On 04/09/2023 15:23 EEST lejeczek via dovecot dovecot@dovecot.org wrote:
On 04/09/2023 09:32, Aki Tuomi via dovecot wrote:
On 04/09/2023 10:19 EEST lejeczek via dovecot dovecot@dovecot.org wrote:
On 04/09/2023 09:47 EEST lejeczek via dovecot dovecot@dovecot.org wrote:
Hi guys.
I'm having quite bizarre situation where Dovecot logs: ... pam_unix(dovecot:auth): check pass; user unknown pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=dupa rhost=AA.BB.CC.DD imap-login: Login: user=<dupa>, method=PLAIN, rip=AA.BB.CC.DD, lip=AA.BB.CC.DD, mpid=1756629, TLS, session=<uV7OwIIEWsJdviSg>: ...
but Thunderbird allows, is okey with such user & creates an account for it. I must be having my setup miss-configured - I'm hoping it's something obvious somebody could point me towards.
many thanks, L. Enable auth_debug=yes and check logs again.
Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org Just to clarify - the user who does not exist should be denied, is what I want - as general idea is: deny non-existent users. I wonder if this below is the culprit (I copy lots of configs from my very old Dovecot which laid dormant long time, I confess) ...
On 04/09/2023 08:54, Aki Tuomi via dovecot wrote: passdb { driver = static args = password=myPass } userdb { driver = static args = uid=vmail gid=vmail home=/home/vmail/%d/%n }
So do you intend to use just static driver or also pam?
Iäm guessing you are using debian with split config, so go into /etc/dovecot/conf.d and comment out pam and passwd passdb and userdb, restart dovecot and check with
doveconf -n
that you only have the passdbs and userdbs you expect to have.Aki My goal is - what many's goal is I imagine - to have virtual users (& perhaps system-pam users)
I what I think is happening - looking at Dovecot's behavior & above config - puzzles & worries me. Does Dovecot (partially) allows any user, existing or not, as long as the client supplied a valid password ??
When I try a following config: passdb { driver = passwd-file args = scheme=sha256 username_format=%n /etc/dovecot/passwd.file } userdb { driver = passwd-file args = username_format=%n /etc/dovecot/passwd.file default_fields = uid=vmail gid=vmail home=/home/vmail/%d/%n }
which I hope will now specifically allow only existing users, dovecot logs: ... auth: Error: passwd-file /etc/dovecot/passwd.file:User systems is missing userdb info ...
and in '/etc/dovecot/passwd.file' : ... systems:{SHA256}2s5EZJYS..............
-> $ doveadm user systems
userdb lookup: user systems doesn't exist field value
I've also set: auth_username_format = %n
A userdb file is more strict about the contents, see https://doc.dovecot.org/configuration_manual/authentication/passwd_file/#aut...
so basically you need to add :::::: for the missing values, as you don't need to supply them necessarely, but the fields must be there, even as empty.
Aki