[Dovecot] Help connecting from remote client (no auth attempts)
Greetings,
I am running 64 bit Ubuntu server 10.04.04, postfix 2.7.0, and dovecot 1.2.9. I installed the dovecot-postfix package so the two would be configured to work together.
From localhost I can send and receive email to/from arbitrary remote sites without any problems.
I wish to send & receive email from my (remote) desktop via Thunderbird through that sever.
When I attempt to configure Thunderbird I get the following on mail.log:
Mar 26 15:04:51 booklion dovecot: imap-login: Aborted login (no auth attempts): rip=74.179.230.177, lip=192.168.168.53 Mar 26 15:04:51 booklion dovecot: last message repeated 2 times Mar 26 15:04:51 booklion dovecot: pop3-login: Aborted login (no auth attempts): rip=74.179.230.177, lip=192.168.168.53 Mar 26 15:04:51 booklion dovecot: last message repeated 3 times Mar 26 15:04:51 booklion dovecot: imap-login: Aborted login (no auth attempts): rip=74.179.230.177, lip=192.168.168.53 ...
For now, I just want to control access through the normal passwd/shadow mechanism.
I set in dovecot.conf:
disable_plaintext_auth = no ssl = yes passdb shadow { } userdb passwd { }
I don't know what else to try. Help would really be appreciated.
Blake McBride
Am 26.03.2014 21:47, schrieb Blake McBride:
what auth-mechs have you configured and how is TB configured? "no auth attempts" in most cases indicates the client don't agree with the auth-mechs offered by the server (PLAUN, LOGIN, CRAM-MD5, LMTP)
in doubt try that in dovecot.conf auth_mechanisms = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
Thanks for the help!!
I added the auth_mech.. line and reset dovecot but got the same error message.
dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-57-server x86_64 Ubuntu 10.04.4 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap pop3 imaps pop3s managesieve ssl_cert_file: /etc/ssl/certs/ssl-mail.pem ssl_key_file: /etc/ssl/private/ssl-mail.key ssl_cipher_list: ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login login_executable(managesieve): /usr/lib/dovecot/managesieve-login mail_privileged_group: mail mail_location: maildir:~/Maildir mbox_write_locks: fcntl dotlock mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_executable(managesieve): /usr/lib/dovecot/managesieve mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve imap_client_workarounds(default): outlook-idle delay-newmail imap_client_workarounds(imap): outlook-idle delay-newmail imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): lda: postmaster_address: postmaster mail_plugins: sieve quota_full_tempfail: yes deliver_log_format: msgid=%m: %$ rejection_reason: Your message to <%t> was automatically rejected:%n%r auth default: mechanisms: plain login debug: yes debug_passwords: yes passdb: driver: shadow userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/dovecot-auth mode: 432 user: postfix group: postfix plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve
On Wed, Mar 26, 2014 at 3:52 PM, Reindl Harald <h.reindl@thelounge.net>wrote:
I found I was enabling the options you requested in the wrong place. After fixing it I get:
Mar 26 16:21:03 booklion dovecot: Dovecot v1.2.9 starting up (core dumps disabled) Mar 26 16:21:04 booklion dovecot: auth(default): Fatal: APOP mechanism can't be supported with given passdbs Mar 26 16:21:04 booklion dovecot: dovecot: Fatal: Auth process died too early - shutting down Mar 26 16:22:31 booklion dovecot: Dovecot v1.2.9 starting up (core dumps disabled) Mar 26 16:22:31 booklion dovecot: auth(default): Fatal: DIGEST-MD5 mechanism can't be supported with given passdbs Mar 26 16:22:31 booklion dovecot: dovecot: Fatal: Auth process died too early - shutting down Mar 26 16:23:21 booklion dovecot: Dovecot v1.2.9 starting up (core dumps disabled) Mar 26 16:23:21 booklion dovecot: auth(default): Fatal: CRAM-MD5 mechanism can't be supported with given passdbs Mar 26 16:23:21 booklion dovecot: dovecot: Fatal: Auth process died too early - shutting down
On Wed, Mar 26, 2014 at 4:02 PM, Blake McBride <blake1024@gmail.com> wrote:
ThunderBird
if you choose "encrypted password" it's in fact CRAM-MD5 that is different in different mail-clients
some let you choose the auth-mech, some have a default and the some doing the right chosse the actual best one available announced by the server
Am 27.03.2014 15:34, schrieb Blake McBride:
Thanks. The current version of Thunderbird auto-detects connection parameters - presumably by trying every combination. All I give is an email address and a password. They also have a manual configuration that I spent a lot of time with. I was never able to do any better than their auto-config.
I've spent two days on this now. During all my trial and error tests I got the ability to receive email to work. Trying to get send to work, after a bunch of trials, I just re-installed the whole thing to start over with a clean slate. I installed a different config. One that had postfix and dovecot pre-configured to work together. That is what I am using now.
Given my experience with all this, I feel confident that Thunderbird is not a factor in the problem.
I have a lot of experience as a programmer but I've only messed with email servers a couple of times over the years. (sendmail in the past.) Each time, unfortunately, it turns into a week-long, trial and effort in order to get it working - never knowing what made it work or what it is even doing.
In terms of the config, I really don't know what I am doing. I think what I want is clear text passwords sent over an SSL connection. Isn't that secure? I don't know the difference between SSL and that TTSL thing. I really don't care how it is setup. I just want it to be reasonably secure and simple.
When installing the dovecot-postfix package on Ubuntu, it is preconfigured to work and it does. It just doesn't allow an external client to send & receive through it. It would be great to have a step-by-step guide to get this, very common need, setup. I see questions about this all over the net but there is no clear answer. Usually people just say they got it working but either son't know or don't fully tell what they did to fix it.
I've got to believe that postfix and dovecot form a great email solution that works well. While it may be easy to setup for someone who is an email expert, it is utterly daunting to someone who is not.
I really appreciate your help. I don't think the problem has anything to do with Thunderbird. It has got to be in the dovecot and postfix config. I am just don't know what to do to determine where the problem is and how to fix it. I would thing that config dumps and log files would give everything needed, but I don't understand them. Assistance from someone with a lot more experience and understanding can make all the difference.
Thanks.
Blake
On Thu, Mar 27, 2014 at 9:38 AM, Reindl Harald <h.reindl@thelounge.net>wrote:
Am 27.03.2014 16:33, schrieb Blake McBride:
if you don't care you unlikely will get it secure sorry but you can't have both at the same time
- don't care and don't understand
- get a secure and clean mailserver setup
hire somebody or learn your daywork, having a public mailserver brings *great* responsibility *not only* for you, for the whole internet!
What I meant by "don't care" is that there are, presumably, many secure options. I "don't care" about which one. I just want something simple to configure.
Having a working understanding of SSL, I understand that sending unencrypted text over an SSL connection is reasonably secure. I do it everyday with SSH. I shouldn't need, nor does Thunderbird require, CRAM-MD5 or DIGEST-MD5.
I was hoping to get some assistance from someone for whom dovecot is their "daywork". My "daywork" presumably includes things not in your "daywork". I can surely learn the system, and wouldn't need anyone's help, but that would detract from other things more important to me that I have a lot of expertise in. Presumably, I would return the favor when someone asks for my help in areas I have expertise in. We can either help each other with our respective expertise, or we can tell each other to learn it themselves.
On Thu, Mar 27, 2014 at 10:41 AM, Reindl Harald <h.reindl@thelounge.net>wrote:
participants (2)
-
Blake McBride
-
Reindl Harald