thank you for guidance,
just to recap the issue was about squirrelmail giving a wrong message : "connection dropped by imap server" instead of "invalid user or password"
as advised i connected using command line on both my old and new servers, and have posted the details including the output of dovevcot -n.
- command prompt login. i put wrong password
telnet x.x.x.x 143
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE START TLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] ready.
1 login acc@mydomain.com wrongpass
1 NO [AUTHENTICATIONFAILED] Authentication failed.
- DOVECOT LOG output
CURRENT SERVER
Nov 28 08:48:39 imap-login: Info: Disconnected (auth failed, 1 attempts in 72 secs): user=
OLD SERVER Nov 28 09:06:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=acc@mydomain.com, method=PLAIN, rip=120.62.202.70, lip=72.35.76.156
- DOVECOT CONFIG FILE DETAILS
dovecot -n
# 2.2.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final) auth_cache_negative_ttl = 0 auth_cache_size = 32 M auth_cache_ttl = 30 mins auth_mechanisms = plain login digest-md5 cram-md5 default_login_user = vpopmail disable_plaintext_auth = no first_valid_gid = 89 first_valid_uid = 89 log_path = /var/log/dovecot.log login_greeting = ready. mail_max_userip_connections = 50 mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace { inbox = yes location = prefix = separator = . type = private } passdb { args = cache_key=%u webmail=127.0.0.1 driver = vpopmail } plugin { quota = maildir:ignore=Trash quota_rule = ?:storage=0 } protocols = imap pop3 service imap-login { client_limit = 256 process_limit = 400 process_min_avail = 12 service_count = 0 vsz_limit = 384 M } service pop3-login { client_limit = 1000 process_limit = 400 process_min_avail = 12 service_count = 0 vsz_limit = 512 M } ssl_cert =
thank you for your time and patience.
rajesh
----- Original Message ----- From: Gedalya [mailto:gedalya@gedalya.net] To: 24x7server@24x7server.net,dovecot@dovecot.org Sent: Tue, 25 Nov 2014 05:54:49 -0500 Subject: Re: failed login message
On 11/25/2014 04:49 AM, 24x7server@24x7server.net wrote:
thanks for your reply
i intentionaly put the wrong password and checked the dovecot log and the message i got was
# tail -f /var/log/dovecot.log | grep "xxx@yyy.com" Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx@yyy.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=
but in the squirrelmail login page instead of the message "unknown user or password incorrect" i get the message
ERROR: Connection dropped by IMAP server. Query: LOGOUT
in my old server where it is working correctly dovecot logs shows the error
Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<"xxx@yyy.com">, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
and squirrelmail gives the error : "unknown user or password incorrect" which is correct.
is there any other place i need to check or some other config file (either squirrelmail or dovecot) that i need to modify
could you kindly guide me
- Please carefully read http://dovecot.org/mailinglists.html
- Please carefully follow the instructions at http://dovecot.org/mailinglists.html. In your case, post full details for both servers.
- Try to manually log in to both servers using e.g. telnet in order to see any differences in the way they respond. Something like
$ telnet 192.168.9.11 143 Trying 192.168.9.11... Connected to 192.168.9.11. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS LOGINDISABLED] Dovecot ready. 1 login gedalya 1234
- BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed. 1 NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure (SSL/TLS) connections. 2 logout
- BYE Logging out 2 OK Logout completed. Connection closed by foreign host.
(that's how it responds in my specific case as I disallow plaintext login)
Or if you need TLS (like me):
$ openssl s_client -starttls imap -quiet -connect 192.168.9.11:143 depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate Signing, CN = StartCom Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 . OK Pre-login capabilities listed, post-login capabilities have more. 1 login gedalya 1234 1 NO [AUTHENTICATIONFAILED] Authentication failed. 2 logout
- BYE Logging out 2 OK Logout completed.