Intermittent IMAP Login failures - about 25% fail
New server & just added three domains: now I see "dovecot: imap-login: Aborted login (auth failed, 1 attempts in 5 secs): user=<username.companyname>, method=PLAIN, rip=1.1.1.1, lip=99.99.99.99, TLS, session=<kw6Y2NYviQBex5Un>" Plus all Outlook users keep being bounced and finally get in. I am going to kill all the users soon...
Not too many files open, nor bandwidth, nor load.
Any light/help appreciated.
root@brazil:/var/log# dovecot --version 2.2.9 root@brazil:/var/log# dovecot -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.19.0-58-generic x86_64 Ubuntu 14.04.4 LTS auth_debug_passwords = yes auth_mechanisms = plain login mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 pop3 ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd }
Thanks
New server & just added three domains: now I see "dovecot: imap-login: Aborted login (auth failed, 1 attempts in 5 secs): user=<username.companyname>, method=PLAIN, rip=1.1.1.1, lip=99.99.99.99, TLS, session=<kw6Y2NYviQBex5Un>" Plus all Outlook users keep being bounced and finally get in.
Failure rate is a predictable 25%
I am going to kill all the users soon...
Not too many files open, nor bandwidth, nor load.
Any light/help appreciated.
root@brazil:/var/log# dovecot --version 2.2.9 root@brazil:/var/log# dovecot -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.19.0-58-generic x86_64 Ubuntu 14.04.4 LTS auth_debug_passwords = yes auth_mechanisms = plain login mail_location = maildir:~/Maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap pop3 pop3 ssl_cert = </etc/dovecot/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd }
Thanks
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 7 Apr 2016, Mobile Phone wrote:
New server & just added three domains: now I see "dovecot: imap-login: Aborted login (auth failed, 1 attempts in 5 secs): user=<username.companyname>, method=PLAIN, rip=1.1.1.1, lip=99.99.99.99, TLS, session=<kw6Y2NYviQBex5Un>" Plus all Outlook users keep being bounced and finally get in.
Did you tried to enable auth debug?
http://wiki2.dovecot.org/Debugging/Authentication
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVwZad3z1H7kL/d9rAQLDGwf/RS54zzxS4P6XxBmwPL2b3iA2YD5a9dHL +jTs6s5zS0leX8PWcrjES9BoU8pRBRm4IRqJFI5eZeWmhSVvHSe5iAEZ0n8k+MGc yunHljQLvsNg5EJtxiOf7TLw9k7lJuilKb5WR1aC5gBO0NscxWUIhXHy1uSGOGv8 xtzZPSvmZJcjQWqtVl7NklUy8+jRj42uwtS3Q3G2OhyBR45vpsPQBkeNsYHaITdF Q+LE6lAaVFuxCoX7d4XQyt+craNq0mNEl3A6DBb41YY6bK+QdXt9ciG1iOAF1aR1 zPRlII0Vt1USX9Jw+B24/f6zfFv5yQ6q/k35o9YO0taot5swtnJBOA== =2aRu -----END PGP SIGNATURE-----
Yes, I had as soon as I saw strange results. The fault is still intermittent and affecting all clients.
auth.log: Apr 7 15:05:27 brazil auth: message repeated 10 times: [ pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=prtg.08dir rhost=91.91.91.91 user=prtg.08dir]
mail.log: Apr 7 15:05:01 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<prtg.08dir>, method=PLAIN, rip=99.99.99.99, lip=91.91.91.91, TLS, session=<sYQ7kOUvjQBex5Un> Apr 7 15:05:02 brazil postfix/smtpd[13968]: connect from unknown[91.91.19.91] Apr 7 15:05:02 brazil postfix/smtpd[13968]: disconnect from unknown[91.91.19.91] Apr 7 15:05:27 brazil dovecot: auth: Debug: auth client connected (pid=14880) Apr 7 15:05:27 brazil dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=AY8JkxUvzQBex5Un#011lip=99.99.99.99#011rip=91.91.19.91#011lport=143#011rport=59085#011resp=AHBydGcuMDhkaXJlY3QAV2VmdWNraW5IYXRlU3BhbQ== (previous base64 data may contain sensitive data) Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.19.91): lookup service=dovecot Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.19.91): #1/1 style=1 msg=Password: Apr 7 15:05:29 brazil dovecot: auth-worker(13031): pam(prtg.08dir,91.91.19.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) Apr 7 15:05:31 brazil dovecot: auth: Debug: client passdb out: FAIL#0111#011user=prtg.08dir Apr 7 15:05:31 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<prtg.08dir>, method=PLAIN, rip=91.91.19.91, lip=99.99.99.99, TLS, session=<AY8JkuUvzQBex5Un>
syslog: root@brazil:/var/log# cat syslog|grep "Apr 7 15:05"|more Apr 7 15:05:01 brazil dovecot: auth: Debug: client passdb out: FAIL#0111#011user=prtg.08dir Apr 7 15:05:01 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<prtg.08dir>, method=PLAIN, rip=91.91.91.91, lip=99.99.99.99, TLS, session=<sYQ7kOUvjQBex5Un> Apr 7 15:05:02 brazil postfix/smtpd[13968]: connect from unknown[91.91.91.91] Apr 7 15:05:02 brazil postfix/smtpd[13968]: disconnect from unknown[91.91.91.91] Apr 7 15:05:27 brazil dovecot: auth: Debug: auth client connected (pid=14880) Apr 7 15:05:27 brazil dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=imap#011secured#011session=AY8JkuUvzQBex5Un#011lip=99.99.99.99#011rip=91.91.91.91#011lport=143#011rport=59085#011resp=AHBydGcuMDhkaXJlY3QAV2VmdWNraW5IYXRlU3BhbQ== (previous base64 data may contain sensitive data) Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.91.91): lookup service=dovecot Apr 7 15:05:27 brazil dovecot: auth-worker(13031): Debug: pam(prtg.08dir,91.91.91.91): #1/1 style=1 msg=Password: Apr 7 15:05:29 brazil dovecot: auth-worker(13031): pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: YesThisWasTheCorrectPassword) Apr 7 15:05:31 brazil dovecot: auth: Debug: client passdb out: FAIL#0111#011user=prtg.08dir Apr 7 15:05:31 brazil dovecot: imap-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<prtg.08dir>, method=PLAIN, rip=91.91.91.91, lip=99.99.99.99, TLS, session=<AY8JkuUvzQBex5Un> Apr 7 15:05:33 brazil dovecot: auth: Debug: auth client connected (pid=14881)
Why it this bouncing 25% + of IMAP AUTH LOGINs?
On 7 April 2016 at 14:02, Steffen Kaiser <skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 7 Apr 2016, Mobile Phone wrote:
New server & just added three domains:
now I see "dovecot: imap-login: Aborted login (auth failed, 1 attempts in 5 secs): user=<username.companyname>, method=PLAIN, rip=1.1.1.1, lip=99.99.99.99, TLS, session=<kw6Y2NYviQBex5Un>" Plus all Outlook users keep being bounced and finally get in.
Did you tried to enable auth debug?
http://wiki2.dovecot.org/Debugging/Authentication
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVwZad3z1H7kL/d9rAQLDGwf/RS54zzxS4P6XxBmwPL2b3iA2YD5a9dHL +jTs6s5zS0leX8PWcrjES9BoU8pRBRm4IRqJFI5eZeWmhSVvHSe5iAEZ0n8k+MGc yunHljQLvsNg5EJtxiOf7TLw9k7lJuilKb5WR1aC5gBO0NscxWUIhXHy1uSGOGv8 xtzZPSvmZJcjQWqtVl7NklUy8+jRj42uwtS3Q3G2OhyBR45vpsPQBkeNsYHaITdF Q+LE6lAaVFuxCoX7d4XQyt+craNq0mNEl3A6DBb41YY6bK+QdXt9ciG1iOAF1aR1 zPRlII0Vt1USX9Jw+B24/f6zfFv5yQ6q/k35o9YO0taot5swtnJBOA== =2aRu -----END PGP SIGNATURE-----
On 07 Apr 2016, at 19:02, Mobile Phone <cell@eceb.co.uk> wrote:
pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: YesThisWasTheCorrectPassword)
..
Why it this bouncing 25% + of IMAP AUTH LOGINs?
PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things. Maybe you have enabled some PAM plugin that denies the user's access even if the password is correct. Unfortunately there's no way to enable debugging for PAM. Try simplifying your PAM setup, or if you can't figure out anything else switch to passdb shadow.
SOLVED: Should anyone else run into this and debugging shows no issues, just random dovecot logins fails - there was a bad username stored. "pwck" showed it up. Only cost me 3 days
On 7 April 2016 at 17:24, Timo Sirainen <tss@iki.fi> wrote:
On 07 Apr 2016, at 19:02, Mobile Phone <cell@eceb.co.uk> wrote:
pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password:
YesThisWasTheCorrectPassword) ..
Why it this bouncing 25% + of IMAP AUTH LOGINs?
PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things. Maybe you have enabled some PAM plugin that denies the user's access even if the password is correct. Unfortunately there's no way to enable debugging for PAM. Try simplifying your PAM setup, or if you can't figure out anything else switch to passdb shadow.
I'm not getting a hit on "Dovecot pwck". Can you elaborate.
Original Message From: Mobile Phone Sent: Friday, April 8, 2016 3:20 AM To: Dovecot Mailing List Reply To: support@eceb.co.uk Subject: Re: Intermittent IMAP Login failures - about 25% fail
SOLVED: Should anyone else run into this and debugging shows no issues, just random dovecot logins fails - there was a bad username stored. "pwck" showed it up. Only cost me 3 days
On 7 April 2016 at 17:24, Timo Sirainen <tss@iki.fi> wrote:
On 07 Apr 2016, at 19:02, Mobile Phone <cell@eceb.co.uk> wrote:
pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password:
YesThisWasTheCorrectPassword) ..
Why it this bouncing 25% + of IMAP AUTH LOGINs?
PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things. Maybe you have enabled some PAM plugin that denies the user's access even if the password is correct. Unfortunately there's no way to enable debugging for PAM. Try simplifying your PAM setup, or if you can't figure out anything else switch to passdb shadow.
Validating /etc/passwd & shadow: /usr/sbin/pwck
On 8 April 2016 at 13:04, <lists@lazygranch.com> wrote:
I'm not getting a hit on "Dovecot pwck". Can you elaborate.
Original Message From: Mobile Phone Sent: Friday, April 8, 2016 3:20 AM To: Dovecot Mailing List Reply To: support@eceb.co.uk Subject: Re: Intermittent IMAP Login failures - about 25% fail
SOLVED: Should anyone else run into this and debugging shows no issues, just random dovecot logins fails - there was a bad username stored. "pwck" showed it up. Only cost me 3 days
On 7 April 2016 at 17:24, Timo Sirainen <tss@iki.fi> wrote:
On 07 Apr 2016, at 19:02, Mobile Phone <cell@eceb.co.uk> wrote:
pam(prtg.08dir,91.91.91.91): pam_authenticate() failed: Authentication failure (password mismatch?) (given password:
YesThisWasTheCorrectPassword) ..
Why it this bouncing 25% + of IMAP AUTH LOGINs?
PAM said that login wasn't allowed. PAM can have all kinds of plugins that can do all kinds of things. Maybe you have enabled some PAM plugin that denies the user's access even if the password is correct. Unfortunately there's no way to enable debugging for PAM. Try simplifying your PAM setup, or if you can't figure out anything else switch to passdb shadow.
participants (4)
-
lists@lazygranch.com
-
Mobile Phone
-
Steffen Kaiser
-
Timo Sirainen