Virtual User Authentication
I have only "virtual users" on the system that I maintain. I am using Postfix which is configured to use Devecot for authentication. I get several attempts everyday to hack into the system, both via Postfix and directly via Dovecot. The following is from the dovecot log:
Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?)
Now, I do not use "pam" on this system. Is there a way I can eliminate Dovecot from trying to use it?
-- Jerry
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 11 Nov 2014, Jerry wrote:
Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?)
Now, I do not use "pam" on this system. Is there a way I can eliminate Dovecot from trying to use it?
post your doveconf -n
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVGINdnz1H7kL/d9rAQIMRAf/Z6P6J0HLfhivcaEg6Y1RJI8s6TW735L7 5tRHv+XDNuwGVfMa0yge8XnTII4GoMeXkP99DJIOULF3lPfZ9sd2mr8JZmVjINQQ togbwmoPkvEQ3b1SnNYNWXOwA35+Z4UeLgNIGxkZ+PJwbuoi4dZVl0QiQB0S8b1G t32Z1bR2Hml/5r7S8rN9mZI2EpYPUhkG6cTxNK/zZw90NW0AtJ+RoKz8Mo+GhMff NdVgGT9YD7m+79XE6WUwm2KFGBcmd6K4LFWBn5XorEI5YrPoktCUp1c+StM0TJNE PRv8ATWN2zUPRIxrRtqRp7WCsEGQLRWxfW7sE+zrU5MggPXSKE2m4Q== =JnBO -----END PGP SIGNATURE-----
On Tue, 11 Nov 2014 14:21:58 +0100 (CET), Steffen Kaiser stated:
On Tue, 11 Nov 2014, Jerry wrote:
Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?)
Now, I do not use "pam" on this system. Is there a way I can eliminate Dovecot from trying to use it?
post your doveconf -n
$ dovecot -n # 2.2.15: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 10.0-RELEASE-p12 amd64 ufs auth_mechanisms = plain login cram-md5 digest-md5 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot mail_location = maildir:/var/mail/vmail/%d/gerard managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } passdb { driver = pam } passdb { args = scheme=CRYPT username_format=%u /usr/local/etc/dovecot/user/passwd driver = passwd-file } plugin { sieve_global_dir = /usr/local/etc/dovecot/sieve/ sieve_global_path = /usr/local/etc/dovecot/sieve/default.sieve } postmaster_address = postmaster@seibercom.net service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_cert =
-- Jerry
Am 11.11.2014 um 15:41 schrieb Jerry:
On Tue, 11 Nov 2014 14:21:58 +0100 (CET), Steffen Kaiser stated:
On Tue, 11 Nov 2014, Jerry wrote:
Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?)
Now, I do not use "pam" on this system. Is there a way I can eliminate Dovecot from trying to use it?
post your doveconf -n
passdb { driver = pam }
well, did you read the output?
On Tue, 11 Nov 2014 15:44:31 +0100, Reindl Harald stated:
Am 11.11.2014 um 15:41 schrieb Jerry:
On Tue, 11 Nov 2014 14:21:58 +0100 (CET), Steffen Kaiser stated:
On Tue, 11 Nov 2014, Jerry wrote:
Nov 11 04:14:48 auth-worker(21005): Error: pam(monica,69.193.88.146): pam_authenticate() failed: authentication error (/etc/pam.d/dovecot missing?)
Now, I do not use "pam" on this system. Is there a way I can eliminate Dovecot from trying to use it?
post your doveconf -n
passdb { driver = pam }
well, did you read the output?
Yes I did. I created a dovecot.conf file and placed this in it:
#passdb { # driver = pam #}
It didn't work. Dovecot has so many individual conf files that it is difficult to figure out where everything is. I really like the Postfix method where the last rule wins. I have not figured out in what file the "pam" setting resides that is being picked up by Dovecot.
Personally, I am not a fan of this multiple file configuration scenario.
-- Jerry
On 11.11.2014 16:13, Jerry wrote:
Dovecot has so many individual conf files that it is difficult to figure out where everything is. I really like the Postfix method where the last rule wins.
It's just the same with dovecot.
I have not figured out in what file the "pam" setting resides that is being picked up by Dovecot.
Give grep a chance.
Regards, Christian
-- No signature available.
participants (4)
-
Christian Schmidt
-
Jerry
-
Reindl Harald
-
Steffen Kaiser