[Dovecot] IMAP and SMTP Authentication
I'm a bit further along but haven't figured out why Authentication is still failing. I've tried a telnet to port 143 and openssl connection to 993.
The command I issued, per the debugging page on the wiki, is:
a login info@aesoft-sbcs.com crapHere is a snapshot from my logs (yup second try and blank lines to make it easier for me to read).
Oct 7 08:17:20 mx0 dovecot: auth(default): client in: AUTH 2 PLAIN service=imap secured lip=216.64.180.226 rip=66.193.34.88 lport=993 rport=65026 resp=AGluZm9AYWVzb2Z0LXNiY3MuY29tAGNyYXA=
Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file /var/mail/vhosts/aesoft-sbcs.com/passwd: Read 3 users
Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file(info@aesoft-sbcs.com,66.193.34.88): lookup: user=info@aesoft-sbcs.com file=/var/mail/vhosts/aesoft-sbcs.com/passwd
Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file(info@aesoft-sbcs.com,66.193.34.88): unknown user
Oct 7 08:17:22 mx0 dovecot: auth(default): client out: FAIL 2 user=info@aesoft-sbcs.com
And here is the relevant line from /var/mail/vhosts/aesoft-sbcs.com/passwd
info:{PLAIN}crap:5000:5000::/var/mail/vhosts/aesoft-sbcs.com/info
Yes there are three users in the file.
What is puzzling me is why the source connection's IP is showing up in the /lookup/.
I did not create the directory
/var/mail/vhosts/aesoft-sbcs.com/info/MaildirShould I?
I've attached the out put from postconf -n and dovecot -n since I'm pretty sure I've got some setting wrong.
Thanks for any ideas or clues.
Rod
alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases broken_sasl_auth_clients = yes config_directory = /etc/postfix default_destination_concurrency_limit = 10 disable_vrfy_command = yes header_checks = regexp:/etc/postfix/header_checks.regexp inet_interfaces = 216.64.180.226, 127.0.0.1 local_recipient_maps = local_transport = virtual message_size_limit = 20971520 mydestination = localhost mydomain = aesoft-sbcs.com myhostname = mx0.cyber-office.net mynetworks = 127.0.0.0/8 recipient_delimiter = + smtp_bind_address = 216.64.180.226 smtpd_data_restrictions = reject_unauth_pipelining, reject_multi_recipient_bounce smtpd_discard_ehlo_keywords = silent-discard, dsn smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_invalid_hostname reject_non_fqdn_hostname smtpd_recipient_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_non_fqdn_recipient, permit_sasl_authenticated, reject_unauth_destination, reject_unlisted_recipient, permit smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = $mydomain smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_tls_cert_file = /etc/pki/tls/certs/mail.pem smtpd_tls_key_file = /etc/pki/tls/private/mail.pem smtpd_tls_security_level = may virtual_gid_maps = static:5000 virtual_mailbox_base = /var/mail/vhosts virtual_mailbox_domains = $mydomain, digitalcda.org virtual_mailbox_maps = hash:/etc/postfix/vmailbox virtual_minimum_uid = 500 virtual_transport = dovecot virtual_uid_maps = static:5000
# 1.1.3: /etc/dovecot.conf log_path: /var/log/dovecot/dovecot.log info_log_path: /var/log/dovecot/dovecot-info.log protocols: imap imaps listen: 127.0.0.1:143 ssl_listen: *:993 login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login login_greeting_capability: yes valid_chroot_dirs: /var/mail first_valid_uid: 5000 last_valid_uid: 5000 first_valid_gid: 5000 last_valid_gid: 5000 mail_access_groups: mail mail_location: maildir:~/Maildir mail_debug: yes maildir_copy_preserve_filename: yes mail_plugins: acl imap_client_workarounds: outlook-idle namespace: type: private separator: . prefix: INBOX. inbox: yes list: yes subscriptions: yes auth default: mechanisms: plain login CRAM-MD5 default_realm: aesoft-sbcs.com verbose: yes debug: yes debug_passwords: yes passdb: driver: passwd-file args: /var/mail/vhosts/%d/passwd userdb: driver: passwd-file args: uid=vmail gid=vmail username_format=%n /var/mail/vhosts/%d/passwd socket: type: listen master: path: /var/run/dovecot/auth-master mode: 432 user: vmail socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix
On Oct 7, 2008, at 6:33 PM, Roderick A. Anderson wrote:
Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file(info@aesoft-sbcs.com ,66.193.34.88): unknown user
It's looking up info@aesoft-sbcs.com from the file.
info:{PLAIN}crap:5000:5000::/var/mail/vhosts/aesoft-sbcs.com/info
But you have only info there. So either change it here, or:
passdb: driver: passwd-file args: /var/mail/vhosts/%d/passwd
From http://wiki.dovecot.org/AuthDatabase/PasswdFile:
username_format=<s>: Look up usernames using this format instead of
the full username (%u). If you want to enable user@domain logins but
have only "user" in the file, set this to %n.
So use:
passdb passwd-file { args = username_format=%n /var/mail/vhosts/%d/passwd }
Timo Sirainen wrote:
On Oct 7, 2008, at 6:33 PM, Roderick A. Anderson wrote:
Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file(info@aesoft-sbcs.com,66.193.34.88): unknown user
It's looking up info@aesoft-sbcs.com from the file.
info:{PLAIN}crap:5000:5000::/var/mail/vhosts/aesoft-sbcs.com/info
But you have only info there. So either change it here, or:
passdb: driver: passwd-file args: /var/mail/vhosts/%d/passwd
From http://wiki.dovecot.org/AuthDatabase/PasswdFile:
username_format=<s>: Look up usernames using this format instead of the full username (%u). If you want to enable user@domain logins but have only "user" in the file, set this to %n.
So use:
passdb passwd-file { args = username_format=%n /var/mail/vhosts/%d/passwd }
Well these did seem to be set correctly (I've been experimenting with different settings).
Here is a portion of "dovecot -n" output
passdb: driver: passwd-file args: /var/mail/vhosts/%d/passwd userdb: driver: passwd-file args: uid=vmail gid=vmail username_format=%n /var/mail/vhosts/%d/passwd
Where does userdb and passdb each come into play? Should their settings be the same since I'm using one file?
TIA, Rod
On Oct 7, 2008, at 7:16 PM, Roderick A. Anderson wrote:
So use: passdb passwd-file { args = username_format=%n /var/mail/vhosts/%d/passwd } Well these did seem to be set correctly (I've been experimenting
with different settings).Here is a portion of "dovecot -n" output
passdb: driver: passwd-file args: /var/mail/vhosts/%d/passwd userdb: driver: passwd-file args: uid=vmail gid=vmail username_format=%n /var/mail/vhosts/%d/ passwd
passwd-file has no such settings as uid and gid.
Where does userdb and passdb each come into play?
Password is looked up from the passdb. After user is successfully
authenticated it looks up home directory, uid and gid from userdb.
Should their settings be the same since I'm using one file?
Yes.
Timo Sirainen wrote:
On Oct 7, 2008, at 7:16 PM, Roderick A. Anderson wrote:
So use: passdb passwd-file { args = username_format=%n /var/mail/vhosts/%d/passwd } Well these did seem to be set correctly (I've been experimenting with different settings).
Here is a portion of "dovecot -n" output
passdb: driver: passwd-file args: /var/mail/vhosts/%d/passwd userdb: driver: passwd-file args: uid=vmail gid=vmail username_format=%n /var/mail/vhosts/%d/passwd
passwd-file has no such settings as uid and gid.
This appears to be the problem. So much for copy and paste then modify from a bunch of different examples! 8-|
Now I can log into Dovecot (IMAP) and send mail to the accounts (Postfix/Dovecot AUTH).
Thanks Timo.
Rod
Where does userdb and passdb each come into play?
Password is looked up from the passdb. After user is successfully authenticated it looks up home directory, uid and gid from userdb.
Should their settings be the same since I'm using one file?
Yes.
Roderick A. Anderson wrote:
I'm a bit further along but haven't figured out why Authentication is still failing. I've tried a telnet to port 143 and openssl connection to 993.
The command I issued, per the debugging page on the wiki, is:
a login info@aesoft-sbcs.com crapHere is a snapshot from my logs (yup second try and blank lines to make it easier for me to read).
Oct 7 08:17:20 mx0 dovecot: auth(default): client in: AUTH 2 PLAIN service=imap secured lip=216.64.180.226 rip=66.193.34.88
lport=993 rport=65026 resp=AGluZm9AYWVzb2Z0LXNiY3MuY29tAGNyYXA=Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file /var/mail/vhosts/aesoft-sbcs.com/passwd: Read 3 users
Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file(info@aesoft-sbcs.com,66.193.34.88): lookup: user=info@aesoft-sbcs.com file=/var/mail/vhosts/aesoft-sbcs.com/passwd
Oct 7 08:17:20 mx0 dovecot: auth(default): passwd-file(info@aesoft-sbcs.com,66.193.34.88): unknown user
Oct 7 08:17:22 mx0 dovecot: auth(default): client out: FAIL 2 user=info@aesoft-sbcs.com
And here is the relevant line from
/var/mail/vhosts/aesoft-sbcs.com/passwdinfo:{PLAIN}crap:5000:5000::/var/mail/vhosts/aesoft-sbcs.com/info
The user is "info@aesoft-sbcs.com", not "info".
~Seth
participants (3)
-
Roderick A. Anderson
-
Seth Mattinen
-
Timo Sirainen