failed login message

Rajesh M 24x7server at 24x7server.net
Fri Nov 28 03:45:41 UTC 2014 

thank you for guidance,

just to recap the issue was about squirrelmail giving a wrong message : "connection dropped by imap server" instead of "invalid user or password"

as advised i connected using command line on both my old and new servers, and have posted the details including the output of dovevcot -n.


1) command prompt login. i put wrong password

telnet x.x.x.x 143

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE START
TLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] ready.

1 login acc at mydomain.com wrongpass

1 NO [AUTHENTICATIONFAILED] Authentication failed.


2) DOVECOT LOG output

CURRENT SERVER
Nov 28 08:48:39 imap-login: Info: Disconnected (auth failed, 1 attempts in 72 secs): user=<acc at mydomain.com, method=PLAIN, rip=120.62.202.70, lip=103.241.181.155, session=<4PxKs+II2QB4PspG>

OLD SERVER
Nov 28 09:06:08 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<acc at mydomain.com>, method=PLAIN, rip=120.62.202.70, lip=72.35.76.156



3) DOVECOT CONFIG FILE DETAILS

# dovecot -n
# 2.2.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final)
auth_cache_negative_ttl = 0
auth_cache_size = 32 M
auth_cache_ttl = 30 mins
auth_mechanisms = plain login digest-md5 cram-md5
default_login_user = vpopmail
disable_plaintext_auth = no
first_valid_gid = 89
first_valid_uid = 89
log_path = /var/log/dovecot.log
login_greeting = ready.
mail_max_userip_connections = 50
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
  inbox = yes
  location =
  prefix =
  separator = .
  type = private
}
passdb {
  args = cache_key=%u webmail=127.0.0.1
  driver = vpopmail
}
plugin {
  quota = maildir:ignore=Trash
  quota_rule = ?:storage=0
}
protocols = imap pop3
service imap-login {
  client_limit = 256
  process_limit = 400
  process_min_avail = 12
  service_count = 0
  vsz_limit = 384 M
}
service pop3-login {
  client_limit = 1000
  process_limit = 400
  process_min_avail = 12
  service_count = 0
  vsz_limit = 512 M
}
ssl_cert = </var/qmail/control/servercert.pem
ssl_dh_parameters_length = 2048
ssl_key = </var/qmail/control/servercert.pem
userdb {
  args = cache_key=%u quota_template=quota_rule=*:backend=%q
  driver = vpopmail
}
protocol imap {
  imap_client_workarounds = delay-newmail
  mail_plugins = " quota imap_quota"
}
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_fast_size_lookups = yes
  pop3_lock_session = no
  pop3_no_flag_updates = yes
}

thank you for your time and patience.

rajesh


----- Original Message -----
From: Gedalya [mailto:gedalya at gedalya.net]
To: 24x7server at 24x7server.net,dovecot at dovecot.org
Sent: Tue, 25 Nov 2014 05:54:49 -0500
Subject: Re: failed login message

On 11/25/2014 04:49 AM, 24x7server at 24x7server.net wrote:
> thanks for your reply
>
> i intentionaly put the wrong password and checked the dovecot log and the message i got was
>
> # tail -f /var/log/dovecot.log | grep "xxx at yyy.com"
> Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=<xxx at yyy.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1,
> secured, session=<xObTWqYIwgB/AAAB>
>
> but in the squirrelmail login page instead of the message "unknown user or password incorrect" i get the message
>
> ERROR: Connection dropped by IMAP server.
> Query: LOGOUT
>
>
> in my old server where it is working correctly dovecot logs shows the error
>
> Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<"xxx at yyy.com">, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
>
> and squirrelmail gives the error : "unknown user or password incorrect" which is correct.
>
> is there any other place i need to check or some other config file (either squirrelmail or dovecot) that i need to modify
>
> could you kindly guide me
>

1. Please carefully read http://dovecot.org/mailinglists.html
2. Please carefully follow the instructions at 
http://dovecot.org/mailinglists.html. In your case, post full details 
for both servers.
3. Try to manually log in to both servers using e.g. telnet in order to 
see any differences in the way they respond.
Something like

$ telnet 192.168.9.11 143
Trying 192.168.9.11...
Connected to 192.168.9.11.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE STARTTLS LOGINDISABLED] Dovecot ready.
1 login gedalya 1234
* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but 
your client did it anyway. If anyone was listening, the password was 
exposed.
1 NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure 
(SSL/TLS) connections.
2 logout
* BYE Logging out
2 OK Logout completed.
Connection closed by foreign host.

(that's how it responds in my specific case as I disallow plaintext login)

Or if you need TLS (like me):

$ openssl s_client -starttls imap -quiet -connect 192.168.9.11:143
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate 
Signing, CN = StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
. OK Pre-login capabilities listed, post-login capabilities have more.
1 login gedalya 1234
1 NO [AUTHENTICATIONFAILED] Authentication failed.
2 logout
* BYE Logging out
2 OK Logout completed.

More information about the dovecot mailing list