[Dovecot] pop3 authentication problems: Still got 'em...
Fellow users,
This is just a heads-up to let the list know that I'm still unable to get ANY sort of pop3 or pop3s authentication to work with Dovecot.
Just as a sanity check, I set up an entirely separate system, running FreeBSD 6.1 production, postfix 2.3, and Dovecot 1.0rc2, as a testbed. I got the exact same problem that I had with the NetBSD 3.0 production server, specifically that Dovecot refuses to authenticate a user with either basic pop3 or pop3s.
The way I see it, I may as well try to get basic pop3 working first. If it doesn't, pop3s will never work.
This first quote is taken from the mail client (Pegasus) trying to establish a regular, unencrypted pop3 session.
-=-=-=-=-=-=-
[*] Connection established to 192.168.42.80
0058 +OK AVG POP3 Proxy Server 7.1.368/7.1.394 [268.10.1/389] << 0013 USER kyrrin 0005 +OK << 0016 PASS XXXXXXXXX 0029 -ERR Authentication failed.
-=-=-=-=-=-=-=-
As you can see, the user ID of 'kyrrin' is getting passed as just that, and Dovecot at least seems to recognize it. I say this as a prefix to the next log clip, which will be the corresponding entry from /var/log/maillog, in which the user name is being presented (for whatever reason) in FQDN format.
Note that pam was added just as an experiment. It failed too, despite the presence of a 'dovecot' file, containing the following, in /etc/pam.d
-=-=-=-=-=-=-=-
pioneer# cat /etc/pam.d/dovecot auth required pam_unix.so nullok account required pam_unix.so pioneer#
-=-==-=-=-=-=-
This would be the /var/log/maillog entry corresponding to the above-referenced Pegasus session.
-=-=-=-=-=-=-=-
Jul 16 11:24:38 pioneer dovecot: auth(default): client in: AUTH 1 PLAIN service=POP3 lip=192.168.42.80rip=192.168.42.40 resp=AGt5cnJpbgBocDIxZHZlbTc= Jul 16 11:24:38 pioneer dovecot: auth(default): pam(kyrrin@bluefeathertech.com,192.168.42.40): pam_authenticate() failed: authentication error Jul 16 11:24:38 pioneer dovecot: auth(default): cache(kyrrin@bluefeathertech.com,192.168.42.40): User unknown Jul 16 11:24:40 pioneer dovecot: auth(default): client out: FAIL 1 user=kyrrin@bluefeathertech.com Jul 16 11:24:49 pioneer dovecot: pop3-login: Aborted login: user=<kyrrin@bluefeathertech.com>, method=PLAIN, rip=192.168.42.40, lip=192.168.42.80
-=-=-=-=-=-=-=-
This next bit is the auth default section of my dovecot.conf file. Other sections, or the entire file, can be posted upon request.
-=-=-=-=-=-=-=-
auth default { # Space separated list of wanted authentication mechanisms: # plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi mechanisms = plain login passdb pam { } passdb passwd { } userdb passwd { } socket listen { client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } } }
-=-=-=-=-=-=-=-=-=-=-
I've posted a similar note to bsdforums, in the hope that someone there is (successfully) using Dovecot with pop3 and pop3s.
Thanks in advance for any assistance. I'm really starting to get seriously upset about this, enough to give thought to qpopper over Dovecot.
-=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner & Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m "If Salvador Dali had owned a computer, would it have been equipped with surreal ports?"
On Sun, 16 Jul 2006 11:33:53 -0700 "Bruce Lane" <kyrrin@bluefeathertech.com> wrote:
This is just a heads-up to let the list know that I'm still unable to get ANY sort of pop3 or pop3s authentication to work with Dovecot.
Just as a sanity check, I set up an entirely separate system, running FreeBSD 6.1 production, postfix 2.3, and Dovecot 1.0rc2, as a testbed. I got the exact same problem that I had with the NetBSD 3.0 production server, specifically that Dovecot refuses to authenticate a user with either basic pop3 or pop3s.
i'm using FreeBSD 6.1-RELEASE on a mailserver with dovecot (dovecot-1.0.b7_1 from ports) and a mysql-db without any problems (pop3s and imaps)
earlier i had FreeBSD 5.4 working fine with dovecot using regular "unix-style" password-files
maybe i missed earlier emails from you, but is there a certain reason you want to use pam-auth only (with 1.0rc2) ?
On July 16, 2006 11:33:53 AM -0700 Bruce Lane <kyrrin@bluefeathertech.com> wrote:
[*] Connection established to 192.168.42.80
0058 +OK AVG POP3 Proxy Server 7.1.368/7.1.394 [268.10.1/389]
What's all that about. Is that the dovecot banner? My dovecot simply responds:
+OK Dovecot Ready.
Is your client system configured to use a proxy? If so, it seems it is mangling the username.
-frank
Hi, Frank,
*********** REPLY SEPARATOR ***********
On 16-Jul-06 at 11:43 Frank Cusack wrote:
On July 16, 2006 11:33:53 AM -0700 Bruce Lane <kyrrin@bluefeathertech.com> wrote:
[*] Connection established to 192.168.42.80
0058 +OK AVG POP3 Proxy Server 7.1.368/7.1.394 [268.10.1/389]
What's all that about. Is that the dovecot banner? My dovecot simply responds:
No, it's not. Re-read the original post. That's what Pegasus is seeing when it tries to connect.
Is your client system configured to use a proxy? If so, it seems it is mangling the username.
No. No proxy is involved. As for the username, I was under the impression that what's being shown in the log is different from what Dovecot is being presented with. In other words, it is my assumption that Dovecot is appending the domain.
You did give me an idea, though... I'm going to go try something...
Thanks.
-=-=-=-=-=-=-=-=-=-=-=- Bruce Lane, Owner & Head Hardware Heavy, Blue Feather Technologies -- http://www.bluefeathertech.com kyrrin (at) bluefeathertech do/t c=o=m "If Salvador Dali had owned a computer, would it have been equipped with surreal ports?"
On July 16, 2006 11:52:43 AM -0700 Bruce Lane <kyrrin@bluefeathertech.com> wrote:
Hi, Frank,
*********** REPLY SEPARATOR ***********
On 16-Jul-06 at 11:43 Frank Cusack wrote:
On July 16, 2006 11:33:53 AM -0700 Bruce Lane <kyrrin@bluefeathertech.com> wrote:
[*] Connection established to 192.168.42.80
0058 +OK AVG POP3 Proxy Server 7.1.368/7.1.394 [268.10.1/389]
What's all that about. Is that the dovecot banner? My dovecot simply responds:
No, it's not. Re-read the original post. That's what Pegasus is seeing when it tries to connect.
Is your client system configured to use a proxy? If so, it seems it is mangling the username.
No. No proxy is involved.
Google tells me this is the clammail AV product, which acts as a proxy.
-frank
participants (3)
-
albi
-
Bruce Lane
-
Frank Cusack