Dovecot auth-worker error after cram-md5 auth
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two lines: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
On 31.01.2017 09:06, Poliman - Serwis wrote:
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two lines: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
Thank You for answer. Where could I setup these two lines?
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 31.01.2017 09:06, Poliman - Serwis wrote:
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two lines: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
----- Исходное сообщение -----
От: "Poliman - Serwis" serwis@poliman.pl Кому: "Aki Tuomi" aki.tuomi@dovecot.fi Копия: "dovecot" dovecot@dovecot.org Отправленные: Вторник, 31 Январь 2017 г 10:16:48 Тема: Re: Dovecot auth-worker error after cram-md5 auth
Thank You for answer. Where could I setup these two lines?
dovecot.conf?
-- WBR, BaseALT/ALTLinux Team
Output will be in console or in some king of log file?
2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev ekorneechev@altlinux.org:
----- Исходное сообщение -----
От: "Poliman - Serwis" serwis@poliman.pl Кому: "Aki Tuomi" aki.tuomi@dovecot.fi Копия: "dovecot" dovecot@dovecot.org Отправленные: Вторник, 31 Январь 2017 г 10:16:48 Тема: Re: Dovecot auth-worker error after cram-md5 auth
Thank You for answer. Where could I setup these two lines?
dovecot.conf?
-- WBR, BaseALT/ALTLinux Team
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
On 31.01.2017 09:47, Poliman - Serwis wrote:
Output will be in console or in some king of log file?
2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev ekorneechev@altlinux.org:
----- Исходное сообщение -----
От: "Poliman - Serwis" serwis@poliman.pl Кому: "Aki Tuomi" aki.tuomi@dovecot.fi Копия: "dovecot" dovecot@dovecot.org Отправленные: Вторник, 31 Январь 2017 г 10:16:48 Тема: Re: Dovecot auth-worker error after cram-md5 auth Thank You for answer. Where could I setup these two lines? dovecot.conf?
-- WBR, BaseALT/ALTLinux Team
That depends on your logging settings, but it will emit them into whatever your debug_log_path is. Default is syslog.
Aki
This is debug log files in syslog:
Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out:
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4=
Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql(
do_not_reply@example.com,12.173.211.32): query: SELECT email as user,
password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
'/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail,
uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS
userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
mail_user WHERE (login = 'do_not_reply@example.com' OR email = '
do_not_reply@example.com') AND disablesmtp = 'n' AND server_id = '1'
Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we
have only CRYPT
Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out:
FAIL#0112#011user=do_not_reply@example.com
Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication
failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4=
Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD
(/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
/bin/date "$line" >> /var/log/ispconfig/cron.log; done)
Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
/bin/date "$line" >> /var/log/ispconfig/cron.log; done)
Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#011lip=173.72.31.7#011rip=12.173.211.32#011secured
Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out:
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoLm5ldD4=
Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql(
do_not_reply@example.com,12.173.211.32): query: SELECT email as user,
password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
'/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail,
uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS
userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
mail_user WHERE (login = 'do_not_reply@example.com' OR email = '
do_not_reply@example.com') AND disablesmtp = 'n' AND server_id = '1'
Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we
have only CRYPT
Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out:
FAIL#0113#011user=do_not_reply@example.com
##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 31.01.2017 09:06, Poliman - Serwis wrote:
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two lines: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoLm5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error
Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 31.01.2017 09:06, Poliman - Serwis wrote:
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two lines: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error
Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 31.01.2017 09:06, Poliman - Serwis wrote:
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf
passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two
in lines:
driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two
On 31.01.2017 09:06, Poliman - Serwis wrote: lines:
driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B')
AS
userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmaster@vps342401.ovh.net ssl_cert =
mail_max_userip_connections = 100 passdb { # args = /etc/dovecot/dovecot-sql.conf # driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } Of course I created cram-md5.pwd file. All mails go out and come nicely. But after I want to do default settings by commented out these two
On 31.01.2017 09:06, Poliman - Serwis wrote: lines:
driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and uncomment # args = /etc/dovecot/dovecot-sql.conf # driver = sql I can't send emails - I use Thunderbird - get error "logging on server mail.example.com not work out". Error in logs: dovecot: auth-worker(22698): Error: Auth worker sees different passdbs/userdbs than auth server. dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to database (if yes then where - I have ISPconfig)? I wasn't change any userdb {} block and this second userdb block has this same lines like default settings in passdb block.
Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 31.01.2017 09:06, Poliman - Serwis wrote: > I set up cram-md5 using this tutorial > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > passdb code block: > listen = *,[::] > protocols = imap pop3 > #auth_mechanisms = plain login cram-md5 > auth_mechanisms = cram-md5 plain login > #dodana nizej linia > ssl = required > disable_plaintext_auth = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_privileged_group = vmail > postmaster_address = postmaster@vps342401.ovh.net > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > ssl_prefer_server_ciphers = yes > ssl_dh_parameters_length = 2048 > > > mail_max_userip_connections = 100 > passdb { > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > Of course I created cram-md5.pwd file. All mails go out and come nicely. > But after I want to do default settings by commented out these two lines: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > and uncomment > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > I can't send emails - I use Thunderbird - get error "logging on server > mail.example.com not work out". Error in logs: > dovecot: auth-worker(22698): Error: Auth worker sees different > passdbs/userdbs than auth server. > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > Is it possible that hashed password from cram-md5.pwd file was written to > database (if yes then where - I have ISPconfig)? I wasn't change any userdb > {} block and this second userdb block has this same lines like default > settings in passdb block. > Try
auth_debug=yes auth_verbose=yes
and see if it gives any more reasonable messages.
Aki
It was only for testing purposes. That's why I want change it back to default settings. ;) I will check above lines and give response asap.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> On 31.01.2017 09:06, Poliman - Serwis wrote: >> I set up cram-md5 using this tutorial >> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in >> passdb code block: >> listen = *,[::] >> protocols = imap pop3 >> #auth_mechanisms = plain login cram-md5 >> auth_mechanisms = cram-md5 plain login >> #dodana nizej linia >> ssl = required >> disable_plaintext_auth = yes >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_privileged_group = vmail >> postmaster_address = postmaster@vps342401.ovh.net >> ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >> ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: >> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >> ssl_prefer_server_ciphers = yes >> ssl_dh_parameters_length = 2048 >> >> >> mail_max_userip_connections = 100 >> passdb { >> # args = /etc/dovecot/dovecot-sql.conf >> # driver = sql >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> userdb { >> driver = prefetch >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> Of course I created cram-md5.pwd file. All mails go out and come nicely. >> But after I want to do default settings by commented out these two lines: >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> and uncomment >> # args = /etc/dovecot/dovecot-sql.conf >> # driver = sql >> I can't send emails - I use Thunderbird - get error "logging on server >> mail.example.com not work out". Error in logs: >> dovecot: auth-worker(22698): Error: Auth worker sees different >> passdbs/userdbs than auth server. >> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >> >> Is it possible that hashed password from cram-md5.pwd file was written to >> database (if yes then where - I have ISPconfig)? I wasn't change any > userdb >> {} block and this second userdb block has this same lines like default >> settings in passdb block. >> > Try > > auth_debug=yes > auth_verbose=yes > > and see if it gives any more reasonable messages. > > Aki >
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote:
This is debug log files in syslog: Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0112#011user=do_not_reply@example.com Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done) Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( do_not_reply@example.com,12.173.211.32): query: SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we have only CRYPT Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: FAIL#0113#011user=do_not_reply@example.com##################### I added in dovecot.conf lines in passdb block: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd and commented out default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql When I try set again default lines I got above error Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.
Aki
2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> On 31.01.2017 09:06, Poliman - Serwis wrote: >> I set up cram-md5 using this tutorial >> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in >> passdb code block: >> listen = *,[::] >> protocols = imap pop3 >> #auth_mechanisms = plain login cram-md5 >> auth_mechanisms = cram-md5 plain login >> #dodana nizej linia >> ssl = required >> disable_plaintext_auth = yes >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_privileged_group = vmail >> postmaster_address = postmaster@vps342401.ovh.net >> ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >> ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: >> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >> ssl_prefer_server_ciphers = yes >> ssl_dh_parameters_length = 2048 >> >> >> mail_max_userip_connections = 100 >> passdb { >> # args = /etc/dovecot/dovecot-sql.conf >> # driver = sql >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> userdb { >> driver = prefetch >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> Of course I created cram-md5.pwd file. All mails go out and come nicely. >> But after I want to do default settings by commented out these two lines: >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> and uncomment >> # args = /etc/dovecot/dovecot-sql.conf >> # driver = sql >> I can't send emails - I use Thunderbird - get error "logging on server >> mail.example.com not work out". Error in logs: >> dovecot: auth-worker(22698): Error: Auth worker sees different >> passdbs/userdbs than auth server. >> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >> >> Is it possible that hashed password from cram-md5.pwd file was written to >> database (if yes then where - I have ISPconfig)? I wasn't change any > userdb >> {} block and this second userdb block has this same lines like default >> settings in passdb block. >> > Try > > auth_debug=yes > auth_verbose=yes > > and see if it gives any more reasonable messages. > > Aki >
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
Are you still trying to authenticate using cram-md5?
Aki
On 01.02.2017 09:51, Poliman - Serwis wrote:
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
On 01.02.2017 08:18, Poliman - Serwis wrote: > This is debug log files in syslog: > Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: > CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL m5ldD4= > Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> > Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( > do_not_reply@example.com,12.173.211.32): query: SELECT email as user, > password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, > '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, > uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS > userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM > mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' > do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' > Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( > do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we > have only CRYPT > Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: > FAIL#0112#011user=do_not_reply@example.com > Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: > host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication > failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= > Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD > (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >/bin/date"$line" >> /var/log/ispconfig/cron.log; done) > Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD > (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >/bin/date"$line" >> /var/log/ispconfig/cron.log; done) > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# 011lip=173.72.31.7#011rip=12.173.211.32#011secured > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: > CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL m5ldD4= > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> > Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( > do_not_reply@example.com,12.173.211.32): query: SELECT email as user, > password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, > '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, > uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS > userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM > mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' > do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' > Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( > do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we > have only CRYPT > Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: > FAIL#0113#011user=do_not_reply@example.com > > > > ##################### > I added in dovecot.conf lines in passdb block: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > and commented out default lines > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql > When I try set again default lines I got above error Can you run doveconf -n with the configuration that causes the above error? Also it clearly does SQL lookup, so that error is happening with SQL passdb. You need to remember to restart dovecot between configuration changes.Aki
> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> On 31.01.2017 09:06, Poliman - Serwis wrote: >>> I set up cram-md5 using this tutorial >>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in >>> passdb code block: >>> listen = *,[::] >>> protocols = imap pop3 >>> #auth_mechanisms = plain login cram-md5 >>> auth_mechanisms = cram-md5 plain login >>> #dodana nizej linia >>> ssl = required >>> disable_plaintext_auth = yes >>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>> mail_privileged_group = vmail >>> postmaster_address = postmaster@vps342401.ovh.net >>> ssl_cert = >> ssl_key = >> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>> ssl_cipher_list = >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: >>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>> ssl_prefer_server_ciphers = yes >>> ssl_dh_parameters_length = 2048 >>> >>> >>> mail_max_userip_connections = 100 >>> passdb { >>> # args = /etc/dovecot/dovecot-sql.conf >>> # driver = sql >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> userdb { >>> driver = prefetch >>> } >>> userdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> Of course I created cram-md5.pwd file. All mails go out and come nicely. >>> But after I want to do default settings by commented out these two lines: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> and uncomment >>> # args = /etc/dovecot/dovecot-sql.conf >>> # driver = sql >>> I can't send emails - I use Thunderbird - get error "logging on server >>> mail.example.com not work out". Error in logs: >>> dovecot: auth-worker(22698): Error: Auth worker sees different >>> passdbs/userdbs than auth server. >>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>> >>> Is it possible that hashed password from cram-md5.pwd file was written to >>> database (if yes then where - I have ISPconfig)? I wasn't change any >> userdb >>> {} block and this second userdb block has this same lines like default >>> settings in passdb block. >>> >> Try >> >> auth_debug=yes >> auth_verbose=yes >> >> and see if it gives any more reasonable messages. >> >> Aki >>
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would point out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> On 01.02.2017 08:18, Poliman - Serwis wrote: >> This is debug log files in syslog: >> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL > m5ldD4= >> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > userdb_mail, >> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' >> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, > but we >> have only CRYPT >> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >> FAIL#0112#011user=do_not_reply@example.com >> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= >> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# > 011lip=173.72.31.7#011rip=12.173.211.32#011secured >> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL > m5ldD4= >> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > userdb_mail, >> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' >> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but > we >> have only CRYPT >> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >> FAIL#0113#011user=do_not_reply@example.com >> >> >> >> ##################### >> I added in dovecot.conf lines in passdb block: >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> and commented out default lines >> #args = /etc/dovecot/dovecot-sql.conf >> #driver = sql >> When I try set again default lines I got above error > Can you run doveconf -n with the configuration that causes the above > error? Also it clearly does SQL lookup, so that error is happening with > SQL passdb. You need to remember to restart dovecot between > configuration changes. > > Aki > >> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >> >>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>> I set up cram-md5 using this tutorial >>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf > in >>>> passdb code block: >>>> listen = *,[::] >>>> protocols = imap pop3 >>>> #auth_mechanisms = plain login cram-md5 >>>> auth_mechanisms = cram-md5 plain login >>>> #dodana nizej linia >>>> ssl = required >>>> disable_plaintext_auth = yes >>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>> mail_privileged_group = vmail >>>> postmaster_address = postmaster@vps342401.ovh.net >>>> ssl_cert = >>> ssl_key = >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>> ssl_cipher_list = >>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: >>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>> ssl_prefer_server_ciphers = yes >>>> ssl_dh_parameters_length = 2048 >>>> >>>> >>>> mail_max_userip_connections = 100 >>>> passdb { >>>> # args = /etc/dovecot/dovecot-sql.conf >>>> # driver = sql >>>> driver = passwd-file >>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>> } >>>> userdb { >>>> driver = prefetch >>>> } >>>> userdb { >>>> args = /etc/dovecot/dovecot-sql.conf >>>> driver = sql >>>> } >>>> Of course I created cram-md5.pwd file. All mails go out and come > nicely. >>>> But after I want to do default settings by commented out these two > lines: >>>> driver = passwd-file >>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>> and uncomment >>>> # args = /etc/dovecot/dovecot-sql.conf >>>> # driver = sql >>>> I can't send emails - I use Thunderbird - get error "logging on server >>>> mail.example.com not work out". Error in logs: >>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>> passdbs/userdbs than auth server. >>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>> >>>> Is it possible that hashed password from cram-md5.pwd file was written > to >>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>> userdb >>>> {} block and this second userdb block has this same lines like default >>>> settings in passdb block. >>>> >>> Try >>> >>> auth_debug=yes >>> auth_verbose=yes >>> >>> and see if it gives any more reasonable messages. >>> >>> Aki >>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
Can you check your logs?
Aki
On 01.02.2017 10:02, Poliman - Serwis wrote:
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would point out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote: > I always restart dovecot after change config. ;) Sure, I commented out > added two lines by me, restarted dovecot and here it is: > > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > auth_mechanisms = plain login cram-md5 > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_max_userip_connections = 100 > mail_plugins = " quota" > mail_privileged_group = vmail > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > sieve = /var/vmail/%d/%n/.sieve > sieve_max_redirects = 25 > } > postmaster_address = postmaster@example.com > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service imap-login { > client_limit = 1000 > process_limit = 512 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > ssl = required > ssl_cert = ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > ssl_dh_parameters_length = 2048 > ssl_key = ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > mail_plugins = sieve quota > postmaster_address = webmaster@localhost > } > protocol lmtp { > mail_plugins = quota sieve > postmaster_address = webmaster@localhost > } > > > 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> On 01.02.2017 08:18, Poliman - Serwis wrote: >>> This is debug log files in syslog: >>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >> m5ldD4= >>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >> userdb_mail, >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >> but we >>> have only CRYPT >>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>> FAIL#0112#011user=do_not_reply@example.com >>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l dD4= >>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >> m5ldD4= >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >> userdb_mail, >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but >> we >>> have only CRYPT >>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>> FAIL#0113#011user=do_not_reply@example.com >>> >>> >>> >>> ##################### >>> I added in dovecot.conf lines in passdb block: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> and commented out default lines >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>> When I try set again default lines I got above error >> Can you run doveconf -n with the configuration that causes the above >> error? Also it clearly does SQL lookup, so that error is happening with >> SQL passdb. You need to remember to restart dovecot between >> configuration changes. >> >> Aki >> >>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>> I set up cram-md5 using this tutorial >>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf >> in >>>>> passdb code block: >>>>> listen = *,[::] >>>>> protocols = imap pop3 >>>>> #auth_mechanisms = plain login cram-md5 >>>>> auth_mechanisms = cram-md5 plain login >>>>> #dodana nizej linia >>>>> ssl = required >>>>> disable_plaintext_auth = yes >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>> mail_privileged_group = vmail >>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>> ssl_cert = >>>> ssl_key = >>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>> ssl_cipher_list = >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: >>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>> ssl_prefer_server_ciphers = yes >>>>> ssl_dh_parameters_length = 2048 >>>>> >>>>> >>>>> mail_max_userip_connections = 100 >>>>> passdb { >>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>> # driver = sql >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> } >>>>> userdb { >>>>> driver = prefetch >>>>> } >>>>> userdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> Of course I created cram-md5.pwd file. All mails go out and come >> nicely. >>>>> But after I want to do default settings by commented out these two >> lines: >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> and uncomment >>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>> # driver = sql >>>>> I can't send emails - I use Thunderbird - get error "logging on server >>>>> mail.example.com not work out". Error in logs: >>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>> passdbs/userdbs than auth server. >>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>> >>>>> Is it possible that hashed password from cram-md5.pwd file was written >> to >>>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>>> userdb >>>>> {} block and this second userdb block has this same lines like default >>>>> settings in passdb block. >>>>> >>>> Try >>>> >>>> auth_debug=yes >>>> auth_verbose=yes >>>> >>>> and see if it gives any more reasonable messages. >>>> >>>> Aki >>>>
Logs from syslog or mail.err? And with these not working settings with auth_debug and auth_verbose?
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> Because cram-md5 needs the user's password for calculating responses, it > cannot work with hashed passwords (one-way encrypted). The only > supported password schemes are PLAIN and CRAM-MD5. > > Aki > > On 01.02.2017 09:33, Poliman - Serwis wrote: >> I always restart dovecot after change config. ;) Sure, I commented out >> added two lines by me, restarted dovecot and here it is: >> >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >> auth_mechanisms = plain login cram-md5 >> listen = *,[::] >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_max_userip_connections = 100 >> mail_plugins = " quota" >> mail_privileged_group = vmail >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> plugin { >> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >> sieve = /var/vmail/%d/%n/.sieve >> sieve_max_redirects = 25 >> } >> postmaster_address = postmaster@example.com >> protocols = imap pop3 >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> group = vmail >> mode = 0600 >> user = vmail >> } >> user = root >> } >> service imap-login { >> client_limit = 1000 >> process_limit = 512 >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> ssl = required >> ssl_cert = > ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- > RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- > AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- > RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: > DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: > AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- > SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! > EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! > EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >> ssl_dh_parameters_length = 2048 >> ssl_key = > ssl_prefer_server_ciphers = yes >> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >> userdb { >> driver = prefetch >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> protocol imap { >> mail_plugins = quota imap_quota >> } >> protocol pop3 { >> mail_plugins = quota >> pop3_uidl_format = %08Xu%08Xv >> } >> protocol lda { >> mail_plugins = sieve quota >> postmaster_address = webmaster@localhost >> } >> protocol lmtp { >> mail_plugins = quota sieve >> postmaster_address = webmaster@localhost >> } >> >> >> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >> >>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>> This is debug log files in syslog: >>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>> m5ldD4= >>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>> userdb_mail, >>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') > AS >>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' >>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>> but we >>>> have only CRYPT >>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>> FAIL#0112#011user=do_not_reply@example.com >>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l > dD4= >>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>> m5ldD4= >>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>> userdb_mail, >>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') > AS >>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' >>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, > but >>> we >>>> have only CRYPT >>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>> FAIL#0113#011user=do_not_reply@example.com >>>> >>>> >>>> >>>> ##################### >>>> I added in dovecot.conf lines in passdb block: >>>> driver = passwd-file >>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>> and commented out default lines >>>> #args = /etc/dovecot/dovecot-sql.conf >>>> #driver = sql >>>> When I try set again default lines I got above error >>> Can you run doveconf -n with the configuration that causes the above >>> error? Also it clearly does SQL lookup, so that error is happening with >>> SQL passdb. You need to remember to restart dovecot between >>> configuration changes. >>> >>> Aki >>> >>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>> >>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>> I set up cram-md5 using this tutorial >>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in > /etc/dovecot/dovecot.conf >>> in >>>>>> passdb code block: >>>>>> listen = *,[::] >>>>>> protocols = imap pop3 >>>>>> #auth_mechanisms = plain login cram-md5 >>>>>> auth_mechanisms = cram-md5 plain login >>>>>> #dodana nizej linia >>>>>> ssl = required >>>>>> disable_plaintext_auth = yes >>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>> mail_privileged_group = vmail >>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>> ssl_cert = >>>>> ssl_key = >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>> ssl_cipher_list = >>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>> ssl_prefer_server_ciphers = yes >>>>>> ssl_dh_parameters_length = 2048 >>>>>> >>>>>> >>>>>> mail_max_userip_connections = 100 >>>>>> passdb { >>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>> # driver = sql >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> } >>>>>> userdb { >>>>>> driver = prefetch >>>>>> } >>>>>> userdb { >>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>> driver = sql >>>>>> } >>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>> nicely. >>>>>> But after I want to do default settings by commented out these two >>> lines: >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> and uncomment >>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>> # driver = sql >>>>>> I can't send emails - I use Thunderbird - get error "logging on > server >>>>>> mail.example.com not work out". Error in logs: >>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>> passdbs/userdbs than auth server. >>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>> >>>>>> Is it possible that hashed password from cram-md5.pwd file was > written >>> to >>>>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>>>> userdb >>>>>> {} block and this second userdb block has this same lines like > default >>>>>> settings in passdb block. >>>>>> >>>>> Try >>>>> >>>>> auth_debug=yes >>>>> auth_verbose=yes >>>>> >>>>> and see if it gives any more reasonable messages. >>>>> >>>>> Aki >>>>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> Because cram-md5 needs the user's password for calculating responses, it > cannot work with hashed passwords (one-way encrypted). The only > supported password schemes are PLAIN and CRAM-MD5. > > Aki > > On 01.02.2017 09:33, Poliman - Serwis wrote: >> I always restart dovecot after change config. ;) Sure, I commented out >> added two lines by me, restarted dovecot and here it is: >> >> # 2.2.9: /etc/dovecot/dovecot.conf >> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >> auth_mechanisms = plain login cram-md5 >> listen = *,[::] >> log_timestamp = "%Y-%m-%d %H:%M:%S " >> mail_max_userip_connections = 100 >> mail_plugins = " quota" >> mail_privileged_group = vmail >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> plugin { >> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >> sieve = /var/vmail/%d/%n/.sieve >> sieve_max_redirects = 25 >> } >> postmaster_address = postmaster@example.com >> protocols = imap pop3 >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> unix_listener auth-userdb { >> group = vmail >> mode = 0600 >> user = vmail >> } >> user = root >> } >> service imap-login { >> client_limit = 1000 >> process_limit = 512 >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> ssl = required >> ssl_cert = > ssl_cipher_list = >> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- > RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- > AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- > RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: > DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: > AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- > SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! > EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! > EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >> ssl_dh_parameters_length = 2048 >> ssl_key = > ssl_prefer_server_ciphers = yes >> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >> userdb { >> driver = prefetch >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> protocol imap { >> mail_plugins = quota imap_quota >> } >> protocol pop3 { >> mail_plugins = quota >> pop3_uidl_format = %08Xu%08Xv >> } >> protocol lda { >> mail_plugins = sieve quota >> postmaster_address = webmaster@localhost >> } >> protocol lmtp { >> mail_plugins = quota sieve >> postmaster_address = webmaster@localhost >> } >> >> >> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >> >>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>> This is debug log files in syslog: >>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>> m5ldD4= >>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>> userdb_mail, >>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') > AS >>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' >>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>> but we >>>> have only CRYPT >>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>> FAIL#0112#011user=do_not_reply@example.com >>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l > dD4= >>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>> m5ldD4= >>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>> userdb_mail, >>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') > AS >>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' >>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, > but >>> we >>>> have only CRYPT >>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>> FAIL#0113#011user=do_not_reply@example.com >>>> >>>> >>>> >>>> ##################### >>>> I added in dovecot.conf lines in passdb block: >>>> driver = passwd-file >>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>> and commented out default lines >>>> #args = /etc/dovecot/dovecot-sql.conf >>>> #driver = sql >>>> When I try set again default lines I got above error >>> Can you run doveconf -n with the configuration that causes the above >>> error? Also it clearly does SQL lookup, so that error is happening with >>> SQL passdb. You need to remember to restart dovecot between >>> configuration changes. >>> >>> Aki >>> >>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>> >>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>> I set up cram-md5 using this tutorial >>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in > /etc/dovecot/dovecot.conf >>> in >>>>>> passdb code block: >>>>>> listen = *,[::] >>>>>> protocols = imap pop3 >>>>>> #auth_mechanisms = plain login cram-md5 >>>>>> auth_mechanisms = cram-md5 plain login >>>>>> #dodana nizej linia >>>>>> ssl = required >>>>>> disable_plaintext_auth = yes >>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>> mail_privileged_group = vmail >>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>> ssl_cert = >>>>> ssl_key = >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>> ssl_cipher_list = >>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>> ssl_prefer_server_ciphers = yes >>>>>> ssl_dh_parameters_length = 2048 >>>>>> >>>>>> >>>>>> mail_max_userip_connections = 100 >>>>>> passdb { >>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>> # driver = sql >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> } >>>>>> userdb { >>>>>> driver = prefetch >>>>>> } >>>>>> userdb { >>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>> driver = sql >>>>>> } >>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>> nicely. >>>>>> But after I want to do default settings by commented out these two >>> lines: >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> and uncomment >>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>> # driver = sql >>>>>> I can't send emails - I use Thunderbird - get error "logging on > server >>>>>> mail.example.com not work out". Error in logs: >>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>> passdbs/userdbs than auth server. >>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>> >>>>>> Is it possible that hashed password from cram-md5.pwd file was > written >>> to >>>>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>>>> userdb >>>>>> {} block and this second userdb block has this same lines like > default >>>>>> settings in passdb block. >>>>>> >>>>> Try >>>>> >>>>> auth_debug=yes >>>>> auth_verbose=yes >>>>> >>>>> and see if it gives any more reasonable messages. >>>>> >>>>> Aki >>>>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
doveadm log errors can be helpful too
On 01.02.2017 10:25, Poliman - Serwis wrote:
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf }
Why you want to use cram-md5 is beyond me, because using SSL is much more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote: > Default it was: "auth_mechanisms = plain login" and I added cram-md5. > After restart all work perfectly. But after I added: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
> should be changed to resolve this issue. Should I remove "login" from > auth_mechanism ("login" was default setting and I would like to move back > to default settings)? > > 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> Because cram-md5 needs the user's password for calculating responses, it >> cannot work with hashed passwords (one-way encrypted). The only >> supported password schemes are PLAIN and CRAM-MD5. >> >> Aki >> >> On 01.02.2017 09:33, Poliman - Serwis wrote: >>> I always restart dovecot after change config. ;) Sure, I commented out >>> added two lines by me, restarted dovecot and here it is: >>> >>> # 2.2.9: /etc/dovecot/dovecot.conf >>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>> auth_mechanisms = plain login cram-md5 >>> listen = *,[::] >>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>> mail_max_userip_connections = 100 >>> mail_plugins = " quota" >>> mail_privileged_group = vmail >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> plugin { >>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>> sieve = /var/vmail/%d/%n/.sieve >>> sieve_max_redirects = 25 >>> } >>> postmaster_address = postmaster@example.com >>> protocols = imap pop3 >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> unix_listener auth-userdb { >>> group = vmail >>> mode = 0600 >>> user = vmail >>> } >>> user = root >>> } >>> service imap-login { >>> client_limit = 1000 >>> process_limit = 512 >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> ssl = required >>> ssl_cert = >> ssl_cipher_list = >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>> ssl_dh_parameters_length = 2048 >>> ssl_key = >> ssl_prefer_server_ciphers = yes >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>> userdb { >>> driver = prefetch >>> } >>> userdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> protocol imap { >>> mail_plugins = quota imap_quota >>> } >>> protocol pop3 { >>> mail_plugins = quota >>> pop3_uidl_format = %08Xu%08Xv >>> } >>> protocol lda { >>> mail_plugins = sieve quota >>> postmaster_address = webmaster@localhost >>> } >>> protocol lmtp { >>> mail_plugins = quota sieve >>> postmaster_address = webmaster@localhost >>> } >>> >>> >>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>> This is debug log files in syslog: >>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>> m5ldD4= >>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>> userdb_mail, >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') >> AS >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = '1' >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>> but we >>>>> have only CRYPT >>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>> FAIL#0112#011user=do_not_reply@example.com >>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >> dD4= >>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>> m5ldD4= >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as user, >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>> userdb_mail, >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') >> AS >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = '1' >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >> but >>>> we >>>>> have only CRYPT >>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>> FAIL#0113#011user=do_not_reply@example.com >>>>> >>>>> >>>>> >>>>> ##################### >>>>> I added in dovecot.conf lines in passdb block: >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> and commented out default lines >>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>> #driver = sql >>>>> When I try set again default lines I got above error >>>> Can you run doveconf -n with the configuration that causes the above >>>> error? Also it clearly does SQL lookup, so that error is happening with >>>> SQL passdb. You need to remember to restart dovecot between >>>> configuration changes. >>>> >>>> Aki >>>> >>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>> >>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>> I set up cram-md5 using this tutorial >>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >> /etc/dovecot/dovecot.conf >>>> in >>>>>>> passdb code block: >>>>>>> listen = *,[::] >>>>>>> protocols = imap pop3 >>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>> #dodana nizej linia >>>>>>> ssl = required >>>>>>> disable_plaintext_auth = yes >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>> mail_privileged_group = vmail >>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>> ssl_cert = >>>>>> ssl_key = >>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>> ssl_cipher_list = >>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>> ssl_prefer_server_ciphers = yes >>>>>>> ssl_dh_parameters_length = 2048 >>>>>>> >>>>>>> >>>>>>> mail_max_userip_connections = 100 >>>>>>> passdb { >>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>> # driver = sql >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> } >>>>>>> userdb { >>>>>>> driver = prefetch >>>>>>> } >>>>>>> userdb { >>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>> driver = sql >>>>>>> } >>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>> nicely. >>>>>>> But after I want to do default settings by commented out these two >>>> lines: >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> and uncomment >>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>> # driver = sql >>>>>>> I can't send emails - I use Thunderbird - get error "logging on >> server >>>>>>> mail.example.com not work out". Error in logs: >>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>> passdbs/userdbs than auth server. >>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>> >>>>>>> Is it possible that hashed password from cram-md5.pwd file was >> written >>>> to >>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>>>>> userdb >>>>>>> {} block and this second userdb block has this same lines like >> default >>>>>>> settings in passdb block. >>>>>>> >>>>>> Try >>>>>> >>>>>> auth_debug=yes >>>>>> auth_verbose=yes >>>>>> >>>>>> and see if it gives any more reasonable messages. >>>>>> >>>>>> Aki >>>>>>
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something?
My config (default passdb block and auth_mechanisms, nothing more changed): root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
Error from mail.err: Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication mechanisms Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms
Error from syslog:
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from
host9323131.internet.3s.com[12.34.45.56]
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL
authentication mechanisms
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process
/usr/lib/postfix/smtpd pid 773 exit status 1
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD
(/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
/bin/date "$line" >> /var/log/ispconfig/cron.log; do ne)
Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
/bin/date "$line" >> /var/log/ispconfig/cron.log; done )
2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> You are probably wanting to do > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > passdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > Why you want to use cram-md5 is beyond me, because using SSL is much > more safer. > > Aki > > On 01.02.2017 09:41, Poliman - Serwis wrote: >> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >> After restart all work perfectly. But after I added: >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
>> should be changed to resolve this issue. Should I remove "login" from >> auth_mechanism ("login" was default setting and I would like to move back >> to default settings)? >> >> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >> >>> Because cram-md5 needs the user's password for calculating responses, it >>> cannot work with hashed passwords (one-way encrypted). The only >>> supported password schemes are PLAIN and CRAM-MD5. >>> >>> Aki >>> >>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>> I always restart dovecot after change config. ;) Sure, I commented out >>>> added two lines by me, restarted dovecot and here it is: >>>> >>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>> auth_mechanisms = plain login cram-md5 >>>> listen = *,[::] >>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>> mail_max_userip_connections = 100 >>>> mail_plugins = " quota" >>>> mail_privileged_group = vmail >>>> passdb { >>>> args = /etc/dovecot/dovecot-sql.conf >>>> driver = sql >>>> } >>>> plugin { >>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>> sieve = /var/vmail/%d/%n/.sieve >>>> sieve_max_redirects = 25 >>>> } >>>> postmaster_address = postmaster@example.com >>>> protocols = imap pop3 >>>> service auth { >>>> unix_listener /var/spool/postfix/private/auth { >>>> group = postfix >>>> mode = 0660 >>>> user = postfix >>>> } >>>> unix_listener auth-userdb { >>>> group = vmail >>>> mode = 0600 >>>> user = vmail >>>> } >>>> user = root >>>> } >>>> service imap-login { >>>> client_limit = 1000 >>>> process_limit = 512 >>>> } >>>> service lmtp { >>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>> group = postfix >>>> mode = 0600 >>>> user = postfix >>>> } >>>> } >>>> ssl = required >>>> ssl_cert = >>> ssl_cipher_list = >>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>> ssl_dh_parameters_length = 2048 >>>> ssl_key = >>> ssl_prefer_server_ciphers = yes >>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>> userdb { >>>> driver = prefetch >>>> } >>>> userdb { >>>> args = /etc/dovecot/dovecot-sql.conf >>>> driver = sql >>>> } >>>> protocol imap { >>>> mail_plugins = quota imap_quota >>>> } >>>> protocol pop3 { >>>> mail_plugins = quota >>>> pop3_uidl_format = %08Xu%08Xv >>>> } >>>> protocol lda { >>>> mail_plugins = sieve quota >>>> postmaster_address = webmaster@localhost >>>> } >>>> protocol lmtp { >>>> mail_plugins = quota sieve >>>> postmaster_address = webmaster@localhost >>>> } >>>> >>>> >>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>> >>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>> This is debug log files in syslog: >>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ > 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>> m5ldD4= >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as > user, >>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, >>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>> userdb_mail, >>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') >>> AS >>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = > '1' >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>>> but we >>>>>> have only CRYPT >>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 > authentication >>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>> dD4= >>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do > echo >>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ > 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>> m5ldD4= >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as > user, >>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, >>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>> userdb_mail, >>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') >>> AS >>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = > '1' >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >>> but >>>>> we >>>>>> have only CRYPT >>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>> >>>>>> >>>>>> >>>>>> ##################### >>>>>> I added in dovecot.conf lines in passdb block: >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> and commented out default lines >>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>> #driver = sql >>>>>> When I try set again default lines I got above error >>>>> Can you run doveconf -n with the configuration that causes the above >>>>> error? Also it clearly does SQL lookup, so that error is happening > with >>>>> SQL passdb. You need to remember to restart dovecot between >>>>> configuration changes. >>>>> >>>>> Aki >>>>> >>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>> >>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>> I set up cram-md5 using this tutorial >>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>> /etc/dovecot/dovecot.conf >>>>> in >>>>>>>> passdb code block: >>>>>>>> listen = *,[::] >>>>>>>> protocols = imap pop3 >>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>> #dodana nizej linia >>>>>>>> ssl = required >>>>>>>> disable_plaintext_auth = yes >>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>> mail_privileged_group = vmail >>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>> ssl_cert = >>>>>>> ssl_key = >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>> ssl_cipher_list = >>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>> >>>>>>>> >>>>>>>> mail_max_userip_connections = 100 >>>>>>>> passdb { >>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>> # driver = sql >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> } >>>>>>>> userdb { >>>>>>>> driver = prefetch >>>>>>>> } >>>>>>>> userdb { >>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>> driver = sql >>>>>>>> } >>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>> nicely. >>>>>>>> But after I want to do default settings by commented out
two
>>>>> lines: >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> and uncomment >>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>> # driver = sql >>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>> server >>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>> passdbs/userdbs than auth server. >>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>> >>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>> written >>>>> to >>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change > any >>>>>>> userdb >>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( password( these like
>>> default >>>>>>>> settings in passdb block. >>>>>>>> >>>>>>> Try >>>>>>> >>>>>>> auth_debug=yes >>>>>>> auth_verbose=yes >>>>>>> >>>>>>> and see if it gives any more reasonable messages. >>>>>>> >>>>>>> Aki >>>>>>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 1 Feb 2017, Poliman - Serwis wrote:
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something?
run
doveadm log find
as root.
Maybe: doveadm log errors
My config (default passdb block and auth_mechanisms, nothing more changed):
Is this still a question about CRAM ? I don't see it there.
root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
Error from mail.err: Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication mechanisms Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms
Error from syslog: Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from host9323131.internet.3s.com[12.34.45.56] Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process /usr/lib/postfix/smtpd pid 773 exit status 1 Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
/bin/date"$line" >> /var/log/ispconfig/cron.log; do ne) Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done )2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
On 01.02.2017 09:51, Poliman - Serwis wrote: > It still use: > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > When I delete above and delete "cram-md5" in auth_mechanisms it still not > working. > > 2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> You are probably wanting to do >> passdb { >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> passdb { >> driver = sql >> args = /etc/dovecot/dovecot-sql.conf >> } >> >> Why you want to use cram-md5 is beyond me, because using SSL is much >> more safer. >> >> Aki >> >> On 01.02.2017 09:41, Poliman - Serwis wrote: >>> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >>> After restart all work perfectly. But after I added: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> I can't set default lines because I got error. Please tell me which lines >>> should be changed to resolve this issue. Should I remove "login" from >>> auth_mechanism ("login" was default setting and I would like to move back >>> to default settings)? >>> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> Because cram-md5 needs the user's password for calculating responses, it >>>> cannot work with hashed passwords (one-way encrypted). The only >>>> supported password schemes are PLAIN and CRAM-MD5. >>>> >>>> Aki >>>> >>>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>>> I always restart dovecot after change config. ;) Sure, I commented out >>>>> added two lines by me, restarted dovecot and here it is: >>>>> >>>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>>> auth_mechanisms = plain login cram-md5 >>>>> listen = *,[::] >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>> mail_max_userip_connections = 100 >>>>> mail_plugins = " quota" >>>>> mail_privileged_group = vmail >>>>> passdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> plugin { >>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>>> sieve = /var/vmail/%d/%n/.sieve >>>>> sieve_max_redirects = 25 >>>>> } >>>>> postmaster_address = postmaster@example.com >>>>> protocols = imap pop3 >>>>> service auth { >>>>> unix_listener /var/spool/postfix/private/auth { >>>>> group = postfix >>>>> mode = 0660 >>>>> user = postfix >>>>> } >>>>> unix_listener auth-userdb { >>>>> group = vmail >>>>> mode = 0600 >>>>> user = vmail >>>>> } >>>>> user = root >>>>> } >>>>> service imap-login { >>>>> client_limit = 1000 >>>>> process_limit = 512 >>>>> } >>>>> service lmtp { >>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>>> group = postfix >>>>> mode = 0600 >>>>> user = postfix >>>>> } >>>>> } >>>>> ssl = required >>>>> ssl_cert = >>>> ssl_cipher_list = >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>>> ssl_dh_parameters_length = 2048 >>>>> ssl_key = >>>> ssl_prefer_server_ciphers = yes >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>> userdb { >>>>> driver = prefetch >>>>> } >>>>> userdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> protocol imap { >>>>> mail_plugins = quota imap_quota >>>>> } >>>>> protocol pop3 { >>>>> mail_plugins = quota >>>>> pop3_uidl_format = %08Xu%08Xv >>>>> } >>>>> protocol lda { >>>>> mail_plugins = sieve quota >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> protocol lmtp { >>>>> mail_plugins = quota sieve >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> >>>>> >>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>> >>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>>> This is debug log files in syslog: >>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ >> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>>>> but we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 >> authentication >>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>>> dD4= >>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do >> echo >>>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ >> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >>>> but >>>>>> we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> ##################### >>>>>>> I added in dovecot.conf lines in passdb block: >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> and commented out default lines >>>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>>> #driver = sql >>>>>>> When I try set again default lines I got above error >>>>>> Can you run doveconf -n with the configuration that causes the above >>>>>> error? Also it clearly does SQL lookup, so that error is happening >> with >>>>>> SQL passdb. You need to remember to restart dovecot between >>>>>> configuration changes. >>>>>> >>>>>> Aki >>>>>> >>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>>> >>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>>> I set up cram-md5 using this tutorial >>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>>> /etc/dovecot/dovecot.conf >>>>>> in >>>>>>>>> passdb code block: >>>>>>>>> listen = *,[::] >>>>>>>>> protocols = imap pop3 >>>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>>> #dodana nizej linia >>>>>>>>> ssl = required >>>>>>>>> disable_plaintext_auth = yes >>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>>> mail_privileged_group = vmail >>>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>>> ssl_cert = >>>>>>>> ssl_key = >>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>>> ssl_cipher_list = >>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>>> >>>>>>>>> >>>>>>>>> mail_max_userip_connections = 100 >>>>>>>>> passdb { >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> driver = prefetch >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> driver = sql >>>>>>>>> } >>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>>> nicely. >>>>>>>>> But after I want to do default settings by commented out
two >>>>>> lines: >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> and uncomment >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>>> server >>>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>>> passdbs/userdbs than auth server. >>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>>> >>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>>> written >>>>>> to >>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change >> any >>>>>>>> userdb >>>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( password( these like
>>>> default >>>>>>>>> settings in passdb block. >>>>>>>>> >>>>>>>> Try >>>>>>>> >>>>>>>> auth_debug=yes >>>>>>>> auth_verbose=yes >>>>>>>> >>>>>>>> and see if it gives any more reasonable messages. >>>>>>>> >>>>>>>> Aki >>>>>>>>
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWJRepnz1H7kL/d9rAQKj6gf/eKXC6JV/69gmyXaC3iSwNHmOS6qjYlFl L+cUexFQM/t/tk0z/N9olmcIm8tJd1HFruJGrb9/StBirenuJYJ54AOyd3zi8XDg Gu+vbcBE2T97w48SqTsujJKPT/dVFZ9kHtYymNMjLNJANdr/X4r+/QNw710B96US FDNc96xBGKjrn/uE0SToclFXuvOE4Ymu8JGQHDQO7X35r9M9NBLfSP8VXwtIlnDX 9P/UQvisFuLNtXHh4wO77b0Jdw3V2CYgER0l5ctHYAgaS4d8CNGHnINLZvFiJusL s4TG5Yf1OHC3wMiRCikybkO5fNezXuvc7xMbKYV9HDKxjLvP1paAPA== =gHJk -----END PGP SIGNATURE-----
You could try install libsasl2-modules (on debian/ubuntu) or cyrus-sasl-plain (on rhel/centos)
Aki
On 2017-02-01 10:55, Poliman - Serwis wrote:
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something?
My config (default passdb block and auth_mechanisms, nothing more changed): root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
Error from mail.err: Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication mechanisms Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms
Error from syslog: Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from host9323131.internet.3s.com[12.34.45.56] Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process /usr/lib/postfix/smtpd pid 773 exit status 1 Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
/bin/date"$line" >> /var/log/ispconfig/cron.log; do ne) Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo/bin/date"$line" >> /var/log/ispconfig/cron.log; done )2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file. I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
On 01.02.2017 09:51, Poliman - Serwis wrote: > It still use: > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > When I delete above and delete "cram-md5" in auth_mechanisms it still not > working. > > 2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> You are probably wanting to do >> passdb { >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> passdb { >> driver = sql >> args = /etc/dovecot/dovecot-sql.conf >> } >> >> Why you want to use cram-md5 is beyond me, because using SSL is much >> more safer. >> >> Aki >> >> On 01.02.2017 09:41, Poliman - Serwis wrote: >>> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >>> After restart all work perfectly. But after I added: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> I can't set default lines because I got error. Please tell me which lines >>> should be changed to resolve this issue. Should I remove "login" from >>> auth_mechanism ("login" was default setting and I would like to move back >>> to default settings)? >>> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> Because cram-md5 needs the user's password for calculating responses, it >>>> cannot work with hashed passwords (one-way encrypted). The only >>>> supported password schemes are PLAIN and CRAM-MD5. >>>> >>>> Aki >>>> >>>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>>> I always restart dovecot after change config. ;) Sure, I commented out >>>>> added two lines by me, restarted dovecot and here it is: >>>>> >>>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>>> auth_mechanisms = plain login cram-md5 >>>>> listen = *,[::] >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>> mail_max_userip_connections = 100 >>>>> mail_plugins = " quota" >>>>> mail_privileged_group = vmail >>>>> passdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> plugin { >>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>>> sieve = /var/vmail/%d/%n/.sieve >>>>> sieve_max_redirects = 25 >>>>> } >>>>> postmaster_address = postmaster@example.com >>>>> protocols = imap pop3 >>>>> service auth { >>>>> unix_listener /var/spool/postfix/private/auth { >>>>> group = postfix >>>>> mode = 0660 >>>>> user = postfix >>>>> } >>>>> unix_listener auth-userdb { >>>>> group = vmail >>>>> mode = 0600 >>>>> user = vmail >>>>> } >>>>> user = root >>>>> } >>>>> service imap-login { >>>>> client_limit = 1000 >>>>> process_limit = 512 >>>>> } >>>>> service lmtp { >>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>>> group = postfix >>>>> mode = 0600 >>>>> user = postfix >>>>> } >>>>> } >>>>> ssl = required >>>>> ssl_cert = >>>> ssl_cipher_list = >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>>> ssl_dh_parameters_length = 2048 >>>>> ssl_key = >>>> ssl_prefer_server_ciphers = yes >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>> userdb { >>>>> driver = prefetch >>>>> } >>>>> userdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> protocol imap { >>>>> mail_plugins = quota imap_quota >>>>> } >>>>> protocol pop3 { >>>>> mail_plugins = quota >>>>> pop3_uidl_format = %08Xu%08Xv >>>>> } >>>>> protocol lda { >>>>> mail_plugins = sieve quota >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> protocol lmtp { >>>>> mail_plugins = quota sieve >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> >>>>> >>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>> >>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>>> This is debug log files in syslog: >>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ >> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>>>> but we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 >> authentication >>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>>> dD4= >>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do >> echo >>>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ >> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >>>> but >>>>>> we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> ##################### >>>>>>> I added in dovecot.conf lines in passdb block: >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> and commented out default lines >>>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>>> #driver = sql >>>>>>> When I try set again default lines I got above error >>>>>> Can you run doveconf -n with the configuration that causes the above >>>>>> error? Also it clearly does SQL lookup, so that error is happening >> with >>>>>> SQL passdb. You need to remember to restart dovecot between >>>>>> configuration changes. >>>>>> >>>>>> Aki >>>>>> >>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>>> >>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>>> I set up cram-md5 using this tutorial >>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>>> /etc/dovecot/dovecot.conf >>>>>> in >>>>>>>>> passdb code block: >>>>>>>>> listen = *,[::] >>>>>>>>> protocols = imap pop3 >>>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>>> #dodana nizej linia >>>>>>>>> ssl = required >>>>>>>>> disable_plaintext_auth = yes >>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>>> mail_privileged_group = vmail >>>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>>> ssl_cert = >>>>>>>> ssl_key = >>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>>> ssl_cipher_list = >>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>>> >>>>>>>>> >>>>>>>>> mail_max_userip_connections = 100 >>>>>>>>> passdb { >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> driver = prefetch >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> driver = sql >>>>>>>>> } >>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>>> nicely. >>>>>>>>> But after I want to do default settings by commented out
two >>>>>> lines: >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> and uncomment >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>>> server >>>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>>> passdbs/userdbs than auth server. >>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>>> >>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>>> written >>>>>> to >>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change >> any >>>>>>>> userdb >>>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( password( these like
>>>> default >>>>>>>>> settings in passdb block. >>>>>>>>> >>>>>>>> Try >>>>>>>> >>>>>>>> auth_debug=yes >>>>>>>> auth_verbose=yes >>>>>>>> >>>>>>>> and see if it gives any more reasonable messages. >>>>>>>> >>>>>>>> Aki >>>>>>>>
Is there any strange thing in these config lines?
2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
When I delete above and delete "cram-md5" in auth_mechanisms it still not working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> You are probably wanting to do > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > passdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > Why you want to use cram-md5 is beyond me, because using SSL is much > more safer. > > Aki > > On 01.02.2017 09:41, Poliman - Serwis wrote: >> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >> After restart all work perfectly. But after I added: >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> I can't set default lines because I got error. Please tell me which
On 01.02.2017 09:51, Poliman - Serwis wrote: lines
>> should be changed to resolve this issue. Should I remove "login" from >> auth_mechanism ("login" was default setting and I would like to move back >> to default settings)? >> >> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >> >>> Because cram-md5 needs the user's password for calculating responses, it >>> cannot work with hashed passwords (one-way encrypted). The only >>> supported password schemes are PLAIN and CRAM-MD5. >>> >>> Aki >>> >>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>> I always restart dovecot after change config. ;) Sure, I commented out >>>> added two lines by me, restarted dovecot and here it is: >>>> >>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>> auth_mechanisms = plain login cram-md5 >>>> listen = *,[::] >>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>> mail_max_userip_connections = 100 >>>> mail_plugins = " quota" >>>> mail_privileged_group = vmail >>>> passdb { >>>> args = /etc/dovecot/dovecot-sql.conf >>>> driver = sql >>>> } >>>> plugin { >>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>> sieve = /var/vmail/%d/%n/.sieve >>>> sieve_max_redirects = 25 >>>> } >>>> postmaster_address = postmaster@example.com >>>> protocols = imap pop3 >>>> service auth { >>>> unix_listener /var/spool/postfix/private/auth { >>>> group = postfix >>>> mode = 0660 >>>> user = postfix >>>> } >>>> unix_listener auth-userdb { >>>> group = vmail >>>> mode = 0600 >>>> user = vmail >>>> } >>>> user = root >>>> } >>>> service imap-login { >>>> client_limit = 1000 >>>> process_limit = 512 >>>> } >>>> service lmtp { >>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>> group = postfix >>>> mode = 0600 >>>> user = postfix >>>> } >>>> } >>>> ssl = required >>>> ssl_cert = >>> ssl_cipher_list = >>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>> ssl_dh_parameters_length = 2048 >>>> ssl_key = >>> ssl_prefer_server_ciphers = yes >>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>> userdb { >>>> driver = prefetch >>>> } >>>> userdb { >>>> args = /etc/dovecot/dovecot-sql.conf >>>> driver = sql >>>> } >>>> protocol imap { >>>> mail_plugins = quota imap_quota >>>> } >>>> protocol pop3 { >>>> mail_plugins = quota >>>> pop3_uidl_format = %08Xu%08Xv >>>> } >>>> protocol lda { >>>> mail_plugins = sieve quota >>>> postmaster_address = webmaster@localhost >>>> } >>>> protocol lmtp { >>>> mail_plugins = quota sieve >>>> postmaster_address = webmaster@localhost >>>> } >>>> >>>> >>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>> >>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>> This is debug log files in syslog: >>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ > 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>> m5ldD4= >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as > user, >>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, >>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>> userdb_mail, >>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') >>> AS >>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = > '1' >>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>>> but we >>>>>> have only CRYPT >>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 > authentication >>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>> dD4= >>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do > echo >>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ > 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>> m5ldD4= >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as > user, >>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, >>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>> userdb_mail, >>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') >>> AS >>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = > '1' >>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >>> but >>>>> we >>>>>> have only CRYPT >>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>> >>>>>> >>>>>> >>>>>> ##################### >>>>>> I added in dovecot.conf lines in passdb block: >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> and commented out default lines >>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>> #driver = sql >>>>>> When I try set again default lines I got above error >>>>> Can you run doveconf -n with the configuration that causes the above >>>>> error? Also it clearly does SQL lookup, so that error is happening > with >>>>> SQL passdb. You need to remember to restart dovecot between >>>>> configuration changes. >>>>> >>>>> Aki >>>>> >>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>> >>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>> I set up cram-md5 using this tutorial >>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>> /etc/dovecot/dovecot.conf >>>>> in >>>>>>>> passdb code block: >>>>>>>> listen = *,[::] >>>>>>>> protocols = imap pop3 >>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>> #dodana nizej linia >>>>>>>> ssl = required >>>>>>>> disable_plaintext_auth = yes >>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>> mail_privileged_group = vmail >>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>> ssl_cert = >>>>>>> ssl_key = >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>> ssl_cipher_list = >>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>> >>>>>>>> >>>>>>>> mail_max_userip_connections = 100 >>>>>>>> passdb { >>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>> # driver = sql >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> } >>>>>>>> userdb { >>>>>>>> driver = prefetch >>>>>>>> } >>>>>>>> userdb { >>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>> driver = sql >>>>>>>> } >>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>> nicely. >>>>>>>> But after I want to do default settings by commented out
two
>>>>> lines: >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> and uncomment >>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>> # driver = sql >>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>> server >>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>> passdbs/userdbs than auth server. >>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>> >>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>> written >>>>> to >>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change > any >>>>>>> userdb >>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( password( these like
>>> default >>>>>>>> settings in passdb block. >>>>>>>> >>>>>>> Try >>>>>>> >>>>>>> auth_debug=yes >>>>>>> auth_verbose=yes >>>>>>> >>>>>>> and see if it gives any more reasonable messages. >>>>>>> >>>>>>> Aki >>>>>>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? My config (default passdb block and auth_mechanisms, nothing more changed): root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 12:16 GMT+01:00 Poliman - Serwis serwis@poliman.pl:
Is there any strange thing in these config lines?
2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Are you still trying to authenticate using cram-md5?
Aki
On 01.02.2017 09:51, Poliman - Serwis wrote: > It still use: > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > When I delete above and delete "cram-md5" in auth_mechanisms it still not > working. > > 2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: > >> You are probably wanting to do >> passdb { >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> passdb { >> driver = sql >> args = /etc/dovecot/dovecot-sql.conf >> } >> >> Why you want to use cram-md5 is beyond me, because using SSL is much >> more safer. >> >> Aki >> >> On 01.02.2017 09:41, Poliman - Serwis wrote: >>> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >>> After restart all work perfectly. But after I added: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> I can't set default lines because I got error. Please tell me which lines >>> should be changed to resolve this issue. Should I remove "login" from >>> auth_mechanism ("login" was default setting and I would like to move back >>> to default settings)? >>> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>> >>>> Because cram-md5 needs the user's password for calculating responses, it >>>> cannot work with hashed passwords (one-way encrypted). The only >>>> supported password schemes are PLAIN and CRAM-MD5. >>>> >>>> Aki >>>> >>>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>>> I always restart dovecot after change config. ;) Sure, I commented out >>>>> added two lines by me, restarted dovecot and here it is: >>>>> >>>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>>> auth_mechanisms = plain login cram-md5 >>>>> listen = *,[::] >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>> mail_max_userip_connections = 100 >>>>> mail_plugins = " quota" >>>>> mail_privileged_group = vmail >>>>> passdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> plugin { >>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>>> sieve = /var/vmail/%d/%n/.sieve >>>>> sieve_max_redirects = 25 >>>>> } >>>>> postmaster_address = postmaster@example.com >>>>> protocols = imap pop3 >>>>> service auth { >>>>> unix_listener /var/spool/postfix/private/auth { >>>>> group = postfix >>>>> mode = 0660 >>>>> user = postfix >>>>> } >>>>> unix_listener auth-userdb { >>>>> group = vmail >>>>> mode = 0600 >>>>> user = vmail >>>>> } >>>>> user = root >>>>> } >>>>> service imap-login { >>>>> client_limit = 1000 >>>>> process_limit = 512 >>>>> } >>>>> service lmtp { >>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>>> group = postfix >>>>> mode = 0600 >>>>> user = postfix >>>>> } >>>>> } >>>>> ssl = required >>>>> ssl_cert = >>>> ssl_cipher_list = >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>>> ssl_dh_parameters_length = 2048 >>>>> ssl_key = >>>> ssl_prefer_server_ciphers = yes >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>> userdb { >>>>> driver = prefetch >>>>> } >>>>> userdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> protocol imap { >>>>> mail_plugins = quota imap_quota >>>>> } >>>>> protocol pop3 { >>>>> mail_plugins = quota >>>>> pop3_uidl_format = %08Xu%08Xv >>>>> } >>>>> protocol lda { >>>>> mail_plugins = sieve quota >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> protocol lmtp { >>>>> mail_plugins = quota sieve >>>>> postmaster_address = webmaster@localhost >>>>> } >>>>> >>>>> >>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>> >>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>>> This is debug log files in syslog: >>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ >> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >>>>>> but we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 >> authentication >>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>>> dD4= >>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read
do
>> echo >>>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>>>>>>/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ >> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>>> m5ldD4= >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >> user, >>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >> maildir, >>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>> userdb_mail, >>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >> 'B') >>>> AS >>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = >> '1' >>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 scheme, >>>> but >>>>>> we >>>>>>> have only CRYPT >>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>>> >>>>>>> >>>>>>> >>>>>>> ##################### >>>>>>> I added in dovecot.conf lines in passdb block: >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> and commented out default lines >>>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>>> #driver = sql >>>>>>> When I try set again default lines I got above error >>>>>> Can you run doveconf -n with the configuration that causes the above >>>>>> error? Also it clearly does SQL lookup, so that error is happening >> with >>>>>> SQL passdb. You need to remember to restart dovecot between >>>>>> configuration changes. >>>>>> >>>>>> Aki >>>>>> >>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>>> >>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>>> I set up cram-md5 using this tutorial >>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>>> /etc/dovecot/dovecot.conf >>>>>> in >>>>>>>>> passdb code block: >>>>>>>>> listen = *,[::] >>>>>>>>> protocols = imap pop3 >>>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>>> #dodana nizej linia >>>>>>>>> ssl = required >>>>>>>>> disable_plaintext_auth = yes >>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>>> mail_privileged_group = vmail >>>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>>> ssl_cert = >>>>>>>> ssl_key = >>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>>> ssl_cipher_list = >>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>>> >>>>>>>>> >>>>>>>>> mail_max_userip_connections = 100 >>>>>>>>> passdb { >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> driver = prefetch >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> driver = sql >>>>>>>>> } >>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>>> nicely. >>>>>>>>> But after I want to do default settings by commented out
two >>>>>> lines: >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> and uncomment >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> # driver = sql >>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>>> server >>>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>>> passdbs/userdbs than auth server. >>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>>> >>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>>> written >>>>>> to >>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change >> any >>>>>>>> userdb >>>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( line; password( these like
>>>> default >>>>>>>>> settings in passdb block. >>>>>>>>> >>>>>>>> Try >>>>>>>> >>>>>>>> auth_debug=yes >>>>>>>> auth_verbose=yes >>>>>>>> >>>>>>>> and see if it gives any more reasonable messages. >>>>>>>> >>>>>>>> Aki >>>>>>>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
And my logs: Error from mail.err: Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication mechanisms Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms
Error from syslog:
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from
host9323131.internet.3s.com[12.34.45.56]
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL
authentication mechanisms
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process
/usr/lib/postfix/smtpd pid 773 exit status 1
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD
(/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
/bin/date "$line" >> /var/log/ispconfig/cron.log; do ne)
Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
/bin/date "$line" >> /var/log/ispconfig/cron.log; done )
Is there any strange thing in these config lines?
2017-02-02 7:30 GMT+01:00 Poliman - Serwis serwis@poliman.pl:
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? My config (default passdb block and auth_mechanisms, nothing more changed): root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmaster@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert =
2017-02-01 12:16 GMT+01:00 Poliman - Serwis serwis@poliman.pl:
Is there any strange thing in these config lines?
2017-02-01 9:40 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
doveadm log errors can be helpful too
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
Can you check your logs?
Aki
When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would
On 01.02.2017 10:02, Poliman - Serwis wrote: point
out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd }
and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other file.
I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi:
> Are you still trying to authenticate using cram-md5? > > Aki > > > On 01.02.2017 09:51, Poliman - Serwis wrote: >> It still use: >> passdb { >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> When I delete above and delete "cram-md5" in auth_mechanisms it still not >> working. >> >> 2017-02-01 8:45 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >> >>> You are probably wanting to do >>> passdb { >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> >>> passdb { >>> driver = sql >>> args = /etc/dovecot/dovecot-sql.conf >>> } >>> >>> Why you want to use cram-md5 is beyond me, because using SSL is much >>> more safer. >>> >>> Aki >>> >>> On 01.02.2017 09:41, Poliman - Serwis wrote: >>>> Default it was: "auth_mechanisms = plain login" and I added cram-md5. >>>> After restart all work perfectly. But after I added: >>>> driver = passwd-file >>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>> I can't set default lines because I got error. Please tell me which > lines >>>> should be changed to resolve this issue. Should I remove "login" from >>>> auth_mechanism ("login" was default setting and I would like to move > back >>>> to default settings)? >>>> >>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>> >>>>> Because cram-md5 needs the user's password for calculating responses, > it >>>>> cannot work with hashed passwords (one-way encrypted). The only >>>>> supported password schemes are PLAIN and CRAM-MD5. >>>>> >>>>> Aki >>>>> >>>>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>>>> I always restart dovecot after change config. ;) Sure, I commented > out >>>>>> added two lines by me, restarted dovecot and here it is: >>>>>> >>>>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>>>> auth_mechanisms = plain login cram-md5 >>>>>> listen = *,[::] >>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>> mail_max_userip_connections = 100 >>>>>> mail_plugins = " quota" >>>>>> mail_privileged_group = vmail >>>>>> passdb { >>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>> driver = sql >>>>>> } >>>>>> plugin { >>>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>>>> sieve = /var/vmail/%d/%n/.sieve >>>>>> sieve_max_redirects = 25 >>>>>> } >>>>>> postmaster_address = postmaster@example.com >>>>>> protocols = imap pop3 >>>>>> service auth { >>>>>> unix_listener /var/spool/postfix/private/auth { >>>>>> group = postfix >>>>>> mode = 0660 >>>>>> user = postfix >>>>>> } >>>>>> unix_listener auth-userdb { >>>>>> group = vmail >>>>>> mode = 0600 >>>>>> user = vmail >>>>>> } >>>>>> user = root >>>>>> } >>>>>> service imap-login { >>>>>> client_limit = 1000 >>>>>> process_limit = 512 >>>>>> } >>>>>> service lmtp { >>>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>>>> group = postfix >>>>>> mode = 0600 >>>>>> user = postfix >>>>>> } >>>>>> } >>>>>> ssl = required >>>>>> ssl_cert = >>>>> ssl_cipher_list = >>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>>>> ssl_dh_parameters_length = 2048 >>>>>> ssl_key = >>>>> ssl_prefer_server_ciphers = yes >>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>> userdb { >>>>>> driver = prefetch >>>>>> } >>>>>> userdb { >>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>> driver = sql >>>>>> } >>>>>> protocol imap { >>>>>> mail_plugins = quota imap_quota >>>>>> } >>>>>> protocol pop3 { >>>>>> mail_plugins = quota >>>>>> pop3_uidl_format = %08Xu%08Xv >>>>>> } >>>>>> protocol lda { >>>>>> mail_plugins = sieve quota >>>>>> postmaster_address = webmaster@localhost >>>>>> } >>>>>> protocol lmtp { >>>>>> mail_plugins = quota sieve >>>>>> postmaster_address = webmaster@localhost >>>>>> } >>>>>> >>>>>> >>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>> >>>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>>>> This is debug log files in syslog: >>>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ >>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>>>> m5ldD4= >>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: >>> CONT<hidden> >>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >>> user, >>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >>> maildir, >>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>>> userdb_mail, >>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >>> 'B') >>>>> AS >>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>>> do_not_reply@example.com') AND
disablesmtp= 'n' AND server_id = >>> '1' >>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):>>>>>>>> do_not_reply@example.com, 12.173.211.32): Requested CRAM-MD5 > scheme, >>>>>>> but we >>>>>>>> have only CRYPT >>>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>>> FAIL#0112#011user=do_not_reply@example.com >>>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 >>> authentication >>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT > kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>>>> dD4= >>>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read
do
>>> echo >>>>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read> echo >>>>>>>>
/bin/date"$line" >> /var/log/ispconfig/cron.log; done) >>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ >>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>>>> m5ldD4= >>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>> CONT<hidden> >>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>>>>>>> do_not_reply@example.com,12.173.211.32): query: SELECT email as >>> user, >>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >>> maildir, >>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>>> userdb_mail, >>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >>> 'B') >>>>> AS >>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>>>>>>> mail_user WHERE (login = 'do_not_reply@example.com' OR email = ' >>>>>>>> do_not_reply@example.com') ANDdisablesmtp= 'n' AND server_id = >>> '1' >>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):>>>>>>>> do_not_reply@example.com,12.173.211.32): Requested CRAM-MD5 > scheme, >>>>> but >>>>>>> we >>>>>>>> have only CRYPT >>>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>>> FAIL#0113#011user=do_not_reply@example.com >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> ##################### >>>>>>>> I added in dovecot.conf lines in passdb block: >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> and commented out default lines >>>>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>>>> #driver = sql >>>>>>>> When I try set again default lines I got above error >>>>>>> Can you run doveconf -n with the configuration that causes the above >>>>>>> error? Also it clearly does SQL lookup, so that error is happening >>> with >>>>>>> SQL passdb. You need to remember to restart dovecot between >>>>>>> configuration changes. >>>>>>> >>>>>>> Aki >>>>>>> >>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi aki.tuomi@dovecot.fi: >>>>>>>> >>>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>>>> I set up cram-md5 using this tutorial >>>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>>>> /etc/dovecot/dovecot.conf >>>>>>> in >>>>>>>>>> passdb code block: >>>>>>>>>> listen = *,[::] >>>>>>>>>> protocols = imap pop3 >>>>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>>>> #dodana nizej linia >>>>>>>>>> ssl = required >>>>>>>>>> disable_plaintext_auth = yes >>>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>>>> mail_privileged_group = vmail >>>>>>>>>> postmaster_address = postmaster@vps342401.ovh.net >>>>>>>>>> ssl_cert = >>>>>>>>> ssl_key = >>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>>>> ssl_cipher_list = >>>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ image: >>>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> mail_max_userip_connections = 100 >>>>>>>>>> passdb { >>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>>> # driver = sql >>>>>>>>>> driver = passwd-file >>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>>> } >>>>>>>>>> userdb { >>>>>>>>>> driver = prefetch >>>>>>>>>> } >>>>>>>>>> userdb { >>>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>>> driver = sql >>>>>>>>>> } >>>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and come >>>>>>> nicely. >>>>>>>>>> But after I want to do default settings by commented out
> two >>>>>>> lines: >>>>>>>>>> driver = passwd-file >>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>>> and uncomment >>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>>> # driver = sql >>>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>>>> server >>>>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>>>> passdbs/userdbs than auth server. >>>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>>>> >>>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>>>> written >>>>>>> to >>>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change >>> any >>>>>>>>> userdb >>>>>>>>>> {} block and this second userdb block has this same lines
On 01.02.2017 10:25, Poliman - Serwis wrote: password( line; line; do password( these like
>>>>> default >>>>>>>>>> settings in passdb block. >>>>>>>>>> >>>>>>>>> Try >>>>>>>>> >>>>>>>>> auth_debug=yes >>>>>>>>> auth_verbose=yes >>>>>>>>> >>>>>>>>> and see if it gives any more reasonable messages. >>>>>>>>> >>>>>>>>> Aki >>>>>>>>>
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
--
*Pozdrawiam / Best Regards* *Piotr Bracha*
*tel. 534 555 877*
*serwis@poliman.pl serwis@poliman.pl*
participants (4)
-
Aki Tuomi
-
Evgeniy Korneechev
-
Poliman - Serwis
-
Steffen Kaiser