[Dovecot] Exim and Dovecot2 SASL: 435 Unable to authenticate at present
Hi. I had working Exim 4.71 and Dovecot 1.2.9 SASL configuration on Ubuntu Lucid, but needed some features from dovecot2, so I installed 2.0.13 from https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 . Now I get Subj error while trying to authenticate via dovecot auth-client socket. However IMAP auth works fine with 2.0.13 and smtp auth worked fine until upgrade, so I think there is something wrong with dovecot2.
Dovecot logs stay empty even with auth_debug*, just one string "auth: Debug: Loading modules from bla...". But here is another information that may help. And if it's needed I can build dovecot myself to ensure that ppa-build isn't guilty. Or debug some another way.
Thanks.
dovecot -n: # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-31-server x86_64 Ubuntu 10.04.2 LTS auth_debug = yes auth_debug_passwords = yes auth_mechanisms = plain login apop auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 8 first_valid_uid = 8 hostname = mail.domain.lan last_valid_gid = 8 last_valid_uid = 8 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes listen = * mail_gid = mail mail_location = maildir:~/ mail_plugins = " quota trash" mail_privileged_group = mail mail_uid = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = scheme=CRAM-MD5 username_format=%n /etc/dovecot/passwd.d/%d.passwd driver = passwd-file } plugin { autocreate = Trash autocreate2 = Junk autocreate3 = Drafts autocreate4 = Templates autocreate5 = Sent autosubscribe = Trash autosubscribe2 = Junk autosubscribe3 = Drafts autosubscribe4 = Templates autosubscribe5 = Sent quota = maildir:user quota quota_rule = *:storage=200M sieve = ~/dovecot.sieve sieve_dir = ~/sieve trash = /etc/dovecot/dovecot-trash.conf.ext } postmaster_address = postmaster@domain.lan protocols = " imap sieve pop3 sieve" service auth { unix_listener auth-client { mode = 0600 user = Debian-exim } unix_listener auth-userdb { mode = 0600 user = mail } } service managesieve-login { inet_listener sieve_deprecated { port = 2000 } } ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { args = username_format=%n /etc/dovecot/passwd.d/%d.passwd driver = passwd-file } protocol lda { mail_plugins = " quota trash sieve" } protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags mail_plugins = " quota trash imap_quota" } protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh }
################## swaks --to test@domain.lan --from=test@domain.lan --auth --auth-user=test@domain.lan --auth-password=111111 --server 127.0.0.1 -tlsc: (the same without tls, apop) === Trying 127.0.0.1:465... === Connected to 127.0.0.1. === TLS started w/ cipher DHE-RSA-AES256-SHA <~ 220 mail.domain.lan, ESMTP ready ~> EHLO mail.domain.lan <~ 250-mail.domain.lan Hello mail.domain.lan [127.0.0.1] <~ 250-SIZE 26214400 <~ 250-PIPELINING <~ 250-AUTH PLAIN LOGIN <~ 250 HELP ~> AUTH LOGIN <~* 435 Unable to authenticate at present ~> AUTH PLAIN AHRlc3RAZG9tYWluLmxhbgAxMTExMTE= <~* 435 Unable to authenticate at present *** No authentication type succeeded ~> QUIT <~ 221 mail.domain.lan closing connection === Connection closed with remote host.
##################### exim -d+auth output: Exim version 4.71 uid=0 gid=0 pid=29270 D=fbb95cfd Berkeley DB: Berkeley DB 4.8.24: (August 14, 2009) Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DKIM Old_Demime Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Fixed never_users: 0 Size of off_t: 8 GnuTLS compile-time version: 2.8.5 GnuTLS runtime version: 2.8.5 changed uid/gid: forcing real = effective uid=0 gid=0 pid=29270 auxiliary group list: <none> seeking password data for user "root": cache not available getpwnam() succeeded uid=0 gid=0 configuration file is /etc/exim4/exim4.conf log selectors = 0000cefe 00233821 cwd=/ 4 args: /usr/sbin/exim4 -bd -q30m -d+auth trusted user admin user seeking password data for user "Debian-exim": cache not available getpwnam() succeeded uid=103 gid=105 seeking password data for user "Debian-exim": using cached result getpwnam() succeeded uid=103 gid=105 seeking password data for user "mail": cache not available getpwnam() succeeded uid=8 gid=8 originator: uid=0 gid=0 login=root name=root 29270 LOG: MAIN 29270 IPv6 socket creation failed: Address family not supported by protocol 29270 LOG: MAIN 29270 Failed to create IPv6 socket for wildcard listening (Address family not supported by protocol): will use IPv4 29270 listening on all interfaces (IPv4) port 25 29270 LOG: MAIN 29270 IPv6 socket creation failed: Address family not supported by protocol 29270 LOG: MAIN 29270 Failed to create IPv6 socket for wildcard listening (Address family not supported by protocol): will use IPv4 29270 listening on all interfaces (IPv4) port 465 29270 pid written to /var/run/exim4/exim.pid 29270 changed uid/gid: running as a daemon 29270 uid=103 gid=105 pid=29270 29270 auxiliary group list: 105 999 29270 LOG: MAIN 29270 exim 4.71 daemon started: pid=29270, -q30m, listening for SMTP on port 25 (IPv4) and for SMTPS on port 465 (IPv4) 29270 set_process_info: 29270 daemon: -q30m, listening for SMTP on port 25 (IPv4) and for SMTPS on port 465 (IPv4) 29270 daemon running with uid=103 gid=105 euid=103 egid=105 29270 SIGALRM received 29270 1 queue-runner process running 29270 Listening... 29271 Starting queue-runner: pid 29271 29271 exec /usr/sbin/exim4 -q 29270 child 29271 ended: status=0x0 29270 0 queue-runner processes now running 29270 Listening... 29270 Connection request from 127.0.0.1 port 58341 29270 search_tidyup called 29270 1 SMTP accept process running 29270 Listening... 29279 sender_fullhost = [127.0.0.1] 29279 sender_rcvhost = [127.0.0.1] 29279 Process 29279 is handling incoming connection from [127.0.0.1] 29279 host in host_lookup? no (option unset) 29279 set_process_info: 29279 handling incoming connection from [127.0.0.1] I=[127.0.0.1]:465 29279 initializing GnuTLS as a server 29279 read D-H parameters from file 29279 initialized D-H parameters 29279 certificate file = /etc/ssl/certs/dovecot.pem 29279 key file = /etc/ssl/private/dovecot.pem 29279 initialized certificate stuff 29279 host in tls_verify_hosts? no (option unset) 29279 host in tls_try_verify_hosts? no (option unset) 29279 initialized GnuTLS session 29279 gnutls_handshake was successful 29279 cipher: TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32 29279 host in host_reject_connection? no (option unset) 29279 duplicate IP address 127.0.0.1 (MX=-1) removed 29279 gethostbyname2 looked up these IP addresses: 29279 name=localhost address=::1 29279 name=localhost address=127.0.0.1 29279 host in sender_unqualified_hosts? yes (matched "localhost") 29279 duplicate IP address 127.0.0.1 (MX=-1) removed 29279 gethostbyname2 looked up these IP addresses: 29279 name=localhost address=::1 29279 name=localhost address=127.0.0.1 29279 host in recipient_unqualified_hosts? yes (matched "localhost") 29279 host in helo_verify_hosts? no (option unset) 29279 host in helo_try_verify_hosts? no (option unset) 29279 host in helo_accept_junk_hosts? no (option unset) 29279 SMTP>> 220 mail.domain.lan, ESMTP ready 29279 tls_do_write(7f10202175a0, 31) 29279 gnutls_record_send(SSL, 7f10202175a0, 31) 29279 outbytes=31 29279 Process 29279 is ready for new message 29279 smtp_setup_msg entered 29279 Calling gnutls_record_recv(7f102023f0c0, 7f1020241e40, 4096) 29279 SMTP<< EHLO mail.domain.lan 29279 mail.domain.lan in helo_lookup_domains? no (end of list) 29279 sender_fullhost = (mail.domain.lan) [127.0.0.1] 29279 sender_rcvhost = [127.0.0.1] (helo=mail.domain.lan) 29279 set_process_info: 29279 handling TLS incoming connection from (mail.domain.lan) [127.0.0.1] I=[127.0.0.1]:465 29279 host in pipelining_advertise_hosts? yes (matched "*") 29279 host in auth_advertise_hosts? yes (matched "*") 29279 tls_do_write(7f10202229c8, 119) 29279 gnutls_record_send(SSL, 7f10202229c8, 119) 29279 outbytes=119 29279 SMTP>> 250-mail.domain.lan Hello mail.domain.lan [127.0.0.1] 29279 250-SIZE 26214400 29279 250-PIPELINING 29279 250-AUTH PLAIN LOGIN 29279 250 HELP 29279 Calling gnutls_record_recv(7f102023f0c0, 7f1020241e40, 4096) 29279 SMTP<< AUTH LOGIN 29279 dovecot authentication 29279 received: VERSION 1 1 29279 received: MECH PLAIN plaintext 29279 received: MECH LOGIN plaintext 29279 received: MECH APOP private dictionary active 29279 received: SPID 29280 29279 received: CUID 1 29279 received: COOKIE cf735efce15b21bbb10568c4a762017c 29279 SMTP>> 435 Unable to authenticate at present 29279 tls_do_write(7f10202175a0, 39) 29279 gnutls_record_send(SSL, 7f10202175a0, 39) 29279 outbytes=39 29279 LOG: MAIN REJECT 29279 auth_login authenticator failed for (mail.domain.lan) [127.0.0.1] I=[127.0.0.1]:465: 435 Unable to authenticate at present: authentication socket protocol error 29279 Calling gnutls_record_recv(7f102023f0c0, 7f1020241e40, 4096) 29279 SMTP<< AUTH PLAIN AHRlc3RAZG9tYWluLmxhbgAxMTExMTE= 29279 host in smtp_accept_max_nonmail_hosts? yes (matched "*") 29279 dovecot authentication 29279 received: VERSION 1 1 29279 received: MECH PLAIN plaintext 29279 received: MECH LOGIN plaintext 29279 received: MECH APOP private dictionary active 29279 received: SPID 29280 29279 received: CUID 2 29279 received: COOKIE 06f8b3d9441b40b4069f53cdd0d128a4 29279 SMTP>> 435 Unable to authenticate at present 29279 tls_do_write(7f10202175a0, 39) 29279 gnutls_record_send(SSL, 7f10202175a0, 39) 29279 outbytes=39 29279 LOG: MAIN REJECT 29279 auth_plain authenticator failed for (mail.domain.lan) [127.0.0.1] I=[127.0.0.1]:465: 435 Unable to authenticate at present: authentication socket protocol error 29279 Calling gnutls_record_recv(7f102023f0c0, 7f1020241e40, 4096) 29279 SMTP<< QUIT 29279 SMTP>> 221 mail.domain.lan closing connection 29279 tls_do_write(7f10202175a0, 37) 29279 gnutls_record_send(SSL, 7f10202175a0, 37) 29279 outbytes=37 29279 tls_close(): shutting down TLS 29279 LOG: smtp_connection MAIN 29279 SMTP connection from (mail.domain.lan) [127.0.0.1] I=[127.0.0.1]:465 closed by QUIT 29279 search_tidyup called 29270 child 29279 ended: status=0x0 29270 0 SMTP accept processes now running 29270 Listening...
-- Best regards, Sergey Urushkin
On Tue, 2011-06-28 at 21:38 +0400, Sergey Urushkin wrote:
29279 received: COOKIE cf735efce15b21bbb10568c4a762017c 29279 SMTP>> 435 Unable to authenticate at present
I guess Exim gets confused by the COOKIE that is sent to it. It should just ignore it, but it fails. Since this COOKIE is important for Dovecot itself, this can only be fixed on Exim side.
:2011-06-28T21:38:Sergey Urushkin:
Hi. I had working Exim 4.71 and Dovecot 1.2.9 SASL configuration on Ubuntu Lucid, but needed some features from dovecot2, so I installed 2.0.13 from https://launchpad.net/~carsten-uppenbrink-net/+archive/dovecot2 . Now I get Subj error while trying to authenticate via dovecot auth-client socket. However IMAP auth works fine with 2.0.13 and smtp auth worked fine until upgrade, so I think there is something wrong with dovecot2.
Dovecot logs stay empty even with auth_debug*, just one string "auth: Debug: Loading modules from bla...". But here is another information that may help. And if it's needed I can build dovecot myself to ensure that ppa-build isn't guilty. Or debug some another way.
If this is still relevant.
This has been fixed in a later than 4.71 exim - specifically 4.72(current version is 4.76) so just upgrade and it will work.
Regards
Andraž 'ruskie' Levstik Source Mage GNU/Linux Games/Xorg grimoire guru Re-Alpine Coordinator http://sourceforge.net/projects/re-alpine/ Geek/Hacker/Tinker
Don't forget: the future is now. It's just not widely distributed yet.
participants (3)
-
Andraž 'ruskie' Levstik
-
Sergey Urushkin
-
Timo Sirainen