Dovecot auth-worker error after cram-md5 auth

Aki Tuomi aki.tuomi at dovecot.fi
Wed Feb 1 07:27:51 UTC 2017 


On 01.02.2017 08:18, Poliman - Serwis wrote:
> This is debug log files in syslog:
> Feb  1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out:
> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4=
> Feb  1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
> Feb  1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql(
> do_not_reply at example.com,12.173.211.32): query: SELECT email as user,
> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail,
> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS
> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id = '1'
> Feb  1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we
> have only CRYPT
> Feb  1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out:
> FAIL#0112#011user=do_not_reply at example.com
> Feb  1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication
> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4=
> Feb  1 07:11:02 vps342401 CRON[27074]: (root) CMD
> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> Feb  1 07:11:02 vps342401 CRON[27075]: (root) CMD
> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> Feb  1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#011lip=173.72.31.7#011rip=12.173.211.32#011secured
> Feb  1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out:
> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoLm5ldD4=
> Feb  1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
> Feb  1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql(
> do_not_reply at example.com,12.173.211.32): query: SELECT email as user,
> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail,
> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS
> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id = '1'
> Feb  1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we
> have only CRYPT
> Feb  1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out:
> FAIL#0113#011user=do_not_reply at example.com
>
>
>
> #####################
> I added in dovecot.conf lines in passdb block:
>    driver = passwd-file
>    args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> and commented out default lines
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
> When I try set again default lines I got above error

Can you run doveconf -n with the configuration that causes the above
error? Also it clearly does SQL lookup, so that error is happening with
SQL passdb. You need to remember to restart dovecot between
configuration changes.

Aki

>
> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>>
>> On 31.01.2017 09:06, Poliman - Serwis wrote:
>>> I set up cram-md5 using this tutorial
>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in
>>> passdb code block:
>>> listen = *,[::]
>>> protocols = imap pop3
>>> #auth_mechanisms = plain login cram-md5
>>> auth_mechanisms = cram-md5 plain login
>>> #dodana nizej linia
>>> ssl = required
>>> disable_plaintext_auth = yes
>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>>> mail_privileged_group = vmail
>>> postmaster_address = postmaster at vps342401.ovh.net
>>> ssl_cert = </etc/postfix/smtpd.cert
>>> ssl_key = </etc/postfix/smtpd.key
>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
>>> ssl_cipher_list =
>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
>>> ssl_prefer_server_ciphers = yes
>>> ssl_dh_parameters_length = 2048
>>>
>>>
>>> mail_max_userip_connections = 100
>>> passdb {
>>> # args = /etc/dovecot/dovecot-sql.conf
>>> # driver = sql
>>> driver = passwd-file
>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>> userdb {
>>> driver = prefetch
>>> }
>>> userdb {
>>> args = /etc/dovecot/dovecot-sql.conf
>>> driver = sql
>>> }
>>> Of course I created cram-md5.pwd file. All mails go out and come nicely.
>>> But after I want to do default settings by commented out these two lines:
>>> driver = passwd-file
>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> and uncomment
>>> # args = /etc/dovecot/dovecot-sql.conf
>>> # driver = sql
>>> I can't send emails - I use Thunderbird - get error "logging on server
>>> mail.example.com not work out". Error in logs:
>>> dovecot: auth-worker(22698): Error: Auth worker sees different
>>> passdbs/userdbs than auth server.
>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
>>>
>>> Is it possible that hashed password from cram-md5.pwd file was written to
>>> database (if yes then where - I have ISPconfig)? I wasn't change any
>> userdb
>>> {} block and this second userdb block has this same lines like default
>>> settings in passdb block.
>>>
>> Try
>>
>> auth_debug=yes
>> auth_verbose=yes
>>
>> and see if it gives any more reasonable messages.
>>
>> Aki
>>
>
>

More information about the dovecot mailing list