[Dovecot] POP3/IMAPv4 CRAM-MD5 Authentication failed.(Re-post)

Yuuichi Ikeda (SKLC) yuichi at sklc.co.jp
Mon Nov 7 17:12:33 EET 2011 

Hi, I'm Yuuichi Ikeda from Japan User.

OS:Solaris 10 9/10 s10x_u9wos_14a X86
Mem:8GB
HDD:3TB
gcc:gcc (GCC) 4.1.2
gcc-prefix:/unsupported/gcc
Dovecot Version:2.0.15
configure:./configure --prefix=/opt/dovecot_2
--sysconfdir=/opt/dovecot_2/conf --mandir=/opt/man --enable-shared
--with-mysql --with-zlib --with-sqlite --with-sql=plugin
--with-ssldir=/opt/openssl --with-rundir=/var/run
--with-libiconv-prefix=/opt/libiconv

Dovecot Configuration
> # 2.0.15: /opt/dovecot_2/conf/dovecot/dovecot.conf
> # OS: SunOS 5.10 i86pc
> auth_debug = yes
> auth_mechanisms = cram-md5
> auth_ssl_require_client_cert = yes
> auth_ssl_username_from_cert = yes
> auth_verbose = yes
> base_dir = /var/run/dovecot/
> doveadm_worker_count = 10
> log_path = /var/log/dovecot/dovecot.log
> login_greeting = ready.
> login_trusted_networks = 192.168.1.0/24
> mail_location = maildir:~/Maildir
> passdb {
>   driver = pam
> }
> passdb {
>   args = /opt/dovecot_2/conf/dovecot/passwd
>   driver = passwd-file
> }
> plugin {
>   acl = vfile:/opt/dovecot_2/conf/dovecot/global-acls:cache_secs=300
>   acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
> }
> protocols = imap pop3
> service auth {
>   executable = /opt/dovecot_2/libexec/dovecot/auth
>   unix_listener /var/spool/postfix/private/auth {
>     mode = 0666
>   }
> }
> service imap-login {
>   executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/imap-login
>   inet_listener imap {
>     port = 143
>     ssl = no
>   }
>   inet_listener imaps {
>     port = 993
>     ssl = yes
>   }
> }
> service imap {
>   executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/imap
> }
> service lmtp {
>   unix_listener lmtp {
>     mode = 0666
>   }
> }
> service pop3-login {
>   executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/pop3-login
>   inet_listener pop3 {
>     port = 110
>     ssl = no
>   }
>   inet_listener pop3s {
>     port = 995
>     ssl = yes
>   }
> }
> service pop3 {
>   executable = /opt/dovecot_2/libexec/dovecot/rawlog /opt/dovecot_2/libexec/dovecot/pop3
> }
> ssl_ca = </opt/dovecot_2/conf/dovecot/ca-c.pem
> ssl_cert = </opt/dovecot_2/conf/dovecot/ns-c.pem
> ssl_key = </opt/dovecot_2/conf/dovecot/ns-p.pem
> ssl_verify_client_cert = yes
> userdb {
>   args = blocking=yes
>   driver = passwd
> }
> protocol imap {
>   imap_logout_format = bytes=%i/%o
>   imap_max_line_length = 64 k
>   mail_max_userip_connections = 10
>   mail_plugins =
> }
> protocol lda {
>   hostname = mailsv.sklc.co.jp
>   info_log_path = /var/log/dovecot/deliver.log
>   log_path = /var/log/dovecot/deliver.log
>   mail_plugins =
>   postmaster_address = postmaster at sklc.co.jp
>   sendmail_path = /usr/lib/sendmail
> }
> protocol lmtp {
>   mail_plugins =
> }
> protocol pop3 {
>   mail_plugins =
>   pop3_save_uidl = yes
>   pop3_uidl_format = %v-%u
> }

If it attests by connecting by POP3 or IMAPv4, the following messages will
be displayed and attestation will go wrong. 

> Nov 07 23:12:40 auth: Debug: auth client connected (pid=20018)
> Nov 07 23:12:40 auth: Debug: client in: AUTH    1       CRAM-MD5        service=pop3    secured no-penalty      lip=192.168.1.1 rip=192.168.1.110       lport=110       rport=57054
> Nov 07 23:12:40 auth: Info: CRAM-MD5(?,192.168.1.110): Client didn't present valid SSL certificate
> Nov 07 23:12:40 auth: Debug: client out: FAIL   1       reason=Client didn't present valid SSL certificate
> Nov 07 23:12:40 pop3-login: Info: Aborted login (cert required, client didn't start TLS): method=CRAM-MD5, rip=192.168.1.110, lip=192.168.1.1, secured

> Nov 07 23:16:32 auth: Debug: auth client connected (pid=20126)
> Nov 07 23:16:32 auth: Debug: client in: AUTH    1       CRAM-MD5        service=imap    secured no-penalty      lip=192.168.1.1 rip=192.168.1.1 lport=143       rport=58734
> Nov 07 23:16:32 auth: Info: CRAM-MD5(?,192.168.1.1): Client didn't present valid SSL certificate
> Nov 07 23:16:32 auth: Debug: client out: FAIL   1       reason=Client didn't present valid SSL certificate
> Nov 07 23:16:32 imap-login: Info: Aborted login (cert required, client didn't start TLS): method=CRAM-MD5, rip=192.168.1.1, lip=192.168.1.1, secured

What will you do and will become like this? If some people know ways of
coping, please let me know.

=============================================================
  Information-system part.
  Sankei-Koumuten Co.,Ltd.
  Yuuichi Ikeda
  Mail:yuichi at sklc.co.jp
  Tel.+81-3-3623-6474  Fax.+81-3-3623-6475
  Our company promotes "Team minus 6 percent"
  jus, Hatena Joined member.
  LPIC-2 Certified.
=============================================================

More information about the dovecot mailing list