[Dovecot] POP3/IMAPv4 CRAM-MD5 Authentication failed.(Re-post)
Hi, I'm Yuuichi Ikeda from Japan User.
OS:Solaris 10 9/10 s10x_u9wos_14a X86 Mem:8GB HDD:3TB gcc:gcc (GCC) 4.1.2 gcc-prefix:/unsupported/gcc Dovecot Version:2.0.15 configure:./configure --prefix=/opt/dovecot_2 --sysconfdir=/opt/dovecot_2/conf --mandir=/opt/man --enable-shared --with-mysql --with-zlib --with-sqlite --with-sql=plugin --with-ssldir=/opt/openssl --with-rundir=/var/run --with-libiconv-prefix=/opt/libiconv
Dovecot Configuration
# 2.0.15: /opt/dovecot_2/conf/dovecot/dovecot.conf # OS: SunOS 5.10 i86pc auth_debug = yes auth_mechanisms = cram-md5 auth_ssl_require_client_cert = yes auth_ssl_username_from_cert = yes auth_verbose = yes base_dir = /var/run/dovecot/ doveadm_worker_count = 10 log_path = /var/log/dovecot/dovecot.log login_greeting = ready. login_trusted_networks = 192.168.1.0/24 mail_location = maildir:~/Maildir passdb { driver = pam } passdb { args = /opt/dovecot_2/conf/dovecot/passwd driver = passwd-file } plugin { acl = vfile:/opt/dovecot_2/conf/dovecot/global-acls:cache_secs=300 acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes } protocols = imap pop3 service auth { executable = /opt/dovecot_2/libexec/dovecot/auth unix_listener /var/spool/postfix/private/auth { mode = 0666 } } service imap-login { executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/imap-login inet_listener imap { port = 143 ssl = no } inet_listener imaps { port = 993 ssl = yes } } service imap { executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/imap } service lmtp { unix_listener lmtp { mode = 0666 } } service pop3-login { executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/pop3-login inet_listener pop3 { port = 110 ssl = no } inet_listener pop3s { port = 995 ssl = yes } } service pop3 { executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/pop3 } ssl_ca = </opt/dovecot_2/conf/dovecot/ca-c.pem ssl_cert = </opt/dovecot_2/conf/dovecot/ns-c.pem ssl_key = </opt/dovecot_2/conf/dovecot/ns-p.pem ssl_verify_client_cert = yes userdb { args = blocking=yes driver = passwd } protocol imap { imap_logout_format = bytes=%i/%o imap_max_line_length = 64 k mail_max_userip_connections = 10 mail_plugins = } protocol lda { hostname = mailsv.sklc.co.jp info_log_path = /var/log/dovecot/deliver.log log_path = /var/log/dovecot/deliver.log mail_plugins = postmaster_address = postmaster@sklc.co.jp sendmail_path = /usr/lib/sendmail } protocol lmtp { mail_plugins = } protocol pop3 { mail_plugins = pop3_save_uidl = yes pop3_uidl_format = %v-%u }
If it attests by connecting by POP3 or IMAPv4, the following messages will be displayed and attestation will go wrong.
Nov 07 23:12:40 auth: Debug: auth client connected (pid=20018) Nov 07 23:12:40 auth: Debug: client in: AUTH 1 CRAM-MD5 service=pop3 secured no-penalty lip=192.168.1.1 rip=192.168.1.110 lport=110 rport=57054 Nov 07 23:12:40 auth: Info: CRAM-MD5(?,192.168.1.110): Client didn't present valid SSL certificate Nov 07 23:12:40 auth: Debug: client out: FAIL 1 reason=Client didn't present valid SSL certificate Nov 07 23:12:40 pop3-login: Info: Aborted login (cert required, client didn't start TLS): method=CRAM-MD5, rip=192.168.1.110, lip=192.168.1.1, secured
Nov 07 23:16:32 auth: Debug: auth client connected (pid=20126) Nov 07 23:16:32 auth: Debug: client in: AUTH 1 CRAM-MD5 service=imap secured no-penalty lip=192.168.1.1 rip=192.168.1.1 lport=143 rport=58734 Nov 07 23:16:32 auth: Info: CRAM-MD5(?,192.168.1.1): Client didn't present valid SSL certificate Nov 07 23:16:32 auth: Debug: client out: FAIL 1 reason=Client didn't present valid SSL certificate Nov 07 23:16:32 imap-login: Info: Aborted login (cert required, client didn't start TLS): method=CRAM-MD5, rip=192.168.1.1, lip=192.168.1.1, secured
What will you do and will become like this? If some people know ways of coping, please let me know.
============================================================= Information-system part. Sankei-Koumuten Co.,Ltd. Yuuichi Ikeda Mail:yuichi@sklc.co.jp Tel.+81-3-3623-6474 Fax.+81-3-3623-6475 Our company promotes "Team minus 6 percent" jus, Hatena Joined member. LPIC-2 Certified.
On 11/07/2011 04:12 PM Yuuichi Ikeda (SKLC) wrote:
Hi, I'm Yuuichi Ikeda from Japan User.
Dovecot Configuration
… ssl_ca = </opt/dovecot_2/conf/dovecot/ca-c.pem ssl_cert = </opt/dovecot_2/conf/dovecot/ns-c.pem ssl_key = </opt/dovecot_2/conf/dovecot/ns-p.pem ssl_verify_client_cert = yes … If it attests by connecting by POP3 or IMAPv4, the following messages will be displayed and attestation will go wrong.
Nov 07 23:12:40 auth: Info: CRAM-MD5(?,192.168.1.110): Client didn't present valid SSL certificate Nov 07 23:12:40 auth: Debug: client out: FAIL 1 reason=Client didn't present valid SSL certificate Nov 07 23:12:40 pop3-login: Info: Aborted login (cert required, client didn't start TLS): method=CRAM-MD5, rip=192.168.1.110, lip=192.168.1.1, secured
Nov 07 23:16:32 auth: Info: CRAM-MD5(?,192.168.1.1): Client didn't present valid SSL certificate Nov 07 23:16:32 auth: Debug: client out: FAIL 1 reason=Client didn't present valid SSL certificate Nov 07 23:16:32 imap-login: Info: Aborted login (cert required, client didn't start TLS): method=CRAM-MD5, rip=192.168.1.1, lip=192.168.1.1, secured
What will you do and will become like this? If some people know ways of coping, please let me know.
Are you sure you want to verify the client's certificate (ssl_verify_client_cert = yes)? If not, just remove this line and try again.
Regards, Pascal
The trapper recommends today: cafebabe.1131121@localdomain.org
participants (2)
-
Pascal Volk
-
Yuuichi Ikeda (SKLC)