Upgrade problems from Dovecot 2.3 to 2.4
I have attempted to upgrade my 2.3 installation to 2.4 but it will not allow my users to login closing the connections as authentication failures. My 2.3 installation has worked for many years and I simply attempted to make the changes that the dovecot documentation says are necessary to get 2.4 to work. I am running dovecot alongside Exim using mysql for the user addresses and passwords. Does anybody have any ideas as to why authentication is not working? Thanks in advance!.... Here is my dovecot.conf file:
*** REQUIRED *** Dovecot config and storage versions
dovecot_config_version = 2.4.2 dovecot_storage_version = 2.4.2
passdb sql { query = SELECT crypt as password FROM users WHERE username = '%{user}' AND (type = 'local' OR type = 'piped'); } userdb sql { query = SELECT pop as home, uid, gid FROM users WHERE username =dovecot: auth: Fatal: auth-cache: SELECT crypt as password FROM users WHERE username = '%u' AND (type = 'local' OR type = 'piped');: Cache key must contain at least one variable '%{user}'; } sql_driver = mysql mysql /var/run/mysqld/mysqld.sock { user = exim4u password = SECRET dbname = exim4u }
protocols { imap = yes pop3 = yes } protocol imap { mail_max_userip_connections = 50 } protocol pop3 { pop3_uidl_format = %{uid}%{uidvalidity} }
service auth { user = dovecot }
ssl = required ssl_server_cert_file = /etc/pki/tls/exim_tls/exim.cert ssl_server_key_file = /etc/pki/tls/exim_tls/exim.key ssl_server_dh_file = /etc/dovecot/dh.pem ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
My cut/paste of the dovecot.conf file in my previous post was somehow corrupted. Here is the actual file instead:
*** REQUIRED *** Dovecot config and storage versions
dovecot_config_version = 2.4.2 dovecot_storage_version = 2.4.2
passdb sql { query = SELECT crypt as password FROM users WHERE username = '%{user}' AND (type = 'local' OR type = 'piped'); } userdb sql { query = SELECT pop as home, uid, gid FROM users WHERE username = '%{user}'; } sql_driver = mysql mysql /var/run/mysqld/mysqld.sock { user = exim4u password = $Cr@bby-P3lican$ dbname = exim4u }
protocols { imap = yes pop3 = yes } protocol imap { mail_max_userip_connections = 50 } protocol pop3 { pop3_uidl_format = %{uid}%{uidvalidity} }
service auth { user = dovecot }
ssl = required ssl_server_cert_file = /etc/pki/tls/exim_tls/exim.cert ssl_server_key_file = /etc/pki/tls/exim_tls/exim.key ssl_server_dh_file = /etc/dovecot/dh.pem ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
On 2026-01-20 23:44, Gordon Dickens via dovecot wrote:
My cut/paste of the dovecot.conf file in my previous post was somehow corrupted. Here is the actual file instead:
*** REQUIRED *** Dovecot config and storage versions
dovecot_config_version = 2.4.2 dovecot_storage_version = 2.4.2
passdb sql { query = SELECT crypt as password FROM users WHERE username = '%{user}' AND (type = 'local' OR type = 'piped'); } userdb sql { query = SELECT pop as home, uid, gid FROM users WHERE username = '%{user}'; } The queries look ok, quite similar to mine. I use ${user | lower} filter to lowercase the usernames.
What's the error in the log?
To get even more verbose logs, have you set auth_verbose = yes log_debug=category=auth
sql_driver = mysql mysql /var/run/mysqld/mysqld.sock { user = exim4u password = $Cr@bby-P3lican$ dbname = exim4u } You just posted your password to the internet, best to change it.
-- Christian Kivalo
I figured it out. I needed the following in the passdb sql stanza: default_password_scheme = SHA512-CRYPT.
So, problem solved! The entire working dovecot.conf config is as follows:
*** REQUIRED *** Dovecot config and storage versions
dovecot_config_version = 2.4.2 dovecot_storage_version = 2.4.2
passdb sql { default_password_scheme = SHA512-CRYPT query = SELECT crypt as password FROM users WHERE username = '%{user}' AND (type = 'local' OR type = 'piped'); }
userdb sql { query = SELECT pop as home, uid, gid FROM users WHERE username = '%{user}'; } sql_driver = mysql mysql /var/run/mysqld/mysqld.sock { user = exim4u password = SECRET dbname = exim4u }
protocols { imap = yes pop3 = yes } protocol imap { mail_max_userip_connections = 50 } protocol pop3 { pop3_uidl_format = %{uid}%{uidvalidity} }
service auth { user = dovecot }
ssl = required ssl_server_cert_file = /etc/pki/tls/exim_tls/exim.cert ssl_server_key_file = /etc/pki/tls/exim_tls/exim.key ssl_server_dh_file = /etc/dovecot/dh.pem ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
participants (2)
-
Christian Kivalo
-
Gordon Dickens