I am between a rock and a hard place while doing my migration from 2.3.19.1 to 2.4.1 I have setup a clean system to test the running before I import my database of virtual users.
I haven't changed much from the config examples provided at My auth-sql.conf.ext: sql_driver = mysql mysql /var/run/mysqld/mysqld.sock { user = db_user password = XXXXX dbname = dbname }
passdb sql { default_password_scheme = SHA512 query = SELECT crypt AS password FROM users,domains WHERE users.username = '%{user}' AND users.enabled = '1' AND users.type='local' and domains.enabled='1' and domains.domain_id = users.domain_id }
userdb sql { query = SELECT pop as home, uid, gid FROM users WHERE username = '%{user}' iterate_query = SELECT username AS user FROM users }
dovecot -n:
root@mail:/etc/dovecot/conf.d# doveconf -n
# 2.4.1-4+debian12 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4+debian12 (0a86619f)
# OS: Linux 6.1.0-34-amd64 x86_64 Debian 12.10
# Hostname: mail.domain.name
dovecot_config_version = 2.4.1
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = yes
dovecot_storage_version = 2.4.1
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 999
fts_search_add_missing = yes
info_log_path = /var/log/dovecot.log
log_debug = category=auth
mail_plugins {
notify = yes
mail_log = yes
}
protocols = imap pop3 lmtp sieve
sql_driver = mysql
mysql /var/run/mysqld/mysqld.sock {
dbname = exim4u
password = # hidden, use -P to show it
user = exim4u
}
passdb sql {
default_password_scheme = SHA512
query = SELECT crypt AS password FROM users,domains WHERE users.username
= '%{user}' AND users.enabled = '1' AND users.type='local' and
domains.enabled='1' and domains.domain_id = users.domain_id
}
userdb sql {
iterate_query = SELECT username AS user FROM users
query = SELECT pop as home, uid, gid FROM users WHERE username = '%{user}'
}
namespace inbox {
inbox = yes
mailbox Drafts {
special_use = "\\Drafts"
}
mailbox Junk {
special_use = "\\Junk"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox Sent {
special_use = "\\Sent"
}
mailbox "Sent Messages" {
special_use = "\\Sent"
}
}
service imap-login {
inet_listener imap {
}
inet_listener imaps {
}
}
service pop3-login {
inet_listener pop3 {
}
inet_listener pop3s {
}
}
service submission-login {
inet_listener submission {
}
inet_listener submissions {
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
}
service pop3 {
}
service submission {
}
service auth {
unix_listener auth-userdb {
}
}
service auth-worker {
}
service dict {
unix_listener dict {
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service managesieve {
}
I ran a test against the POP3 daemon:
telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Dovecot ready.
user 'joh@doe.com
+OK
pass XXXXXXX
-ERR [SYS/TEMP] Temporary authentication failure.
And the debugging ends up in "pop3-login: Info: Login aborted: Logged out (auth service reported temporary failure". I am not sure where to look for this.
May 04 13:08:46 auth: Debug: sqlpool(mysql): Creating new connection May 04 13:08:46 auth: Debug: Read auth token secret from /run/auth-token-secret.dat May 04 13:08:46 auth: Debug: mysql(/var/run/mysqld/mysqld.sock): Connecting May 04 13:08:46 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: Server accepted connection (fd=19) May 04 13:08:46 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: auth client connected (pid=9061) May 04 13:09:12 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: client in: AUTH 1 PLAIN protocol=pop3 final-resp-ok secured session=0sexkUw07I1/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=36332 resp=AHdhc2hAbWFyYS5jbG91ZAB3YXNoQG1hcmEuY2xvdWQ= (previous base64 data may contain sensitive data) May 04 13:09:12 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: sql: Performing passdb lookup May 04 13:09:12 auth: Debug: conn unix:auth-worker: Connecting May 04 13:09:12 auth: Debug: conn unix:auth-worker (pid=9055,uid=0): Client connected (fd=20) May 04 13:09:12 auth: Debug: conn unix:auth-worker (pid=9055,uid=0): Sending version handshake May 04 13:09:12 auth-worker(9138): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth May 04 13:09:12 auth-worker(9138): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so May 04 13:09:12 auth-worker(9138): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_pgsql.so May 04 13:09:12 auth-worker(9138): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_sqlite.so May 04 13:09:12 auth-worker(9138): Debug: sqlpool(mysql): Creating new connection May 04 13:09:12 auth-worker(9138): Debug: mysql(/var/run/mysqld/mysqld.sock): Connecting May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): Server accepted connection (fd=13) May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): Sending version handshake May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): auth-worker<1>: Handling PASSV request May 04 13:09:12 auth-worker(joh@doe.com,127.0.0.1)<9138><0sexkUw07I1/AAAB>: request [1]: Debug: sql: Performing passdb lookup May 04 13:09:12 auth: Debug: auth-worker: Worker sent process limit '30' May 04 13:09:12 auth-worker(joh@doe.com,127.0.0.1)<9138><0sexkUw07I1/AAAB>: request [1]: Debug: sql: query: SELECT crypt AS password FROM users,domains WHERE users.username = 'joh@doe.com' AND users.enabled = '1' AND users.type='local' and domains.enabled='1' and domains.domain_id = users.domain_id May 04 13:09:12 auth-worker(9138): Debug: mysql(/var/run/mysqld/mysqld.sock): Finished query 'SELECT crypt AS password FROM users,domains WHERE users.username = 'joh@doe.com' AND users.enabled = '1' AND users.type='local' and domains.enabled='1' and domains.domain_id = users.domain_id' in 0 msecs May 04 13:09:12 auth-worker(joh@doe.com,127.0.0.1)<9138><0sexkUw07I1/AAAB>: request [1]: Debug: sql: Finished passdb lookup May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): auth-worker<1>: Finished: internal_failure May 04 13:09:12 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: sql: Finished passdb lookup May 04 13:09:14 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: Auth request finished May 04 13:09:14 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: immediate auth failure due to internal failure May 04 13:09:14 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: client passdb out: FAIL 1 user=joh@doe.com code=temp_fail May 04 13:09:18 pop3-login: Info: Login aborted: Logged out (auth service reported temporary failure, 1 attempts in 6 secs) (temp_fail): user=< joh@doe.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<0sexkUw07I1/AAAB>
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html]
I am between a rock and a hard place while doing my migration from 2.3.19.1 to 2.4.1 I have setup a clean system to test the running before I import my database of virtual users.
I haven't changed much from the config examples provided at My auth-sql.conf.ext: sql_driver = mysql mysql /var/run/mysqld/mysqld.sock { user = db_user password = XXXXX dbname = dbname }
passdb sql { default_password_scheme = SHA512 query = SELECT crypt AS password FROM users,domains WHERE users.username = '% {user}' AND users.enabled = '1' AND users.type='local' and domains.enabled='1' and domains.domain_id = users.domain_id }
userdb sql { query = SELECT pop as home, uid, gid FROM users WHERE username = '%{user}' iterate_query = SELECT username AS user FROM users }
dovecot -n:
root@mail:/etc/dovecot/conf.d# doveconf -n
# 2.4.1-4+debian12 (7d8c0e5759): /etc/dovecot/dovecot.conf
# Pigeonhole version 2.4.1-4+debian12 (0a86619f)
# OS: Linux 6.1.0-34-amd64 x86_64 Debian 12.10
# Hostname: mail.domain.name
dovecot_config_version = 2.4.1
auth_debug_passwords = yes
auth_verbose = yes
auth_verbose_passwords = yes
dovecot_storage_version = 2.4.1
fts_autoindex = yes
fts_autoindex_max_recent_msgs = 999
fts_search_add_missing = yes
info_log_path = /var/log/dovecot.log
log_debug = category=auth
mail_plugins {
notify = yes
mail_log = yes
}
protocols = imap pop3 lmtp sieve
sql_driver = mysql
mysql /var/run/mysqld/mysqld.sock {
dbname = exim4u
password = # hidden, use -P to show it
user = exim4u
}
passdb sql {
default_password_scheme = SHA512
query = SELECT crypt AS password FROM users,domains WHERE users.username = '%
{user}' AND users.enabled = '1' AND users.type='local' and domains.enabled='1'
and domains.domain_id = users.domain_id
}
userdb sql {
iterate_query = SELECT username AS user FROM users
query = SELECT pop as home, uid, gid FROM users WHERE username = '%{user}'
}
namespace inbox {
inbox = yes
mailbox Drafts {
special_use = "\\Drafts"
}
mailbox Junk {
special_use = "\\Junk"
}
mailbox Trash {
special_use = "\\Trash"
}
mailbox Sent {
special_use = "\\Sent"
}
mailbox "Sent Messages" {
special_use = "\\Sent"
}
}
service imap-login {
inet_listener imap {
}
inet_listener imaps {
}
}
service pop3-login {
inet_listener pop3 {
}
inet_listener pop3s {
}
}
service submission-login {
inet_listener submission {
}
inet_listener submissions {
}
}
service lmtp {
unix_listener lmtp {
}
}
service imap {
}
service pop3 {
}
service submission {
}
service auth {
unix_listener auth-userdb {
}
}
service auth-worker {
}
service dict {
unix_listener dict {
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
}
service managesieve {
}
I ran a test against the POP3 daemon:
telnet 0 110
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
+OK Dovecot ready.
user 'joh@doe.com
+OK
pass XXXXXXX
-ERR [SYS/TEMP] Temporary authentication failure.
And the debugging ends up in "pop3-login: Info: Login aborted: Logged out (auth service reported temporary failure". I am not sure where to look for this.
May 04 13:08:46 auth: Debug: sqlpool(mysql): Creating new connection May 04 13:08:46 auth: Debug: Read auth token secret from /run/auth-token- secret.dat May 04 13:08:46 auth: Debug: mysql(/var/run/mysqld/mysqld.sock): Connecting May 04 13:08:46 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: Server accepted connection (fd=19) May 04 13:08:46 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: auth client connected (pid=9061) May 04 13:09:12 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: client in: AUTH 1 PLAIN protocol=pop3 final-resp-ok secured session=0sexkUw07I1/AAAB lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=36332 resp=AHdhc2hAbWFyYS5jbG91ZAB3YXNoQG1hcmEuY2xvdWQ= (previous base64 data may contain sensitive data) May 04 13:09:12 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: sql: Performing passdb lookup May 04 13:09:12 auth: Debug: conn unix:auth-worker: Connecting May 04 13:09:12 auth: Debug: conn unix:auth-worker (pid=9055,uid=0): Client connected (fd=20) May 04 13:09:12 auth: Debug: conn unix:auth-worker (pid=9055,uid=0): Sending version handshake May 04 13:09:12 auth-worker(9138): Debug: Loading modules from directory: /usr/ lib/dovecot/modules/auth May 04 13:09:12 auth-worker(9138): Debug: Module loaded: /usr/lib/dovecot/ modules/auth/libdriver_mysql.so May 04 13:09:12 auth-worker(9138): Debug: Module loaded: /usr/lib/dovecot/ modules/auth/libdriver_pgsql.so May 04 13:09:12 auth-worker(9138): Debug: Module loaded: /usr/lib/dovecot/ modules/auth/libdriver_sqlite.so May 04 13:09:12 auth-worker(9138): Debug: sqlpool(mysql): Creating new connection May 04 13:09:12 auth-worker(9138): Debug: mysql(/var/run/mysqld/mysqld.sock): Connecting May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): Server accepted connection (fd=13) May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): Sending version handshake May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): auth-worker<1>: Handling PASSV request May 04 13:09:12 auth-worker(joh@doe.com,127.0.0.1)<9138><0sexkUw07I1/AAAB>: request [1]: Debug: sql: Performing passdb lookup May 04 13:09:12 auth: Debug: auth-worker: Worker sent process limit '30' May 04 13:09:12 auth-worker(joh@doe.com,127.0.0.1)<9138><0sexkUw07I1/AAAB>: request [1]: Debug: sql: query: SELECT crypt AS password FROM users,domains WHERE users.username = 'joh@doe.com' AND users.enabled = '1' AND users.type='local' and domains.enabled='1' and domains.domain_id = users.domain_id May 04 13:09:12 auth-worker(9138): Debug: mysql(/var/run/mysqld/mysqld.sock): Finished query 'SELECT crypt AS password FROM users,domains WHERE users.username = 'joh@doe.com' AND users.enabled = '1' AND users.type='local' and domains.enabled='1' and domains.domain_id = users.domain_id' in 0 msecs May 04 13:09:12 auth-worker(joh@doe.com,127.0.0.1)<9138><0sexkUw07I1/AAAB>: request [1]: Debug: sql: Finished passdb lookup May 04 13:09:12 auth-worker(9138): Debug: conn unix:auth-worker (pid=9063,uid=116): auth-worker<1>: Finished: internal_failure May 04 13:09:12 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: sql: Finished passdb lookup May 04 13:09:14 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: Auth request finished May 04 13:09:14 auth(joh@doe.com,127.0.0.1,sasl:plain)<0sexkUw07I1/AAAB>: Debug: immediate auth failure due to internal failure May 04 13:09:14 auth: Debug: conn unix:login (pid=9061,uid=117) [1]: client passdb out: FAIL 1 user=joh@doe.com code=temp_fail May 04 13:09:18 pop3-login: Info: Login aborted: Logged out (auth service reported temporary failure, 1 attempts in 6 secs) (temp_fail): user=<joh@doe.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<0sexkUw07I1/AAAB>
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 In an Internet failure case, the #1 suspect is a constant: DNS. "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart- questions.html]