Dovecot auth-worker error after cram-md5 auth

Poliman - Serwis serwis at poliman.pl
Wed Feb 1 07:51:05 UTC 2017 

It still use:
passdb {
  driver = passwd-file
  args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

When I delete above and delete "cram-md5" in auth_mechanisms it still not
working.

2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:

> You are probably wanting to do
> passdb {
>   driver = passwd-file
>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> passdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-sql.conf
> }
>
> Why you want to use cram-md5 is beyond me, because using SSL is much
> more safer.
>
> Aki
>
> On 01.02.2017 09:41, Poliman - Serwis wrote:
> > Default it was: "auth_mechanisms = plain login"  and I added cram-md5.
> > After restart all work perfectly. But after I added:
> >    driver = passwd-file
> >    args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > I can't set default lines because I got error. Please tell me which lines
> > should be changed to resolve this issue. Should I remove "login" from
> > auth_mechanism ("login" was default setting and I would like to move back
> > to default settings)?
> >
> > 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >> Because cram-md5 needs the user's password for calculating responses, it
> >> cannot work with hashed passwords (one-way encrypted). The only
> >> supported password schemes are PLAIN and CRAM-MD5.
> >>
> >> Aki
> >>
> >> On 01.02.2017 09:33, Poliman - Serwis wrote:
> >>> I always restart dovecot after change config. ;) Sure, I commented out
> >>> added two lines by me, restarted dovecot and here it is:
> >>>
> >>> # 2.2.9: /etc/dovecot/dovecot.conf
> >>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> >>> auth_mechanisms = plain login cram-md5
> >>> listen = *,[::]
> >>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>> mail_max_userip_connections = 100
> >>> mail_plugins = " quota"
> >>> mail_privileged_group = vmail
> >>> passdb {
> >>>   args = /etc/dovecot/dovecot-sql.conf
> >>>   driver = sql
> >>> }
> >>> plugin {
> >>>   quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> >>>   sieve = /var/vmail/%d/%n/.sieve
> >>>   sieve_max_redirects = 25
> >>> }
> >>> postmaster_address = postmaster at example.com
> >>> protocols = imap pop3
> >>> service auth {
> >>>   unix_listener /var/spool/postfix/private/auth {
> >>>     group = postfix
> >>>     mode = 0660
> >>>     user = postfix
> >>>   }
> >>>   unix_listener auth-userdb {
> >>>     group = vmail
> >>>     mode = 0600
> >>>     user = vmail
> >>>   }
> >>>   user = root
> >>> }
> >>> service imap-login {
> >>>   client_limit = 1000
> >>>   process_limit = 512
> >>> }
> >>> service lmtp {
> >>>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> >>>     group = postfix
> >>>     mode = 0600
> >>>     user = postfix
> >>>   }
> >>> }
> >>> ssl = required
> >>> ssl_cert = </etc/postfix/smtpd.cert
> >>> ssl_cipher_list =
> >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> >> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> >> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> >> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> >> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> >> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> >> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> >> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> >> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> >> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> >> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> >> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> >>> ssl_dh_parameters_length = 2048
> >>> ssl_key = </etc/postfix/smtpd.key
> >>> ssl_prefer_server_ciphers = yes
> >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>> userdb {
> >>>   driver = prefetch
> >>> }
> >>> userdb {
> >>>   args = /etc/dovecot/dovecot-sql.conf
> >>>   driver = sql
> >>> }
> >>> protocol imap {
> >>>   mail_plugins = quota imap_quota
> >>> }
> >>> protocol pop3 {
> >>>   mail_plugins = quota
> >>>   pop3_uidl_format = %08Xu%08Xv
> >>> }
> >>> protocol lda {
> >>>   mail_plugins = sieve quota
> >>>   postmaster_address = webmaster at localhost
> >>> }
> >>> protocol lmtp {
> >>>   mail_plugins = quota sieve
> >>>   postmaster_address = webmaster at localhost
> >>> }
> >>>
> >>>
> >>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >>>
> >>>> On 01.02.2017 08:18, Poliman - Serwis wrote:
> >>>>> This is debug log files in syslog:
> >>>>> Feb  1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out:
> >>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >>>> m5ldD4=
> >>>>> Feb  1 07:10:26 vps342401 dovecot: auth: Debug: client in:
> CONT<hidden>
> >>>>> Feb  1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql(
> >>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as
> user,
> >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':',
> maildir,
> >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>> userdb_mail,
> >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota,
> 'B')
> >> AS
> >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> >>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
> >>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id =
> '1'
> >>>>> Feb  1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
> >>>>> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 scheme,
> >>>> but we
> >>>>> have only CRYPT
> >>>>> Feb  1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out:
> >>>>> FAIL#0112#011user=do_not_reply at example.com
> >>>>> Feb  1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> >>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
> authentication
> >>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> >> dD4=
> >>>>> Feb  1 07:11:02 vps342401 CRON[27074]: (root) CMD
> >>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do
> echo
> >>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> >>>>> Feb  1 07:11:02 vps342401 CRON[27075]: (root) CMD
> >>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
> >>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> >>>>> Feb  1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> >>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>>>> Feb  1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out:
> >>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >>>> m5ldD4=
> >>>>> Feb  1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> CONT<hidden>
> >>>>> Feb  1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql(
> >>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as
> user,
> >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':',
> maildir,
> >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>> userdb_mail,
> >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota,
> 'B')
> >> AS
> >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> >>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
> >>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id =
> '1'
> >>>>> Feb  1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
> >>>>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 scheme,
> >> but
> >>>> we
> >>>>> have only CRYPT
> >>>>> Feb  1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out:
> >>>>> FAIL#0113#011user=do_not_reply at example.com
> >>>>>
> >>>>>
> >>>>>
> >>>>> #####################
> >>>>> I added in dovecot.conf lines in passdb block:
> >>>>>    driver = passwd-file
> >>>>>    args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> and commented out default lines
> >>>>>   #args = /etc/dovecot/dovecot-sql.conf
> >>>>>   #driver = sql
> >>>>> When I try set again default lines I got above error
> >>>> Can you run doveconf -n with the configuration that causes the above
> >>>> error? Also it clearly does SQL lookup, so that error is happening
> with
> >>>> SQL passdb. You need to remember to restart dovecot between
> >>>> configuration changes.
> >>>>
> >>>> Aki
> >>>>
> >>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >>>>>
> >>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>>>>>> I set up cram-md5 using this tutorial
> >>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> >> /etc/dovecot/dovecot.conf
> >>>> in
> >>>>>>> passdb code block:
> >>>>>>> listen = *,[::]
> >>>>>>> protocols = imap pop3
> >>>>>>> #auth_mechanisms = plain login cram-md5
> >>>>>>> auth_mechanisms = cram-md5 plain login
> >>>>>>> #dodana nizej linia
> >>>>>>> ssl = required
> >>>>>>> disable_plaintext_auth = yes
> >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>>>> mail_privileged_group = vmail
> >>>>>>> postmaster_address = postmaster at vps342401.ovh.net
> >>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>>>> ssl_cipher_list =
> >>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>>
> >>>>>>>
> >>>>>>> mail_max_userip_connections = 100
> >>>>>>> passdb {
> >>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> # driver = sql
> >>>>>>> driver = passwd-file
> >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>>>> }
> >>>>>>> userdb {
> >>>>>>> driver = prefetch
> >>>>>>> }
> >>>>>>> userdb {
> >>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> driver = sql
> >>>>>>> }
> >>>>>>> Of course I created cram-md5.pwd file. All mails go out and come
> >>>> nicely.
> >>>>>>> But after I want to do default settings by commented out these two
> >>>> lines:
> >>>>>>> driver = passwd-file
> >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>>>> and uncomment
> >>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> # driver = sql
> >>>>>>> I can't send emails - I use Thunderbird - get error "logging on
> >> server
> >>>>>>> mail.example.com not work out". Error in logs:
> >>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different
> >>>>>>> passdbs/userdbs than auth server.
> >>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> >>>>>>>
> >>>>>>> Is it possible that hashed password from cram-md5.pwd file was
> >> written
> >>>> to
> >>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change
> any
> >>>>>> userdb
> >>>>>>> {} block and this second userdb block has this same lines like
> >> default
> >>>>>>> settings in passdb block.
> >>>>>>>
> >>>>>> Try
> >>>>>>
> >>>>>> auth_debug=yes
> >>>>>> auth_verbose=yes
> >>>>>>
> >>>>>> and see if it gives any more reasonable messages.
> >>>>>>
> >>>>>> Aki
> >>>>>>
> >>>
> >
> >
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*serwis at poliman.pl <serwis at poliman.pl>*

More information about the dovecot mailing list