[Dovecot] Dovecot not honoring configuration settings (auth failure)
My dovecot.conf has the following:
# No results when searching the wiki
disable_plaintext_auth = no
# http://wiki2.dovecot.org/Authentication/Mechanisms
auth_mechanisms = plain login digest-md5 cram-md5When I attempt to run imapsync, I receive an error:
Host2: <host> says it has NO CAPABILITY for AUTHENTICATE LOGINimapsync also dumps the helo string, and it is missing:
Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLSAUTH=PLAIN] Dovecot ready.
I've restarted the dovecot service with 'service dovecot restart' and even rebooted the machine.
There is nothing reported in any on the log files (/var/mail/dovecot.log and /var/log/mail.<level>).
Any ideas why dovecot is not honoring the setting in its config file?
# dovecot --version 2.1.7 # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } ... prefix = } passdb { args = /var/mail/%d/users driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap pop3" ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd }
Am 31.03.2014 23:37, schrieb Jeffrey Walton:
My dovecot.conf has the following:
# No results when searching the wiki disable_plaintext_auth = no # http://wiki2.dovecot.org/Authentication/Mechanisms auth_mechanisms = plain login digest-md5 cram-md5When I attempt to run imapsync, I receive an error:
Host2: <host> says it has NO CAPABILITY for AUTHENTICATE LOGINimapsync also dumps the helo string, and it is missing:
Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLSAUTH=PLAIN] Dovecot ready.
I've restarted the dovecot service with 'service dovecot restart' and even rebooted the machine.
There is nothing reported in any on the log files (/var/mail/dovecot.log and /var/log/mail.<level>).
Any ideas why dovecot is not honoring the setting in its config file?
and the settings are *really* in /etc/dovecot/dovecot.conf or in some ".d"-folder which may or may not be included?
# dovecot --version 2.1.7 # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } ... prefix = } passdb { args = /var/mail/%d/users driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap pop3" ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd }
--
Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33 icq: 154546673, http://www.thelounge.net/
On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald <h.reindl@thelounge.net> wrote:
Am 31.03.2014 23:37, schrieb Jeffrey Walton:
My dovecot.conf has the following:
# No results when searching the wiki disable_plaintext_auth = no # http://wiki2.dovecot.org/Authentication/Mechanisms auth_mechanisms = plain login digest-md5 cram-md5When I attempt to run imapsync, I receive an error:
Host2: <host> says it has NO CAPABILITY for AUTHENTICATE LOGINimapsync also dumps the helo string, and it is missing:
Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLSAUTH=PLAIN] Dovecot ready.
I've restarted the dovecot service with 'service dovecot restart' and even rebooted the machine.
There is nothing reported in any on the log files (/var/mail/dovecot.log and /var/log/mail.<level>).
Any ideas why dovecot is not honoring the setting in its config file?
and the settings are *really* in /etc/dovecot/dovecot.conf or in some ".d"-folder which may or may not be included?
I believe they are in /etc/dovecot/dovecot.conf:
# cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self =
Jeff
On 3/31/2014 5:47 PM, Jeffrey Walton <noloader@gmail.com> wrote:
On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald<h.reindl@thelounge.net> wrote:
and the settings are*really* in /etc/dovecot/dovecot.conf or in some ".d"-folder which may or may not be included? I believe they are in /etc/dovecot/dovecot.conf:
# cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self =
Jeffrey,
What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here...
It proves that you are using the settings you think you are using.
simply cat'ing the contents of a file that you areediting is not good enough.
Like postconf -n in postfix, doveconf -n dumps the output of the config that the running version of dovecot is qactually using.
This shines the light on obvious errors, like when you are editing a config file that is NOT being used. This is a common mistake, especially in distributions that put things in non-standard places.
So, what is output of doveconf -n? And postconf -n (if needed)?
--
Best regards,
Charles
On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
...
What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here...
It proves that you are using the settings you think you are using.
# doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no log_path = /var/log/dovecot.log mail_location = mbox:~/mail:INBOX=/var/mail/%u namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /var/mail/%d/users driver = passwd-file } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap pop3" ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd }
# postconf -n alias_maps = hash:/etc/postfix/aliases append_dot_mydomain = no biff = no config_directory = /etc/postfix inet_interfaces = all inet_protocols = all mailbox_command = mailbox_size_limit = 0 mydestination = debian-x2.home.pvt, localhost.home.pvt, localhost myhostname = debian-x2.home.pvt mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 myorigin = /etc/mailname readme_directory = no recipient_delimiter = + relayhost = smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache smtpd_banner = $myhostname ESMTP $mail_name smtpd_sasl_auth_enable = yes smtpd_sasl_exceptions_networks = $mynetworks smtpd_sasl_path = private/auth smtpd_sasl_security_options = noanonymous smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_protocols = !SSLv2 !SSLv3 !PSK !SRP !KRB5 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_use_tls = yes virtual_alias_maps = hash:/etc/postfix/aliases virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail virtual_mailbox_domains = hash:/etc/postfix/domains virtual_mailbox_maps = hash:/etc/postfix/mailboxes virtual_minimum_uid = 100 virtual_uid_maps = static:5000
On 4/1/2014 6:34 AM, Jeffrey Walton <noloader@gmail.com> wrote:
On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
...
What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here...
It proves that you are using the settings you think you are using.
# doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no
So... where is auth_mechanisms? You said you had it set to
auth_mechanisms = plain login digest-md5 cram-md5
Fix this and try again...
--
Best regards,
Charles
On Tue, Apr 1, 2014 at 6:44 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
On 4/1/2014 6:34 AM, Jeffrey Walton <noloader@gmail.com> wrote:
On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
...
What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here...
It proves that you are using the settings you think you are using.
# doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no
So... where is auth_mechanisms? You said you had it set to # doveconf -n | head -1 # 2.1.7: /etc/dovecot/dovecot.conf
# cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self =
Obviously, I don't know how. That's the file that conf dovecot claims it is using. It you know how to find out the conf file dovecot is *really* using, then please let me know.
Jeff
On 4/1/2014 6:56 AM, Jeffrey Walton <noloader@gmail.com> wrote:
Obviously, I don't know how. That's the file that conf dovecot claims it is using. It you know how to find out the conf file dovecot is *really* using, then please let me know.
First read this:
http://wiki2.dovecot.org/BasicConfiguration
Especially this part:
"The default configuration starts from dovecot.conf, which contains an !include conf.d/*.conf statement to read the rest of the configuration. This split of configuration files isn't a requirement to use, and it doesn't really matter which .conf file you add any particular setting, just as long as it isn't overridden in another file. You can verify with doveconf -n that everything looks as you intended."
If you want all settings in a single config file, you need to tell dovecot this.
If you don't, then the last settings that are applied, based on the order these split config files (in conf.d) are read (the number prefix determines the order) win.
Personally, I put all of mine in /etc/dovecot/conf.d/99-mysettings.conf
The 99- prefix makes sure that these settings get applied plast.
Also, you never answered my last question - what distro?
Some distros put config files in different (non-standard) places, and/or enable chroot by default, complicating things for their users (although it is fully documented, so users who encounter problems because of this do so because they didn't rtfm well enough)...
--
Best regards,
Charles
On 04/ 1/14 06:56 AM, Jeffrey Walton wrote:
On Tue, Apr 1, 2014 at 6:44 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
On 4/1/2014 6:34 AM, Jeffrey Walton <noloader@gmail.com> wrote:
On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus <CMarcus@media-brokers.com> wrote:
...
What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here...
It proves that you are using the settings you think you are using.
# doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no
So... where is auth_mechanisms? You said you had it set to # doveconf -n | head -1 # 2.1.7: /etc/dovecot/dovecot.conf
Check ALL actual settings:
# doveconf -a | grep mechanisms auth_mechanisms = plain login ......
I guess yours is missing "login" and using only "auth", as the default (hence not showing in "doveconf -n"). You should still be able to use imapsync with --authmech1 PLAIN --authmech2 PLAIN
Am 01.04.2014 12:22, schrieb Charles Marcus:
On 3/31/2014 5:47 PM, Jeffrey Walton <noloader@gmail.com> wrote:
On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald<h.reindl@thelounge.net> wrote:
and the settings are*really* in /etc/dovecot/dovecot.conf or in some ".d"-folder which may or may not be included? I believe they are in /etc/dovecot/dovecot.conf:
# cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self =
What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here...
if you would really follow the thread you whould have noticed that he did that already and i asked for the complete config file because:
- the mentioned one is clearly stated by doveconf -n
- the values in question are not displayed in the output
Am 01.04.2014 12:44, schrieb Charles Marcus:
So... where is auth_mechanisms? You said you had it set to
auth_mechanisms = plain login digest-md5 cram-md5
Fix this and try again..
and *that* is why i asked for the complete config yesterday because 2.1.7: /etc/dovecot/dovecot.conf is stated as config file and the value in question is not listed
On 4/1/2014 6:22 AM, Charles Marcus <CMarcus@Media-Brokers.com> wrote:
What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here...
Apologies Jeffrey, I didn't see your doveconf -n at the end, guess I got distracted by someone else's nonsense...
--
Best regards,
Charles
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 1 Apr 2014, Charles Marcus wrote:
It proves that you are using the settings you think you are using. simply cat'ing the contents of a file that you areediting is not good enough.
No question about that. I do not want to argue against doveconf -n, but
Like postconf -n in postfix, doveconf -n dumps the output of the config that the running version of dovecot is qactually using.
"the running version of dovecot is actually using" seems to be wrong - as I interprete the phrase.
If I change the config when Dovecot v2.2.10 runs, doveconf -n does not show the config of the _running_ Dovecot, but the config that will be used after reload.
My steps are:
- make sure Dovecot runs
- add a non-existing item to mail_plugins
- login -> success
- doveconf -n shows modified config
- doveadm reload
- login -> fails
I do not know if postconf -n behaves the same. I just wanted to point that out. It seems that one has to also request that everybody does a reload, too.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUzqxZXD1/YhP6VMHAQKsCwf6A74puuAQiTafzf4agVj45ZPMcKghmfwh 6CEERoSw6VSZ31WLXZ3wcL/58wiReG234gz+uec0Lhn69Tp/lJmCkUX4JJ/a0j2C 4sGs2aaDqy040jJlLNWD87GurCPvOUAal8WiTvurkQJPqUgMDmIeuIQaaMu/qPGi QMJ+rvHzBPKeWZyORbcKHnjcsnh/VJiRXmo3ISoLoSoL8M7EfGOXEzBYATv58SGK CFdXLlIiK6vQhTLJx+lyyqfnGsGmMNb/NMwLVl8Kkv/1NsZCdHhVJM28fPqJp5Uo lq6r1euUc/IqssVVj7adiLqdr/mEifQMLl08Vj2+kUVKjddTVER2Pw== =65nT -----END PGP SIGNATURE-----
On 3/31/2014 5:37 PM, Jeffrey Walton <noloader@gmail.com> wrote:
My dovecot.conf has the following:
You still have yet to prove this (doveconf -n output).
# No results when searching the wiki disable_plaintext_auth = no
Then you are searching the wiki wrong.
After entering the parameter in the searchbox (obviously you should not
add the '=no' part), did you click 'Titles'? Or 'Text'? Or did you just
hit [enter]?
You have to click the 'Text' button (to the right of the searchbox) to search the article CONTENT. Just hitting [Enter] results in a simple 'Titles' search, which only searches the wiki article Titles.
Personally I don't like this. I think the default should be to search content.
#http://wiki2.dovecot.org/Authentication/Mechanisms auth_mechanisms = plain login digest-md5 cram-md5When I attempt to run imapsync, I receive an error:
Host2: <host> says it has NO CAPABILITY for AUTHENTICATE LOGINimapsync also dumps the helo string, and it is missing:
Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLSAUTH=PLAIN] Dovecot ready.
I've restarted the dovecot service with 'service dovecot restart' and even rebooted the machine.
There is nothing reported in any on the log files (/var/mail/dovecot.log and /var/log/mail.<level>).
Then you are looking at the wrong log files.
Any ideas why dovecot is not honoring the setting in its config file?
Best guess is you are not using the config file you think you are using.
What distro is this?
--
Best regards,
Charles
participants (5)
-
Charles Marcus
-
Jeffrey Walton
-
Oscar del Rio
-
Reindl Harald
-
Steffen Kaiser