Hello all
I use debian 9 with dovecot 2.x: real system users and virtual users: almost all works perfectly ;)
Virtual users can connect via imap and pop using name + domain name: user00@domain1.org, etc.
pam (real system users) users can connect via imap and pop ONLY without domain name
It's a problem with pam authentication because linux make users authentication with only username (and not with also domain name) but I'd like user full email like test00@realdomain.org
cat /etc/dovecot/conf.d/auth-passwdfile.conf.ext
passdb { driver = passwd-file args = scheme=SHA256 username_format=%u /etc/dovecot/users }
userdb { driver = passwd-file args = scheme=SHA256 username_format=%u /etc/dovecot/users }
cat /etc/dovecot/conf.d/auth-system.conf.ext
passdb { driver = pam }
userdb { driver = passwd }
inside /etc/dovecot/conf.d/10-auth.conf [...] #auth_username_format = %n
is commented because I've multiple domains
cat /var/log/dovecot.debug
Sep 05 01:49:51 auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Sep 05 01:49:51 auth: Debug: passwd-file /etc/dovecot/users: Read 4
users in 0 secs
Sep 05 01:49:51 auth: Debug: auth client connected (pid=23412)
Sep 05 01:49:51 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=hjdhgfghhg lip=192.168.1.100
rip=192.168.1.100 lport=143 rport=39356
resp=hsdfhsfddfjk
jklsdfkljkdlskfljsdkjlfds== (previous base64 data may contain sensitive
data)
Sep 05 01:49:51 auth-worker(23414): Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
Sep 05 01:49:51 auth-worker(23414): Debug: passwd-file
/etc/dovecot/users: Read 4 users in 0 secs
Sep 05 01:49:51 auth-worker(23414): Debug:
pam(test@realdomain.org,192.168.1.100,<PitAxGVYvJnAqAFk>): lookup
service=dovecot
Sep 05 01:49:51 auth-worker(23414): Debug:
pam(test@realdomain.org,192.168.1.100,<PitAxGVYvJnAqAFk>): #1/1 style=1
msg=Password:
Sep 05 01:49:53 auth: Debug:
passwd-file(test@realdomain.org,192.168.1.100,<PitAxGVYvJnAqAFk>):
lookup: user=test@realdomain.org file=/etc/dovecot/users
Sep 05 01:49:55 auth: Debug: client passdb out: FAIL 1
user=test@realdomain.com
Sep 05 01:51:15 auth: Debug: Loading modules from directory:
/usr/lib/dovecot/modules/auth
Sep 05 01:51:15 auth: Debug: Read auth token secret from
/var/run/dovecot/auth-token-secret.dat
Sep 05 01:51:15 auth: Debug: passwd-file /etc/dovecot/users: Read 4
users in 0 secs
Sep 05 01:51:15 auth: Debug: auth client connected (pid=23461)
Sep 05 01:51:26 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=ycnxyWVYQYokInmi lip=192.168.0.2
rip=36.34.121.162 lport=993 rport=35393
Sep 05 0
any idea?
thanks for help!
Pol
Pol
On 05.09.2017 10:52, Pol Hallen wrote:
Hello all
I use debian 9 with dovecot 2.x: real system users and virtual users: almost all works perfectly ;)
Virtual users can connect via imap and pop using name + domain name: user00@domain1.org, etc.
pam (real system users) users can connect via imap and pop ONLY without domain name
It's a problem with pam authentication because linux make users authentication with only username (and not with also domain name) but I'd like user full email like test00@realdomain.org
cat /etc/dovecot/conf.d/auth-passwdfile.conf.ext
passdb { driver = passwd-file args = scheme=SHA256 username_format=%u /etc/dovecot/users }
userdb { driver = passwd-file args = scheme=SHA256 username_format=%u /etc/dovecot/users }
cat /etc/dovecot/conf.d/auth-system.conf.ext
passdb { driver = pam }
userdb { driver = passwd }
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
-- Pol
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote:
Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
-- Pol
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote:
thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=JK0Bfm9YuqfAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA==
(previous base64 data may contain sensitive data)
Sep 05 13:26:02 auth-worker(30088): Debug:
pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup
service=username_format=user00
Sep 05 13:26:02 auth-worker(30088): Debug:
pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1
style=1 msg=Password:
==> /var/log/dovecot.info <==
Sep 05 13:26:04 auth-worker(30088): Info:
pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:26:04 auth: Debug:
passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
lookup: user=user00@realsystem.org file=/etc/dovecot/users
==> /var/log/dovecot.info <==
Sep 05 13:26:04 auth: Info:
passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
unknown user (given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1
user=user00@realsystem.org
==> /var/log/dovecot.info <==
Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts
in 4 secs): user=user00@realsystem.org, method=PLAIN,
rip=192.168.1.100, lip=192.168.1.100, secured
doveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
-- Pol
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote:
Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=JK0Bfm9YuqfAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1
user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secureddoveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
Do I modify auth-system.conf.ext only (sorry for the question)
if yes, I've same problem
Pol
On 2017-09-05 13:34, Aki Tuomi wrote:
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=JK0Bfm9YuqfAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1
user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secureddoveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
-- Pol
No, you modify dovecot.conf
Aki
On 05.09.2017 14:40, Pol Hallen wrote:
Do I modify auth-system.conf.ext only (sorry for the question)
if yes, I've same problem
Pol
On 2017-09-05 13:34, Aki Tuomi wrote:
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=JK0Bfm9YuqfAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1
user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secureddoveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
does not work :-/
Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115)
Sep 05 13:49:41 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=IFCT0m9Y0KjAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=43216 resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA==
(previous base64 data may contain sensitive data)
Sep 05 13:49:41 auth: Debug:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup: user=user00@realdomain.org file=/etc/dovecot/users
Sep 05 13:49:41 auth: Debug:
static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
Sep 05 13:49:41 auth: Debug:
static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Allowing
any password
Sep 05 13:49:41 auth: Debug:
static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Not
performing authentication (noauthenticate set)
==> /var/log/dovecot.info <==
Sep 05 13:49:41 auth: Info:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
unknown user (given password: pass) - trying the next passdb
==> /var/log/dovecot.debug <==
Sep 05 13:49:41 auth-worker(31116): Debug: Loading modules from
directory: /usr/lib/dovecot/modules/auth
Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file
/etc/dovecot/users: Read 4 users in 0 secs
Sep 05 13:49:41 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
service=dovecot
Sep 05 13:49:41 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
style=1 msg=Password:
==> /var/log/dovecot.info <==
Sep 05 13:49:42 auth-worker(31116): Info:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:49:42 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
service=dovecot
Sep 05 13:49:42 auth-worker(31116): Debug:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
style=1 msg=Password:
==> /var/log/dovecot.info <==
Sep 05 13:49:45 auth-worker(31116): Info:
pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:49:45 auth: Debug:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup: user=user00@realdomain.org file=/etc/dovecot/users
==> /var/log/dovecot.info <==
Sep 05 13:49:45 auth: Info:
passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
unknown user (given password: pass)
==> /var/log/dovecot.debug <==
Sep 05 13:49:47 auth: Debug: client passdb out: FAIL 1
user=user00@realdomain.org
Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field:
==> /var/log/dovecot.info <==
Sep 05 13:49:47 imap-login: Info: Disconnected (auth failed, 1 attempts
in 6 secs): user=user00@realdomain.org, method=PLAIN,
rip=192.168.1.100, lip=192.168.1.100, secured
On 2017-09-05 13:41, Aki Tuomi wrote:
No, you modify dovecot.conf
Aki
On 05.09.2017 14:40, Pol Hallen wrote: Do I modify auth-system.conf.ext only (sorry for the question)
if yes, I've same problem
Pol
On 2017-09-05 13:34, Aki Tuomi wrote:
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=JK0Bfm9YuqfAqAFk lip=192.168.1.100 rip=192.168.1.100 lport=143 rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1 user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secured
doveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
-- Pol
Sorry, small typo
passdb { driver = static args = user=%n noauthenticate }
Aki
On 05.09.2017 14:51, Pol Hallen wrote:
does not work :-/
Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115) Sep 05 13:49:41 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=IFCT0m9Y0KjAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=43216
resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:49:41 auth: Debug: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup: user=user00@realdomain.org file=/etc/dovecot/users Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Allowing any password Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Not performing authentication (noauthenticate set) ==> /var/log/dovecot.info <== Sep 05 13:49:41 auth: Info: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): unknown user (given password: pass) - trying the next passdb ==> /var/log/dovecot.debug <== Sep 05 13:49:41 auth-worker(31116): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file /etc/dovecot/users: Read 4 users in 0 secs Sep 05 13:49:41 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup service=dovecot Sep 05 13:49:41 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:49:42 auth-worker(31116): Info: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:42 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup service=dovecot Sep 05 13:49:42 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:49:45 auth-worker(31116): Info: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:45 auth: Debug: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup: user=user00@realdomain.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:49:45 auth: Info: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:47 auth: Debug: client passdb out: FAIL 1
user=user00@realdomain.org Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field: ==> /var/log/dovecot.info <== Sep 05 13:49:47 imap-login: Info: Disconnected (auth failed, 1 attempts in 6 secs): user=user00@realdomain.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, securedOn 2017-09-05 13:41, Aki Tuomi wrote:
No, you modify dovecot.conf
Aki
On 05.09.2017 14:40, Pol Hallen wrote: Do I modify auth-system.conf.ext only (sorry for the question)
if yes, I've same problem
Pol
On 2017-09-05 13:34, Aki Tuomi wrote:
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=JK0Bfm9YuqfAqAFk lip=192.168.1.100 rip=192.168.1.100 lport=143 rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1 user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secured
doveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
How cooool!!! Works! :-)))
Very very thanks for your help!!!
Pol :)
On 2017-09-05 13:54, Aki Tuomi wrote:
Sorry, small typo
passdb { driver = static args = user=%n noauthenticate }
Aki
On 05.09.2017 14:51, Pol Hallen wrote:
does not work :-/
Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115) Sep 05 13:49:41 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=IFCT0m9Y0KjAqAFk lip=192.168.1.100 rip=192.168.1.100 lport=143 rport=43216 resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:49:41 auth: Debug: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup: user=user00@realdomain.org file=/etc/dovecot/users Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Allowing any password Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Not performing authentication (noauthenticate set) ==> /var/log/dovecot.info <== Sep 05 13:49:41 auth: Info: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): unknown user (given password: pass) - trying the next passdb ==> /var/log/dovecot.debug <== Sep 05 13:49:41 auth-worker(31116): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file /etc/dovecot/users: Read 4 users in 0 secs Sep 05 13:49:41 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup service=dovecot Sep 05 13:49:41 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:49:42 auth-worker(31116): Info: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:42 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup service=dovecot Sep 05 13:49:42 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:49:45 auth-worker(31116): Info: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:45 auth: Debug: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup: user=user00@realdomain.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:49:45 auth: Info: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:47 auth: Debug: client passdb out: FAIL 1 user=user00@realdomain.org Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field: ==> /var/log/dovecot.info <== Sep 05 13:49:47 imap-login: Info: Disconnected (auth failed, 1 attempts in 6 secs): user=user00@realdomain.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secured
On 2017-09-05 13:41, Aki Tuomi wrote:
No, you modify dovecot.conf
Aki
On 05.09.2017 14:40, Pol Hallen wrote: Do I modify auth-system.conf.ext only (sorry for the question)
if yes, I've same problem
Pol
On 2017-09-05 13:34, Aki Tuomi wrote:
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=JK0Bfm9YuqfAqAFk lip=192.168.1.100 rip=192.168.1.100 lport=143 rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1 user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secured
doveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
-- Pol
I'm sorry but there's a problem with virtual users: seems that dovecot processes first part of domain, for example: testdomain.org, and testdomain.com for dovecot are the same
I can login using user00@testdomain
well if I've
user00@testdomain.com and user00@testdomain.org
an user can login using: user00@testdomain and dovecot check first domain
it's strange (!)
how to solve?
Pol
On 2017-09-05 13:54, Aki Tuomi wrote:
Sorry, small typo
passdb { driver = static args = user=%n noauthenticate }
Aki
On 05.09.2017 14:51, Pol Hallen wrote: does not work :-/
Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115) Sep 05 13:49:41 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=IFCT0m9Y0KjAqAFk lip=192.168.1.100 rip=192.168.1.100 lport=143 rport=43216 resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:49:41 auth: Debug: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup: user=user00@realdomain.org file=/etc/dovecot/users Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Allowing any password Sep 05 13:49:41 auth: Debug: static(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Not performing authentication (noauthenticate set) ==> /var/log/dovecot.info <== Sep 05 13:49:41 auth: Info: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): unknown user (given password: pass) - trying the next passdb ==> /var/log/dovecot.debug <== Sep 05 13:49:41 auth-worker(31116): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file /etc/dovecot/users: Read 4 users in 0 secs Sep 05 13:49:41 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup service=dovecot Sep 05 13:49:41 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:49:42 auth-worker(31116): Info: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:42 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup service=dovecot Sep 05 13:49:42 auth-worker(31116): Debug: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:49:45 auth-worker(31116): Info: pam(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:45 auth: Debug: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup: user=user00@realdomain.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:49:45 auth: Info: passwd-file(user00@realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:49:47 auth: Debug: client passdb out: FAIL 1 user=user00@realdomain.org Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field: ==> /var/log/dovecot.info <== Sep 05 13:49:47 imap-login: Info: Disconnected (auth failed, 1 attempts in 6 secs): user=user00@realdomain.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secured
On 2017-09-05 13:41, Aki Tuomi wrote:
No, you modify dovecot.conf
Aki
On 05.09.2017 14:40, Pol Hallen wrote: Do I modify auth-system.conf.ext only (sorry for the question)
if yes, I've same problem
Pol
On 2017-09-05 13:34, Aki Tuomi wrote:
Try configuring like this:
passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file }
passdb { driver = static args = username=%n noauthenticate skip = authenticated }
passdb { driver = pam skip = authenticated }
On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN service=imap secured session=JK0Bfm9YuqfAqAFk lip=192.168.1.100 rip=192.168.1.100 lport=143 rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous base64 data may contain sensitive data) Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup service=username_format=user00 Sep 05 13:26:02 auth-worker(30088): Debug: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 style=1 msg=Password: ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth-worker(30088): Info: pam(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:04 auth: Debug: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup: user=user00@realsystem.org file=/etc/dovecot/users ==> /var/log/dovecot.info <== Sep 05 13:26:04 auth: Info: passwd-file(user00@realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): unknown user (given password: pass) ==> /var/log/dovecot.debug <== Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1 user=user00@realsystem.org ==> /var/log/dovecot.info <== Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 attempts in 4 secs): user=user00@realsystem.org, method=PLAIN, rip=192.168.1.100, lip=192.168.1.100, secured
doveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.16 (fed8554) # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 auth_debug = yes auth_debug_passwords = yes auth_mechanisms = login plain auth_verbose = yes auth_verbose_passwords = yes debug_log_path = /var/log/dovecot.debug disable_plaintext_auth = no info_log_path = /var/log/dovecot.info login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c mail_debug = yes mail_home = /home/vmail/%d/%n/Maildir mail_location = maildir:~/Maildir mail_plugins = " quota quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = subscriptions = yes type = private } passdb { args = username_format=%n driver = pam } passdb { args = scheme=SHA256 username_format=%u /etc/dovecot/users driver = passwd-file } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append flag_change mail_log_fields = uid box msgid size from subject vsize quota = maildir:User quota quota_rule = *:storage=10000M quota_rule2 = Junk:storage=+100M quota_rule3 = SPAM:storage=+100M quota_warning = storage=90%% quota-warning 90 %u sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags } protocols = " imap sieve pop3 sieve" quota_full_tempfail = yes service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 vsz_limit = 64 M } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service quota-warning { executable = script /root/bin/quota-warning.sh unix_listener quota-warning { mode = 0666 user = vmail } user = root } ssl_cert =
On 2017-09-05 13:01, Aki Tuomi wrote:
Can you provide
doveconf -n (with the new config)
enable auth_debug=yes, auth_verbose=yes and provide logs from authentication attempt?
Aki
On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your advices I've same problem: in the logs always I see the authentication with user and domain name, so dovecot doesn't accept it
any idea?
thanks!
Pol
On 2017-09-05 10:58, Aki Tuomi wrote:
Oh right, you need to do it like this...
after the passwd-file drivers add
passdb { driver = static args = username=%n noauthenticate }
Aki
On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
I already tried with:
username_format=%n or auth_username_format=%n but I've same problem
Pol
passdb { driver = pam args = username_format=%n }
also you probably want to consider using driver=passwd instead, if you really don't need pam due to some special plugins.
Aki
participants (3)
-
Aki Tuomi
-
dovecotml@fuckaround.org
-
Pol Hallen