Authentication Problem with dovecot-2.3.0.1
I am a little confused here.
I have been running 2.2.34 which I installed in /opt/dovecot2.2 I installed 2.3.0.1 to /opt/dovecot23
I then used config files from /opt/dovecot2.2/etc/dovecot to /opt/dovecot2.3/etc/dovecot and all I did was sed -i.BAK 's/dovecot2.2/dovecot2.3/g'. Dovecot started and was running file.
Next, I manually crafted config files for 2.3.0.1 based on the example config files provided which diff-ing those with what I had for 2.2.34. I doub't if I missed something crucial during the process.
I realized that I cannot start 2.3.0.1 when I enable submission, since my Exim MTA is already using that port. This persists even if I tell the submission protocol to use a different port than 587. I tested 2587, but it would appear that 587 is hard-coded!
I realize that "unix_listener auth-client" service ceased to exist!
*I realized that while 2.2.34 runs with default_pass_scheme = MD5-CRYPT, 2.3.0.1 would not run with it.*
I have run dovecot -n from my 2.2.x installation and 2.3.x installation and here is the diff from the two files.
I am confused why authentication is failing with dovecot-2.3.0.1 when it uses 2.3.x config files using MD5-CRYPT scheme while it is succeeding with dovecot-2.2.34 using the same. *Mar 07 22:30:22 auth: Info: sql(user.name@domain.name user.name@domain.name,192.168.55.97,<4CETl9dmscvAqDdh>): Requested DIGEST-MD5 scheme, but we have only MD5-CRYPT*
Maybe the problem is elsewhere??? I need a 3rd eye to help me.
For now
root@gw:~wash/public_html # sdiff dovecot-2.2.txt dovecot-2.3.txt | less # 2.2.34 (874deae): /opt/dovecot2.2/etc/dovecot/dovecot.conf | # 2.3.0.1 (ffd8a29): /opt/dovecot2.3/etc/dovecot/dovecot.conf # OS: FreeBSD 9.3-STABLE i386 ufs # OS: FreeBSD 9.3-STABLE i386 ufs # Hostname: localhost < auth_cache_size = 20 M auth_cache_size = 20 M auth_master_user_separator = * auth_master_user_separator = * auth_mechanisms = plain login digest-md5 auth_mechanisms = plain login digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_socket_path = /var/run/dovecot/auth-userdb base_dir = /var/run/dovecot/ base_dir = /var/run/dovecot/ default_login_user = dovecot default_login_user = dovecot disable_plaintext_auth = no disable_plaintext_auth = no first_valid_gid = 0 first_valid_gid = 0 first_valid_uid = 26 first_valid_uid = 26 hostname = gw hostname = gw info_log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot.log mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE mail_plugins = " quota" < namespace inbox { namespace inbox { inbox = yes inbox = yes location = location = mailbox Drafts { mailbox Drafts { special_use = \Drafts special_use = \Drafts } } mailbox Junk { mailbox Junk { special_use = \Junk special_use = \Junk } } mailbox Sent { mailbox Sent { special_use = \Sent special_use = \Sent } } mailbox "Sent Messages" { mailbox "Sent Messages" { special_use = \Sent special_use = \Sent } } mailbox Trash { mailbox Trash { special_use = \Trash special_use = \Trash } } prefix = prefix = } } passdb { passdb { args = /opt/dovecot2.2/etc/dovecot/passwd.master_users.ext | args = /opt/dovecot2.3/etc/dovecot/passwd.master_users.ext driver = passwd-file driver = passwd-file master = yes master = yes pass = yes pass = yes } } passdb { passdb { args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext driver = sql driver = sql } } plugin { plugin { mail_log_fields = uid box msgid size mail_log_fields = uid box msgid size quota_rule = *:storage=1G quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u quota_warning3 = -storage=100%% quota-warning below %u } } service auth { service auth { unix_listener auth-client { < mode = 0600 < user = mailnull < } < unix_listener auth-userdb { unix_listener auth-userdb { group = mailnull group = mailnull user = mailnull user = mailnull } } } } service quota-warning { service quota-warning { executable = script /opt/dovecot2.2/scripts/quota-warning.s | executable = script /opt/dovecot2.3/scripts/quota-warning.s unix_listener quota-warning { unix_listener quota-warning { user = mailnull user = mailnull } } user = dovecot user = dovecot } } ssl_cert = submission_max_mail_size = 4 G userdb { userdb { args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext driver = sql driver = sql } } protocol lda { < mail_plugins = quota < } < protocol imap { protocol imap { mail_max_userip_connections = 5 mail_max_userip_connections = 5 mail_plugins = " quota imap_quota" < } } protocol pop3 { | protocol lda { mail_max_userip_connections = 5 | mail_plugins = quota } }
Maybe I am just suffering brainlock and need to debug auth further, but I have see a question about this auth issue already from another poster, and it's not been answered by anyone.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
On 07.03.2018 22:07, Odhiambo Washington wrote:
I am a little confused here.
I have been running 2.2.34 which I installed in /opt/dovecot2.2 I installed 2.3.0.1 to /opt/dovecot23
I then used config files from /opt/dovecot2.2/etc/dovecot to /opt/dovecot2.3/etc/dovecot and all I did was sed -i.BAK 's/dovecot2.2/dovecot2.3/g'. Dovecot started and was running file.
Next, I manually crafted config files for 2.3.0.1 based on the example config files provided which diff-ing those with what I had for 2.2.34. I doub't if I missed something crucial during the process.
I realized that I cannot start 2.3.0.1 when I enable submission, since my Exim MTA is already using that port. This persists even if I tell the submission protocol to use a different port than 587. I tested 2587, but it would appear that 587 is hard-coded!
I realize that "unix_listener auth-client" service ceased to exist!
*I realized that while 2.2.34 runs with default_pass_scheme = MD5-CRYPT, 2.3.0.1 would not run with it.*
- I have run dovecot -n from my 2.2.x installation and 2.3.x installation and here is the diff from the two files.
I am confused why authentication is failing with dovecot-2.3.0.1 when it uses 2.3.x config files using MD5-CRYPT scheme while it is succeeding with dovecot-2.2.34 using the same. *Mar 07 22:30:22 auth: Info: sql(user.name@domain.name mailto:user.name@domain.name,192.168.55.97,<4CETl9dmscvAqDdh>): Requested DIGEST-MD5 scheme, but we have only MD5-CRYPT*
Maybe the problem is elsewhere??? I need a 3rd eye to help me.
For now
root@gw:~wash/public_html # sdiff dovecot-2.2.txt dovecot-2.3.txt | less # 2.2.34 (874deae): /opt/dovecot2.2/etc/dovecot/dovecot.conf | # 2.3.0.1 (ffd8a29): /opt/dovecot2.3/etc/dovecot/dovecot.conf # OS: FreeBSD 9.3-STABLE i386 ufs # OS: FreeBSD 9.3-STABLE i386 ufs # Hostname: localhost < auth_cache_size = 20 M auth_cache_size = 20 M auth_master_user_separator = * auth_master_user_separator = * auth_mechanisms = plain login digest-md5 auth_mechanisms = plain login digest-md5 auth_socket_path = /var/run/dovecot/auth-userdb auth_socket_path = /var/run/dovecot/auth-userdb base_dir = /var/run/dovecot/ base_dir = /var/run/dovecot/ default_login_user = dovecot default_login_user = dovecot disable_plaintext_auth = no disable_plaintext_auth = no first_valid_gid = 0 first_valid_gid = 0 first_valid_uid = 26 first_valid_uid = 26 hostname = gw hostname = gw info_log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot.log mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE mail_plugins = " quota" < namespace inbox { namespace inbox { inbox = yes inbox = yes location = location = mailbox Drafts { mailbox Drafts { special_use = \Drafts special_use = \Drafts } } mailbox Junk { mailbox Junk { special_use = \Junk special_use = \Junk } } mailbox Sent { mailbox Sent { special_use = \Sent special_use = \Sent } } mailbox "Sent Messages" { mailbox "Sent Messages" { special_use = \Sent special_use = \Sent } } mailbox Trash { mailbox Trash { special_use = \Trash special_use = \Trash } } prefix = prefix = } } passdb { passdb { args = /opt/dovecot2.2/etc/dovecot/passwd.master_users.ext | args = /opt/dovecot2.3/etc/dovecot/passwd.master_users.ext driver = passwd-file driver = passwd-file master = yes master = yes pass = yes pass = yes } } passdb { passdb { args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext driver = sql driver = sql } } plugin { plugin { mail_log_fields = uid box msgid size mail_log_fields = uid box msgid size quota_rule = *:storage=1G quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M quota_rule2 = Trash:storage=+100M quota_warning = storage=95%% quota-warning 95 %u quota_warning = storage=95%% quota-warning 95 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning2 = storage=80%% quota-warning 80 %u quota_warning3 = -storage=100%% quota-warning below %u quota_warning3 = -storage=100%% quota-warning below %u } } service auth { service auth { unix_listener auth-client { < mode = 0600 < user = mailnull < } < unix_listener auth-userdb { unix_listener auth-userdb { group = mailnull group = mailnull user = mailnull user = mailnull } } } } service quota-warning { service quota-warning { executable = script /opt/dovecot2.2/scripts/quota-warning.s | executable = script /opt/dovecot2.3/scripts/quota-warning.s unix_listener quota-warning { unix_listener quota-warning { user = mailnull user = mailnull } } user = dovecot user = dovecot } } ssl_cert = http://gw.crownkenya.com ssl_cert = http://gw.crownkenya.com ssl_key = # hidden, use -P to show it ssl_key = # hidden, use -P to show it > submission_max_mail_size = 4 G userdb { userdb { args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext driver = sql driver = sql } } protocol lda { < mail_plugins = quota < } < protocol imap { protocol imap { mail_max_userip_connections = 5 mail_max_userip_connections = 5 mail_plugins = " quota imap_quota" < } } protocol pop3 { | protocol lda { mail_max_userip_connections = 5 | mail_plugins = quota } }
Maybe I am just suffering brainlock and need to debug auth further, but I have see a question about this auth issue already from another poster, and it's not been answered by anyone.
Can you send 'doveconf -n' for the 2.3.0.1 instance?
Also. You cannot use hashed passwords with DIGEST-MD5. MD5-CRYPT is hashed password scheme.
To change dovecot's submission service port, use
service submission-login { inet_listener { port = 2587 } }
"auth-client" cannot be missing, since you can specify arbitrary listeners in dovecot, so https://wiki.dovecot.org/HowTo/EximAndDovecotSASL is still quite valid.
Aki
participants (2)
-
Aki Tuomi
-
Odhiambo Washington