[Dovecot] Probs authenticating to Dovecot
Hi folks. I have set up a Ubuntu 12.04 VM with Dovecot, Postfix, MySQL, amavisd, and ISPConfig 3. The VM has tons of RAM and disk and processor and is permanently connected to the Internet with a static IP. I followed the instructions at howtoforge.com to set up and configure this VM and am using ISPConfig to set up a mail hub for multiple domains. I have the DNS for my other domains' MX records pointing at this host—we'll call it "mail."
Here's the version of Dovecot I'm using:
root@mail:# dovecot --version 2.1.7
Anyway, when I try to connect to my VM and Dovecot using Mail.app on Mountain Lion, I get the following messages in mail.log:
Apr 15 01:18:40 mail postfix/smtpd[4284]: connect from 50-196-170-xxx-static.hfc.comcastbusiness.net[50.196.170.xxx] Apr 15 01:18:40 mail dovecot: auth-worker(4331): mysql(localhost): Connected to database dbispconfig Apr 15 01:18:42 mail postfix/smtpd[4284]: warning: 50-196-170-xxx-static.hfc.comcastbusiness.net[50.196.170.xxx]: SASL PLAIN authentication failed: Apr 15 01:18:42 mail postfix/smtpd[4284]: disconnect from 50-196-170-xxx-static.hfc.comcastbusiness.net[50.196.170.xxx] Apr 15 01:18:54 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=<kris>, method=PLAIN, rip=50.196.170.xxx, lip=50.196.170.yyy, TLS, session=<wwn85mHa8AAyxKq9> Apr 15 01:19:04 mail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 10 secs): user=<kris>, method=PLAIN, rip=50.196.170.xxx, lip=50.196.170.yyy, TLS, session=<XGdT52Ha8QAyxKq9>
But if I run alpine on mail, I can send and receive mail all day long. Here's a log entry that demonstrates this:
Apr 15 01:20:01 mail postfix/smtpd[4284]: connect from localhost[127.0.0.1] Apr 15 01:20:01 mail postfix/smtpd[4284]: lost connection after CONNECT from localhost[127.0.0.1] Apr 15 01:20:01 mail postfix/smtpd[4284]: disconnect from localhost[127.0.0.1] Apr 15 01:20:01 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<FGhS62HaIwB/AAAB>
So I thought it was a problem with SASL not liking PLAIN authentication. When I go to /etc/dovecot and print the contents of dovecot.conf, I see that auth_mechanisms = plain login.
root@mail:/etc/dovecot# more dovecot.conf listen = *,[::] protocols = imap pop3 auth_mechanisms = plain login disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve=/var/vmail/%d/%n/.sieve } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } protocol imap { mail_plugins = quota imap_quota } protocol pop3 { pop3_uidl_format = %08Xu%08Xv mail_plugins = quota } protocol lda { mail_plugins = sieve quota }
At this point I'm not sure what to think about this. The mailbox is created, it works on the host, so why wouldn't it work over the network? I've tried frobbing settings in Mail.app, as it does have some wonkiness to it, but no dice. The password is fine, everything is in place, it just doesn't work.
Any thoughts or recommendations?
Thanks, Kris
On Mon, 2013-04-15 at 21:43 -0700, Kris Magnusson wrote:
Hi folks. I have set up a Ubuntu 12.04 VM with Dovecot, Postfix, MySQL, amavisd, and ISPConfig 3.
tatic IP. I followed the instructions at howtoforge.com to set up and configure this
Somebody else recently used some howto from there and had no end of troubles.
Apr 15 01:20:01 mail dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=127.0.0.1, lip=127.0.0.1, secured, session=<FGhS62HaIwB/AAAB>
eh? that says you did not log in pop3, and postfix by default will relay for localhost, well, with most configs in mynetworks having localhost it will.
telnet mail 110 user username pass password list quit ... does that work? I bet it doesn't.
root@mail:/etc/dovecot# more dovecot.conf
dovecot -n output is best
listen = *,[::] protocols = imap pop3
you use sieve below, but now in proto?
verify your sql is valid by using mysql shell
You need to check your postconf -n output as well to make sure it knows dovecot.
postconf -a should show dovecot (maybe cyrus as well, but it needs to know dovecot)
Any thoughts or recommendations?
If you followed whatever guide it was in full, and have triple checked that, ummm, find another guide?
I have triple (trippple) checked the recommended configuration and it is per the how-to.
The SQL is likely fine. I'm not a SQL maven, but I'm not dumb about SQL, and it passed a couple of inspections.
You're right that telnet localhost 110 doesn't work.
postconf -a reports that it knows about cyrus and dovecot.
I don't really trust this ISPConfig thing, as it likes to do its own stuff that flies in the face of reason, and introducing a DB into the mix just made things an order of magnitude more complicated. I'd rather use OpenLDAP, since I can write JNDI code to figure out what's going on with a directory and even add/modify/delete entries to/in the directory.
I will blow this VM away and start from scratch. Unless anyone has any concrete suggestions I can implement before then that I can use to salvage a day's worth of work.
Is there a best possible OS for running Dovecot/Postfix? That would be a step in the right direction. Ubuntu is great for running WordPress, but I recognize there are different OSes out there. I don't care if it's Linux-based or a BSD distribution.
Will Dovecot/Postfix scale without a RDBMS backing it up? Or will OpenLDAP suffice?
Thanks much.
Kris
On Apr 15, 2013, at 11:16 PM, Noel Butler <noel.butler@ausics.net> wrote:
On Mon, 2013-04-15 at 23:38 -0700, Kris Magnusson wrote:
and introducing a DB into the mix just made things an order of magnitude more complicated. I'd rather use OpenLDAP, since I can write JNDI code to figure out what's going on with a directory and even add/modify/delete entries to/in the directory.
I'll start a war here, but IMO, ldap is just another database...
If you are doing virtuals nothing wrong with them, mysql works fine.
I will blow this VM away and start from scratch. Unless anyone has any concrete suggestions I can implement before then that I can use to salvage a day's worth of work.
Unless you built them from source, I'd wait a day or so (if you can) until maybe some ubuntu users can offer suggestions, but, given ubuntu is just a dressed up debian, you might find something of interest that will work for you on google.
Is there a best possible OS for running Dovecot/Postfix?
Slackware! haha - asking that question will start another war - each to our own, whatever distro you are comfortable with - slackware, centos, debian, suse, or the kiddie variants (fedora/ubuntu) (/me puts on flame suite )... it wont make much difference really, it's just a mater of getting the daemons to talk nicely to each other, which they do, postfix, dovecot and mysql go hand in hand.
but I recognize there are different OSes out there. I don't care if it's Linux-based or a BSD distribution.
Will Dovecot/Postfix scale without a RDBMS backing it up? Or will OpenLDAP suffice?
It scales best with one, but that's just my opinion, there are some folk who do use ldap but I dont know their network requirements.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 15 Apr 2013, Kris Magnusson wrote:
I will blow this VM away and start from scratch. Unless anyone has any concrete suggestions I can implement before then that I can use to salvage a day's worth of work.
If you want to debug this config further, I would
- enable auth_debug in Dovcot, see http://wiki2.dovecot.org/Logging
- check with telnet if authentification works in Dovecot
- check if SMTP AUTH works
If you don't trust ISPConfig, then ignore this VM, check out the Dovecot Wiki2 and its Postfix howto.
Is there a best possible OS for running Dovecot/Postfix? That would be a step in the right direction. Ubuntu is great for running WordPress, but I recognize there are different OSes out there. I don't care if it's Linux-based or a BSD distribution.
I don't think there is a "best" OS. You could compile Dovecot yourself, the development packages of dependencies are available in most (all?) distributions, then you are not stuck on one particular version of Dovecot.
Will Dovecot/Postfix scale without a RDBMS backing it up? Or will OpenLDAP suffice?
Dovecot will work fine with OpenLDAP, esp. because it implements caching.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBUWz8Al3r2wJMiz2NAQLGNgf/YU6ecbB15V4kJBEKolId06m4odtDwb7z md+gsYghBNAGkqO5hg6brJKHhrx/ReBUI68iIwQ9X26ifF90oOSrGINv5NH0uYpK 10YI0zljq45b4/GC3927PP56K1wrKm/ekhLJJ368bdCqfH3jznaFViU+gn1Ud3FZ bOh0Y2lQHINIkpI9GqlZAGeLj8GZ3k0urv8KSENLaWqf5/ycSNTvpCI1b5xuXYvc +z3LB5NBtCLP/OLjVDhy5a/TpK6L0nYgc6Tphf+7HJR9nHWMez/7NZqa/faPRVZd v+5qa2n7wB9powAjIJZWLMIBGzk/AEVTTdbZ3etzK6sVwKeHkvL6Uw== =6nJA -----END PGP SIGNATURE-----
On Mon, 2013-04-15 at 23:38 -0700, Kris Magnusson wrote:
I will blow this VM away and start from scratch. Unless anyone has any concrete suggestions I can implement before then that I can use to salvage a day's worth of work.
If it comes down to it, I just asked on IRC for you if anyone knows a good howto for ubuntu, someone replied to look for the ISP setup guide by Chris Haas, said it was for debian so should work.
What was the output of the telnet localhost 110?
Did it present any error messages?
On Tue, Apr 16, 2013 at 3:43 AM, Kris Magnusson <kris.magnusson@icloud.com>wrote:
-- Daniel Reinhardt cryptodan@cryptodan.net http://www.cryptodan.net 301-875-7018(c) 410-455-0488(h)
It would appear that port 110 is not opened on your firewall, and is that IP address one that is assigned to your External WAN interface on your Comcast connection?
The VM should have a Privately assigned IP address as given by the VM Software.
On Tue, Apr 16, 2013 at 4:12 AM, Kris Magnusson <kris.magnusson@icloud.com>wrote:
-- Daniel Reinhardt cryptodan@cryptodan.net http://www.cryptodan.net 301-875-7018(c) 410-455-0488(h)
Turn on the following directives:
auth_verbose = yes auth_debug_passwords = yes
Restart, then reconnect with your mail client. You should have much better logging to determine the source of the problem.
Dem
participants (5)
-
Daniel Reinhardt
-
Kris Magnusson
-
Noel Butler
-
Professa Dementia
-
Steffen Kaiser