Problem logging in during testing
Instructions at http://wiki2.dovecot.org/BasicConfiguration say the next thing to test after getting IMAP and Telnet working is to create a dummy user file with the following command:
echo "$USER:{PLAIN}password:$UID:$GID::$HOME" > users
And place it in /etc/dovecot and protect it appropriately. It was also edited to change the plain-text password from `password' to what it really is.
The next section describes changes to 10-auth.conf and other things:
If you used the example configuration files, switch to passwd-file by modifying conf.d/10-auth.conf:
# Add '#' to comment out the system user login for now: #!include auth-system.conf.ext # Remove '#' to use passwd-file: !include auth-passwdfile.conf.ext
In conf.d/auth-passwdfile.conf.ext you should have:
passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users }
Verify with doveconf -n passdb userdb that the output looks like above (and there are no other passdbs or userdbs).
All done successfully.
Now, when I telnet 127.0.0.1 143 and attempt to log in with the string:
a login <any username> <any password>
whether it's one in my users file or not, I get:
a NO [AUTHENTICATIONFAILED] Authentication failed.
Am 15.06.2015 um 15:19 schrieb Steve Matzura:
Instructions at http://wiki2.dovecot.org/BasicConfiguration say the next thing to test after getting IMAP and Telnet working is to create a dummy user file with the following command:
echo "$USER:{PLAIN}password:$UID:$GID::$HOME" > users
And place it in /etc/dovecot and protect it appropriately. It was also edited to change the plain-text password from `password' to what it really is.
The next section describes changes to 10-auth.conf and other things:
If you used the example configuration files, switch to passwd-file by modifying conf.d/10-auth.conf:
# Add '#' to comment out the system user login for now: #!include auth-system.conf.ext # Remove '#' to use passwd-file: !include auth-passwdfile.conf.ext
In conf.d/auth-passwdfile.conf.ext you should have:
passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users }
Verify with doveconf -n passdb userdb that the output looks like above (and there are no other passdbs or userdbs).
All done successfully.
Now, when I telnet 127.0.0.1 143 and attempt to log in with the string:
a login <any username> <any password>
whether it's one in my users file or not, I get:
a NO [AUTHENTICATIONFAILED] Authentication failed.
Logs might give you a clue what exactly doesn't work.
-- Alex JOST
Am Montag, den 15.06.2015, 17:42 +0200 schrieb Christian Kivalo:
passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users }
have you created/generated a password to be used with the crypt scheme?
you can use doveadm pw for this.
- christian
That shouldn't matter as long as the {PLAIN} really is there. The scheme arg should only specify the default if the {} prefix isn't there before the password. But did you restart dovecot after changing your config?
On Mon, 15 Jun 2015 17:22:13 +0200, you wrote:
Now, when I telnet 127.0.0.1 143 and attempt to log in with the string:
a login <any username> <any password>
whether it's one in my users file or not, I get:
a NO [AUTHENTICATIONFAILED] Authentication failed.
Logs might give you a clue what exactly doesn't work.
Found one problem in maillog. mail_uid and mail_gid weren't defined. I didn't define them manually because I thought they defaulted to vmail. Now they are defined that way.
These are a mystery:
Jun 15 16:45:15 <my-node> dovecot: imap-login: Login: user=<admin>,
method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1428, secured,
session=
~doveadm log find' says everything goes to /var/log/maillog, so that's all I have.
I think I have it now! Found info about *correctly* defining namespaces. I now get the following when telnetting in, and it all looks valid.
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login <my-username> <my-password> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in a logout
- BYE Logging out a OK Logout completed. Connection closed by foreign host.
If this is correct, then I'm off to add Postfix and get my mailing lists back online.
Am Montag, den 15.06.2015, 13:33 -0400 schrieb Steve Matzura:
I think I have it now! Found info about *correctly* defining namespaces. I now get the following when telnetting in, and it all looks valid.
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login <my-username> <my-password> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in a logout
- BYE Logging out a OK Logout completed. Connection closed by foreign host.
If this is correct, then I'm off to add Postfix and get my mailing lists back online.
It looks like you don't enforce SSL/TLS. If you don't have any clients which are many years old you should do that. But of course it'S your own decision if you want your users passwords (and everything else) sent to your server in clear text over the wire
Am 15.06.2015 um 20:26 schrieb Felix Zielcke:
Am Montag, den 15.06.2015, 13:33 -0400 schrieb Steve Matzura:
I think I have it now! Found info about *correctly* defining namespaces. I now get the following when telnetting in, and it all looks valid.
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login <my-username> <my-password> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in a logout
- BYE Logging out a OK Logout completed. Connection closed by foreign host.
If this is correct, then I'm off to add Postfix and get my mailing lists back online.
It looks like you don't enforce SSL/TLS. If you don't have any clients which are many years old you should do that. But of course it'S your own decision if you want your users passwords (and everything else) sent to your server in clear text over the wire
SSL is not enforced on localhost even when specifying ssl=required.
Take a look at the comment in /etc/dovecot/conf.d/10-ssl.conf:
# SSL/TLS support: yes, no, required.
-- Alex JOST
On Mon, 15 Jun 2015 21:11:39 +0200, you wrote:
Am 15.06.2015 um 20:26 schrieb Felix Zielcke:
Am Montag, den 15.06.2015, 13:33 -0400 schrieb Steve Matzura:
I think I have it now! Found info about *correctly* defining namespaces. I now get the following when telnetting in, and it all looks valid.
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login <my-username> <my-password> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in a logout
- BYE Logging out a OK Logout completed. Connection closed by foreign host.
If this is correct, then I'm off to add Postfix and get my mailing lists back online.
It looks like you don't enforce SSL/TLS. If you don't have any clients which are many years old you should do that. But of course it'S your own decision if you want your users passwords (and everything else) sent to your server in clear text over the wire
SSL is not enforced on localhost even when specifying ssl=required.
Take a look at the comment in /etc/dovecot/conf.d/10-ssl.conf: # SSL/TLS support: yes, no, required.
# disable plain pop3 and imap, allowed are only pop3+TLS, # pop3s, imap+TLS and imaps # plain imap and pop3 are still allowed for local connections
That's what I thought. I have not had the opportunity to test this from another system yet.
On Mon, 15 Jun 2015 20:26:28 +0200, I wrote:
Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login <my-username> <my-password> a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SPECIAL-USE] Logged in a logout
- BYE Logging out a OK Logout completed. Connection closed by foreign host.
Then Alex wrote:
It looks like you don't enforce SSL/TLS. If you don't have any clients which are many years old you should do that. But of course it'S your own decision if you want your users passwords (and everything else) sent to your server in clear text over the wire
Not sure about the age of my clients' mail programs, but I have ssl=required in 10-ssl.conf. Need more to lock it down?
Am 15.06.2015 um 18:59 schrieb Steve Matzura:
On Mon, 15 Jun 2015 17:22:13 +0200, you wrote:
Now, when I telnet 127.0.0.1 143 and attempt to log in with the string:
a login <any username> <any password>
whether it's one in my users file or not, I get:
a NO [AUTHENTICATIONFAILED] Authentication failed.
Logs might give you a clue what exactly doesn't work.
Found one problem in maillog. mail_uid and mail_gid weren't defined. I didn't define them manually because I thought they defaulted to vmail. Now they are defined that way.
These are a mystery:
Jun 15 16:45:15 <my-node> dovecot: imap-login: Login: user=<admin>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=1428, secured, session=
Jun 15 16:45:15 <my-node> dovecot: imap(admin): Error: User initialization failed: Namespace '': Mail storage autodetection failed with home=/home/admin Jun 15 16:45:15 <my-node> dovecot: imap(admin): Error: Invalid user settings. Refer to server log for more information. ~doveadm log find' says everything goes to /var/log/maillog, so that's all I have.
Try adding a default mail_location.
userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users default_fields = mail=maildir:~/Maildir }
-- Alex JOST
participants (4)
-
Alex JOST
-
Christian Kivalo
-
Felix Zielcke
-
Steve Matzura