating responses, it >>>> cannot work with hashed passwords (one-way encrypted). The only >>>> supported password schemes are PLAIN and CRAM-MD5. >>>> >>>> Aki >>>> >>>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>>> I always restart dovecot after change config. ;) Sure, I commented out >>>>> added two lines by me, restarted dovecot and here it is: >>>>> >>>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>>> auth_mechanisms = plain login cram-md5 >>>>> listen = *,[::] >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>> mail_max_userip_connections = 100 >>>>> mail_plugins = " quota" >>>>> mail_privileged_group = vmail >>>>> passdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> plugin { >>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>>> sieve = /var/vmail/%d/%n/.sieve >>>>> sieve_max_redirects = 25 >>>>> } >>>>> postmaster_address = postmaster@example.com >>>>> protocols = imap pop3 >>>>> service auth { >>>>> unix_listener /var/spool/postfix/private/auth { >>>>> group = postfix >>>>> mode = 0660 >>>>> user = postfix >>>>> } >>>>> unix_listener auth-userdb { >>>>> group = vmail >>>>> mode = 0600 >>>>> user = vmail >>>>> } >>>>> user = root >>>>> } >>>>> service imap-login { >>>>> client_limit = 1000 >>>>> process_limit = 512 >>>>> } >>>>> service lmtp { >>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>>> group = postfix >>>>> mode = 0600 >>>>> user = postfix >>>>> } >>>>> } >>>>> ssl = required >>>>> ssl_cert = >>>> ssl_cipher_list = >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>>> ssl_dh_parameters_length = 2048 >>>>> ssl_key = >>>> ssl_prefer_server_ciphers = yes >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>> userdb { >>>>> driver = prefetch >>>>> } >>>>> userdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> protocol imap { >>>>> mail_plugins = quota imap_quota >>>>> } >>>>> protocol pop3 { >>>>> mail_plugins = quota >>>>> pop3_uidl_format = %08Xu%08Xv >>>>> } >>>>> protocol lda { >>>>> mail_plugins = sieve quota >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> protocol lmtp { >>>>> mail_plugins = quota sieve >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> >>>>> >>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>> >>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>>> This is debug log files in syslog: >>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ >> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') AND
disablesmtp
= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>>>> but we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 >> authentication >>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>>> dD4= >>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do >> echo >>>>>>>
/bin/date
"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>>>/bin/date
"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ >> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') ANDdisablesmtp
= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >>>> but >>>>>> we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> ##################### >>>>>>> I added in dovecot.conf lines in passdb block: >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> and commented out default lines >>>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>>> #driver = sql >>>>>>> When I try set again default lines I got above error >>>>>> Can you run doveconf -n with the configuration that causes the above >>>>>> error? Also it clearly does SQL lookup, so that error is happening >> with >>>>>> SQL passdb. You need to remember to restart dovecot between >>>>>> configuration changes. >>>>>> >>>>>> Aki >>>>>> >>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>>> >>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>>> I set up cram-md5 using this tutorial >>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>>> /etc/dovecot/dovecot.conf >>>>>> in >>>>>>>>> passdb code block: >>>>>>>>> listen = *,[::] >>>>>>>>> protocols = imap pop3 >>>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>>> #dodana nizej linia >>>>>>>>> ssl = required >>>>>>>>> disable_plaintext_auth = yes >>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>>> mail_privileged_group = vmail >>>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>>> ssl_cert = >>>>>>>> ssl_key = >>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>>> ssl_cipher_list = >>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>>> >>>>>>>>> >>>>>>>>> mail_max_userip_connections = 100 >>>>>>>>> passdb { >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> driver = prefetch >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> driver = sql >>>>>>>>> } >>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>>> nicely. >>>>>>>>> But after I want to do default settings by commented out
two >>>>>> lines: >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> and uncomment >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>>> server >>>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>>> passdbs/userdbs than auth server. >>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>>> >>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>>> written >>>>>> to >>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change >> any >>>>>>>> userdb >>>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( password( these like
>>>> default >>>>>>>>> settings in passdb block. >>>>>>>>> >>>>>>>> Try >>>>>>>> >>>>>>>> auth_debug=yes >>>>>>>> auth_verbose=yes >>>>>>>> >>>>>>>> and see if it gives any more reasonable messages. >>>>>>>> >>>>>>>> Aki >>>>>>>>
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWJRepnz1H7kL/d9rAQKj6gf/eKXC6JV/69gmyXaC3iSwNHmOS6qjYlFl L+cUexFQM/t/tk0z/N9olmcIm8tJd1HFruJGrb9/StBirenuJYJ54AOyd3zi8XDg Gu+vbcBE2T97w48SqTsujJKPT/dVFZ9kHtYymNMjLNJANdr/X4r+/QNw710B96US FDNc96xBGKjrn/uE0SToclFXuvOE4Ymu8JGQHDQO7X35r9M9NBLfSP8VXwtIlnDX 9P/UQvisFuLNtXHh4wO77b0Jdw3V2CYgER0l5ctHYAgaS4d8CNGHnINLZvFiJusL s4TG5Yf1OHC3wMiRCikybkO5fNezXuvc7xMbKYV9HDKxjLvP1paAPA== =gHJk -----END PGP SIGNATURE-----