doveadm log errors can be helpful too
On 01.02.2017 10:25, Poliman - Serwis wrote:
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote: > Default it was: "auth_mechanisms = plain login" and I added cram-md5. > After restart all work perfectly. But after I added: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
> should be changed to resolve this issue. Should I remove "login" from > auth_mechanism ("login" was default setting and I would like to move back > to default settings)? > > 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> Because cram-md5 needs the user's password for calculating responses, it >> cannot work with hashed passwords (one-way encrypted). The only >> supported password schemes are PLAIN and CRAM-MD5. >> >> Aki >> >> On 01.02.2017 09:33, Poliman - Serwis wrote: >>> I always restart dovecot after change config. ;) Sure, I commented out >>> added two lines by me, restarted dovecot and here it is: >>> >>> # 2.2.9: /etc/dovecot/dovecot.conf >>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>> auth_mechanisms = plain login cram-md5 >>> listen = *,[::] >>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>> mail_max_userip_connections = 100 >>> mail_plugins = " quota" >>> mail_privileged_group = vmail >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> plugin { >>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>> sieve = /var/vmail/%d/%n/.sieve >>> sieve_max_redirects = 25 >>> } >>> postmaster_address = postmaster@example.com >>> protocols = imap pop3 >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> group = vmail >>> mode = 0600 >>> user = vmail >>> } >>> user = root >>> } >>> service imap-login { >>> client_limit = 1000 >>> process_limit = 512 >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> ssl = required >>> ssl_cert = >> ssl_cipher_list = >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>> ssl_dh_parameters_length = 2048 >>> ssl_key = >> ssl_prefer_server_ciphers = yes >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>> userdb { >>> driver = prefetch >>> } >>> userdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> protocol imap { >>> mail_plugins = quota imap_quota >>> } >>> protocol pop3 { >>> mail_plugins = quota >>> pop3_uidl_format = %08Xu%08Xv >>> } >>> protocol lda { >>> mail_plugins = sieve quota >>> postmaster_address = webmaster@localhost >>> } >>> protocol lmtp { >>> mail_plugins = quota sieve >>> postmaster_address = webmaster@localhost >>> } >>> >>> >>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>> This is debug log files in syslog: >>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>> m5ldD4= >>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>> userdb_mail, >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') >> AS >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>> do_not_reply@example.com') AND
disablesmtp
= 'n' AND server_id = '1' >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>> but we >>>>> have only CRYPT >>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>> FAIL#0112#011user=do_not_reply@example.com >>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >> dD4= >>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>>>>/bin/date
"$line" >> /var/log/ispconfig/cron.log; done) >>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>/bin/date
"$line" >> /var/log/ispconfig/cron.log; done) >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>> m5ldD4= >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>> userdb_mail, >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') >> AS >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>> do_not_reply@example.com') ANDdisablesmtp
= 'n' AND server_id = '1' >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >> but >>>> we >>>>> have only CRYPT >>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>> FAIL#0113#011user=do_not_reply@example.com >>>>> >>>>> >>>>> >>>>> ##################### >>>>> I added in dovecot.conf lines in passdb block: >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> and commented out default lines >>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>> #driver = sql >>>>> When I try set again default lines I got above error >>>> Can you run doveconf -n with the configuration that causes the above >>>> error? Also it clearly does SQL lookup, so that error is happening with >>>> SQL passdb. You need to remember to restart dovecot between >>>> configuration changes. >>>> >>>> Aki >>>> >>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>> >>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>> I set up cram-md5 using this tutorial >>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >> /etc/dovecot/dovecot.conf >>>> in >>>>>>> passdb code block: >>>>>>> listen = *,[::] >>>>>>> protocols = imap pop3 >>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>> #dodana nizej linia >>>>>>> ssl = required >>>>>>> disable_plaintext_auth = yes >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>> mail_privileged_group = vmail >>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>> ssl_cert = >>>>>> ssl_key = >>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>> ssl_cipher_list = >>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>> ssl_prefer_server_ciphers = yes >>>>>>> ssl_dh_parameters_length = 2048 >>>>>>> >>>>>>> >>>>>>> mail_max_userip_connections = 100 >>>>>>> passdb { >>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>> # driver = sql >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> } >>>>>>> userdb { >>>>>>> driver = prefetch >>>>>>> } >>>>>>> userdb { >>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>> driver = sql >>>>>>> } >>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>> nicely. >>>>>>> But after I want to do default settings by commented out these two >>>> lines: >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> and uncomment >>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>> # driver = sql >>>>>>> I can't send emails - I use Thunderbird - get error "logging on >> server >>>>>>> mail.example.com not work out". Error in logs: >>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>> passdbs/userdbs than auth server. >>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>> >>>>>>> Is it possible that hashed password from cram-md5.pwd file was >> written >>>> to >>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>>>>> userdb >>>>>>> {} block and this second userdb block has this same lines like >> default >>>>>>> settings in passdb block. >>>>>>> >>>>>> Try >>>>>> >>>>>> auth_debug=yes >>>>>> auth_verbose=yes >>>>>> >>>>>> and see if it gives any more reasonable messages. >>>>>> >>>>>> Aki >>>>>>