Cannot connect to Dovecot IMAP or POP
Edgar Pettijohn
edgar at pettijohn-web.com
Thu May 5 01:01:42 UTC 2016
Re-read the following:
1st
http://wiki2.dovecot.org/PasswordDatabase
2nd
http://wiki2.dovecot.org/Authentication/Mechanisms
then edit /etc/dovecot/conf.d/10-auth.conf
auth_mechanisms = plain login
On 05/04/16 19:00, C. Andrews Lavarre wrote:
> Hello all. Thank you for your service.
>
> Easy when you know how, but presently I do not. After literally months of research and experimentation we simply cannot log into our PAM / apache2 / postfix / dovecot pop3/imap STARTTLS email server with an ordinary email client, e.g., Evolution or Thunderbird.
>
> We can connect to the host server in a host of different ways (no pun intended)—http, https, ssh, vnc, telnet, openssl -sclient
>
> Similarly we can connect to postfix and dovecot in yet another number of ways—telnet, openssl -sclient—but cannot log in to the email server with a normal email client (either Evolution or Thunderbird) by either pop3 or imap.
>
> SSL certificates are in place, verified, and tested.
>
> Part of the problem is the many changes in all the involved operating systems and protocols (e.g., imaps and pop3s are deprecated, openSUSE has migrated to LEAP, etc.) so many of the docs from Google are no longer valid. Additionally, there simply are bugs: Leap 42.1 YAST does not work when it comes to setting up websites. Documented. But I digress.
>
> I'm sure it's something really simple, but it evades me. Research details below. Any help would be more than appreciated.
>
> Thanks in advance, Andy
>
> ======================= Configuration testing details =======================
>
> System is:
> Linux openSUSE Leap 42.1
> Dovecot --version 2.2.18,
> Postfix Version: 2.11.6-3.1
> Apache2 Version: 2.4.16-9.1
>
> Connections
> 1. Evolution or Thunderbird to pop3 or imap reports:
> The reported error was "Could not connect to mail.privustech.com: Connection refused".
>
> Both connect successfully to googlemail.com with the same protocol:
> Port 993 SSL on a dedicated port
>
> I have also tried
> Port 143 STARTTLS after connecting
> without success
>
> 2. openssl s_client -connect mail.privustech.com:xxx
> a. xxx=25, 110, 143 all return
> error:140770FC
>
> b. xxx=993, 995 return
> socket: Connection refused
> connect:errno=111
>
> 3.telnet to
> a. smtp works.
>
> b. pop3
> andy at tm2t:~> telnet 70.186.159.22 110
> ...
> +OK POP3 2007e.104 server ready <48fa.572a0769 at privustech.com>
> ...
> user andy
> -ERR Unknown AUTHORIZATION state command
>
> c. imap connects but does not allow login, and should not.
> http://marc.info/?l=imap&m=118775891829506&w=2
> The most simple answer is "you cannot TELNET to a modern, correctly-configured,
> IMAP server and log in to it."
> andy at tm2t:~> telnet 70.186.159.22 143
> ...
> * OK [...] privustech.com IMAP4rev1 2007e.404 at Wed, 4 May 2016 10:26:28
> -0400 (EDT)
> ... A NO Invalid login credentials
>
> Modules
>
> • Apache2 works just fine. The server is up and answering. ping works just fine. We have http and https to all vhost sites (privustech, mailprivustech, nptbeyond, gvhl, truthcourage, and their www. subsites).
>
> • Postfix reports no errors. We can log in on localhost, send a message to ourselves and see the message.
>
> • Dovecot:
> a. Logging is enabled in 10-logging.conf to /var/log/dovecot.conf but no logging has occurred there.
>
> b. doveconf -n throws no errors.
>
>
> Checks and tests completed
>
> 1. /etc/hosts is just fine.
>
> 2. Firewall is open for telnet, postfix, dovecot.
>
> 3. Added andy to dovecot, postfix groups, in addition to mail, reset password to ANDYbbs14 at .
>
> 4. We tried enabling imaps, pop3s, but this command returns errors about these protocols being obsolete.
> https://tools.ietf.org/html/rfc2595
> Use of these ports is discouraged in favor of the STARTTLS or STLS
> commands.
>
> 5. Reviewed doveconf -n:
> a. Note, there are no Dovecot users established other than
> user postfix
> group postfix
> service auth {
> unix_listener auth-userdb {
> group = postfix
> user = postfix
> }
> }
>
> i. postfix has its own set of users, including andy, which works just fine within postfix.
> We can send mail and read mail in the mailbox.
>
> b. Authentication is performed by PAM:
> passdb {
> driver = pam
> }
>
> i. Examined PAM:
> A. The files /etc/pam.d/xxx, where xxx = dovecot, pop, imap, are all the same
> lavarre:~ # cat /etc/pam.d/xxx
> #%PAM-1.0
> auth include common-auth
> account include common-account
> password include common-password
> session include common-session
> B. They do not resemble at all the form presented in
> http://wiki2.dovecot.org/PasswordDatabase/PAM
> passdb {
> driver = pam
> args = %s
> }
> C. Add (B.) to see if that works: No change.
> Comment out the original (A.): No change.
> Restore it.
>
> c. SSL is required and apparently configured correctly
> (the less-than symbol '<'causes the succeeding file to be read into the variable):
> ssl = required
> ssl_cert = </etc/ssl/certs/dovecot.pem
> ssl_dh_parameters_length = 2048
> ssl_key = </etc/ssl/private/dovecot.pem
> ssl_options = no_compression
> ssl_prefer_server_ciphers = yes
> userdb {
> driver = passwd
> }
>
> i. dovecot.pem, both cert and key, are installed in /etc/ssl as above and verified as a pair with
> openssl x509.
> And we point to them in /etc/dovecot/conf.d/10-ssl.conf as seen in the above.
>
> 6. Checked listening as it does not appear in doveconf -n:
> lavarre:~ # doveconf protocols listen
> protocols = imap pop3 lmtp
> listen = *, ::
>
> a. conf.d/10-master.conf
> ports for service xxx-login {inet_listener} are commented out.
> In fact, the entire file is commented out.
>
> Uncomment the listeners, restart. But no change. So undo.
More information about the dovecot
mailing list