Can you check your logs?
Aki
On 01.02.2017 10:02, Poliman - Serwis wrote:
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would point out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote: > I always restart dovecot after change config. ;) Sure, I commented out > added two lines by me, restarted dovecot and here it is: > > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > auth_mechanisms = plain login cram-md5 > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_max_userip_connections = 100 > mail_plugins = " quota" > mail_privileged_group = vmail > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > sieve = /var/vmail/%d/%n/.sieve > sieve_max_redirects = 25 > } > postmaster_address = postmaster@example.com > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service imap-login { > client_limit = 1000 > process_limit = 512 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > ssl = required > ssl_cert = ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > ssl_dh_parameters_length = 2048 > ssl_key = ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > mail_plugins = sieve quota > postmaster_address = webmaster@localhost > } > protocol lmtp { > mail_plugins = quota sieve > postmaster_address = webmaster@localhost > } > > > 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> On 01.02.2017 08:18, Poliman - Serwis wrote: >>> This is debug log files in syslog: >>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >> m5ldD4= >>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >> userdb_mail, >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >> but we >>> have only CRYPT >>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>> FAIL#0112#011user=do_not_reply@example.com >>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= >>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >> m5ldD4= >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >> userdb_mail, >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but >> we >>> have only CRYPT >>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>> FAIL#0113#011user=do_not_reply@example.com >>> >>> >>> >>> ##################### >>> I added in dovecot.conf lines in passdb block: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> and commented out default lines >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>> When I try set again default lines I got above error >> Can you run doveconf -n with the configuration that causes the above >> error? Also it clearly does SQL lookup, so that error is happening with >> SQL passdb. You need to remember to restart dovecot between >> configuration changes. >> >> Aki >> >>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>> I set up cram-md5 using this tutorial >>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf >> in >>>>> passdb code block: >>>>> listen = *,[::] >>>>> protocols = imap pop3 >>>>> #auth_mechanisms = plain login cram-md5 >>>>> auth_mechanisms = cram-md5 plain login >>>>> #dodana nizej linia >>>>> ssl = required >>>>> disable_plaintext_auth = yes >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>> mail_privileged_group = vmail >>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>> ssl_cert = >>>> ssl_key = >>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>> ssl_cipher_list = >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: >>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>> ssl_prefer_server_ciphers = yes >>>>> ssl_dh_parameters_length = 2048 >>>>> >>>>> >>>>> mail_max_userip_connections = 100 >>>>> passdb { >>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>> # driver = sql >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> } >>>>> userdb { >>>>> driver = prefetch >>>>> } >>>>> userdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> Of course I created cram-md5.pwd file. All mails go out and come >> nicely. >>>>> But after I want to do default settings by commented out these two >> lines: >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> and uncomment >>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>> # driver = sql >>>>> I can't send emails - I use Thunderbird - get error "logging on server >>>>> mail.example.com not work out". Error in logs: >>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>> passdbs/userdbs than auth server. >>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>> >>>>> Is it possible that hashed password from cram-md5.pwd file was written >> to >>>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>>> userdb >>>>> {} block and this second userdb block has this same lines like default >>>>> settings in passdb block. >>>>> >>>> Try >>>> >>>> auth_debug=yes >>>> auth_verbose=yes >>>> >>>> and see if it gives any more reasonable messages. >>>> >>>> Aki >>>>