[Dovecot] Exim Dovecot Authentication Problem
Having a hard time figuring out something that is supposed to be easy. Tryiong to configure Dovecot so that it provides authentication to Exim for outgoing smtp. Tried different things and getting
authentication socket protocol error
dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1
auth default {
Space separated list of wanted authentication mechanisms:
plain digest-md5 cram-md5 apop anonymous
mechanisms = plain
Password database is used to verify user's password (and nothing more).
You can have multiple passdbs and userdbs. This is useful if you want to
allow both system users (/etc/passwd) and virtual users to login without
duplicating the system users into virtual database.
http://wiki.dovecot.org/Authentication
PAM authentication. Preferred nowadays by most systems.
Note that PAM can only be used to verify if user's password is correct,
so it can't be used as userdb. If you don't want to use a separate user
database (passwd usually), you can use static userdb.
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes pass =yes }
Linuxconf passwd-like file with specified location
passdb passwd-file { args = /etc/exim/control/vmail/shadow.%d }
Linuxconf passwd-like file with specified location
userdb passwd-file { args = /etc/exim/control/vmail/passwd.%d }
User to use for the process. This user needs access to only user and
password databases, nothing else. Only shadow and pam authentication
requires roots, so use something else if possible. Note that passwd
authentication with BSDs internally accesses shadow files, which also
requires roots. Note that this user is NOT used to access mails.
That user is specified by userdb above.
user = root
Number of authentication processes to create
count = 10
}
It's possible to export the authentication interface to other programs,
for example SMTP server which supports talking to Dovecot. Client socket
handles the actual authentication - you give it a username and password
and it returns OK or failure. So it's pretty safe to allow anyone
access to
it. Master socket is used to a) query if given client was successfully
authenticated, b) userdb lookups.
listener sockets will be created by Dovecot's master process using the
settings given inside the auth section
auth default_with_listener { mechanisms = plain
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes pass =yes }
passdb passwd-file { # Path for passwd-file args = /etc/exim/control/vmail/shadow.%d }
userdb passwd-file { # Path for passwd-file args = /etc/exim/control/vmail/passwd.%d }
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } } }
auth external { mechanisms = plain
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes pass =yes }
passdb passwd-file { # Path for passwd-file args = /etc/exim/control/vmail/shadow.%d }
userdb passwd-file { # Path for passwd-file args = /etc/exim/control/vmail/passwd.%d }
socket listen { client { path = /var/run/dovecot/auth-client mode = 0666 } }
}
On Sat, 2008-01-19 at 20:24 -0800, Marc Perkel wrote:
Having a hard time figuring out something that is supposed to be easy. Tryiong to configure Dovecot so that it provides authentication to Exim for outgoing smtp. Tried different things and getting
authentication socket protocol error
Set auth_debug=yes and see what Dovecot logs.
auth default { .. auth default_with_listener { .. auth external {
Use only one auth {} block, otherwise it'll work somewhat unexpectedly.
ok - making some progress but still not working. Here's the error I'm getting.
2008-01-20 08:06:37 dovecot_plain authenticator failed for bigdog1.junkemailfilter.com ([192.168.2.112]) [209.204.160.104]: 435 Unable to authenticate at present: authentication socket protocol error
Exim side:
dovecot_plain: driver = dovecot public_name = PLAIN server_socket = /var/run/dovecot/auth-client server_set_id = $auth1
Dovecot Side:
auth default {
mechanisms = plain
passdb passwd-file { # Master users that can log in as anyone args = /etc/dovecot.masterusers master = yes pass =yes }
Linuxconf passwd-like file with specified location
passdb passwd-file { args = /etc/exim/control/vmail/shadow.%d }
Linuxconf passwd-like file with specified location
userdb passwd-file { args = /etc/exim/control/vmail/passwd.%d }
socket listen { master { path = /var/run/dovecot/auth-master mode = 0666 } client { path = /var/run/dovecot/auth-client mode = 0666 } } }
On 20.1.2008, at 18.13, Marc Perkel wrote:
ok - making some progress but still not working. Here's the error
I'm getting.2008-01-20 08:06:37 dovecot_plain authenticator failed for
bigdog1.junkemailfilter.com ([192.168.2.112]) [209.204.160.104]:
435 Unable to authenticate at present: authentication socket
protocol error
This doesn't really tell anything. Exim's error logging could be
better.. What do Dovecot's logs show with auth_debug=yes?
Timo Sirainen wrote:
On 20.1.2008, at 18.13, Marc Perkel wrote:
ok - making some progress but still not working. Here's the error I'm getting.
2008-01-20 08:06:37 dovecot_plain authenticator failed for bigdog1.junkemailfilter.com ([192.168.2.112]) [209.204.160.104]: 435 Unable to authenticate at present: authentication socket protocol error
This doesn't really tell anything. Exim's error logging could be better.. What do Dovecot's logs show with auth_debug=yes?
I'm not seeing anything unusual in the logs on the dovecot side. I left a message in the Exim list to see if someone there knows something.
On 1/20/08, Marc Perkel <marc@perkel.com> wrote:
Having a hard time figuring out something that is supposed to be easy. Tryiong to configure Dovecot so that it provides authentication to Exim for outgoing smtp. Tried different things and getting
authentication socket protocol error
Some (older?) versions of Exim needed a patch. Sorry, I do not remember exactly. I attach the patch below. Exim->Dovecot conf works well here, there is only one (reported problem): http://readlist.com/lists/exim.org/exim-users/2/14908.html Chris --- src/auths/dovecot.c 2006-10-19 08:37:34.000000000 +0200 +++ src/auths/dovecot.c.NEW 2006-10-19 08:38:26.000000000 +0200 @@ -171,8 +171,10 @@ if (!found) goto out; - fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n" - "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n", +// fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n" +// "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n", + fprintf(f, "VERSION\t%d\t%d\nCPID\t%d\n" + "AUTH\t%d\t%s\tservice=smtp\trip=%s\tlip=%s\tresp=%s\n", VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, ablock->public_name, sender_host_address, interface_address, data ? (char *) data : "");
Chris Laif wrote:
On 1/20/08, Marc Perkel <marc@perkel.com> wrote:
Having a hard time figuring out something that is supposed to be easy. Tryiong to configure Dovecot so that it provides authentication to Exim for outgoing smtp. Tried different things and getting
authentication socket protocol error
Some (older?) versions of Exim needed a patch. Sorry, I do not remember exactly. I attach the patch below.
Exim->Dovecot conf works well here, there is only one (reported problem): http://readlist.com/lists/exim.org/exim-users/2/14908.html
Chris
--- src/auths/dovecot.c 2006-10-19 08:37:34.000000000 +0200 +++ src/auths/dovecot.c.NEW 2006-10-19 08:38:26.000000000 +0200 @@ -171,8 +171,10 @@ if (!found) goto out;
- fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n" - "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n", +// fprintf(f, "VERSION\t%d\t%d\r\nSERVICE\tSMTP\r\nCPID\t%d\r\n" +// "AUTH\t%d\t%s\trip=%s\tlip=%s\tresp=%s\r\n", + fprintf(f, "VERSION\t%d\t%d\nCPID\t%d\n" + "AUTH\t%d\t%s\tservice=smtp\trip=%s\tlip=%s\tresp=%s\n", VERSION_MAJOR, VERSION_MINOR, getpid(), cuid, ablock->public_name, sender_host_address, interface_address, data ? (char *) data : "");
I'm running the latest version of Exim. Would it still need patched? And - thanks for your help.
participants (3)
-
Chris Laif
-
Marc Perkel
-
Timo Sirainen