Dovecot auth-worker error after cram-md5 auth
Poliman - Serwis
serwis at poliman.pl
Wed Feb 1 08:07:42 UTC 2017
Logs from syslog or mail.err? And with these not working settings with
auth_debug and auth_verbose?
2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> Can you check your logs?
>
> Aki
>
>
> On 01.02.2017 10:02, Poliman - Serwis wrote:
> > When I used backup copy of the dovecot.conf file I have this same error.
> So
> > I think that maybe something was written to database? I really would
> point
> > out that I only added
> > passdb {
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > and comment out from above block default lines
> > #args = /etc/dovecot/dovecot-sql.conf
> > #driver = sql
> >
> > And in auth_mechanisms add line cram-md5. Nothing more in any other file.
> >
> > I don't want to use cram-md5. I need move back to default settings.
> > Cram-md5 was only for testing purposes. :) But I supposed that I can move
> > back to default by commenting out added lines. But unfortunately it isn't
> > that simple.
> >
> > 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >> Are you still trying to authenticate using cram-md5?
> >>
> >> Aki
> >>
> >>
> >> On 01.02.2017 09:51, Poliman - Serwis wrote:
> >>> It still use:
> >>> passdb {
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> When I delete above and delete "cram-md5" in auth_mechanisms it still
> not
> >>> working.
> >>>
> >>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >>>
> >>>> You are probably wanting to do
> >>>> passdb {
> >>>> driver = passwd-file
> >>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>> }
> >>>>
> >>>> passdb {
> >>>> driver = sql
> >>>> args = /etc/dovecot/dovecot-sql.conf
> >>>> }
> >>>>
> >>>> Why you want to use cram-md5 is beyond me, because using SSL is much
> >>>> more safer.
> >>>>
> >>>> Aki
> >>>>
> >>>> On 01.02.2017 09:41, Poliman - Serwis wrote:
> >>>>> Default it was: "auth_mechanisms = plain login" and I added
> cram-md5.
> >>>>> After restart all work perfectly. But after I added:
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> I can't set default lines because I got error. Please tell me which
> >> lines
> >>>>> should be changed to resolve this issue. Should I remove "login" from
> >>>>> auth_mechanism ("login" was default setting and I would like to move
> >> back
> >>>>> to default settings)?
> >>>>>
> >>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >>>>>
> >>>>>> Because cram-md5 needs the user's password for calculating
> responses,
> >> it
> >>>>>> cannot work with hashed passwords (one-way encrypted). The only
> >>>>>> supported password schemes are PLAIN and CRAM-MD5.
> >>>>>>
> >>>>>> Aki
> >>>>>>
> >>>>>> On 01.02.2017 09:33, Poliman - Serwis wrote:
> >>>>>>> I always restart dovecot after change config. ;) Sure, I commented
> >> out
> >>>>>>> added two lines by me, restarted dovecot and here it is:
> >>>>>>>
> >>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf
> >>>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> >>>>>>> auth_mechanisms = plain login cram-md5
> >>>>>>> listen = *,[::]
> >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>>>> mail_max_userip_connections = 100
> >>>>>>> mail_plugins = " quota"
> >>>>>>> mail_privileged_group = vmail
> >>>>>>> passdb {
> >>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> driver = sql
> >>>>>>> }
> >>>>>>> plugin {
> >>>>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> >>>>>>> sieve = /var/vmail/%d/%n/.sieve
> >>>>>>> sieve_max_redirects = 25
> >>>>>>> }
> >>>>>>> postmaster_address = postmaster at example.com
> >>>>>>> protocols = imap pop3
> >>>>>>> service auth {
> >>>>>>> unix_listener /var/spool/postfix/private/auth {
> >>>>>>> group = postfix
> >>>>>>> mode = 0660
> >>>>>>> user = postfix
> >>>>>>> }
> >>>>>>> unix_listener auth-userdb {
> >>>>>>> group = vmail
> >>>>>>> mode = 0600
> >>>>>>> user = vmail
> >>>>>>> }
> >>>>>>> user = root
> >>>>>>> }
> >>>>>>> service imap-login {
> >>>>>>> client_limit = 1000
> >>>>>>> process_limit = 512
> >>>>>>> }
> >>>>>>> service lmtp {
> >>>>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> >>>>>>> group = postfix
> >>>>>>> mode = 0600
> >>>>>>> user = postfix
> >>>>>>> }
> >>>>>>> }
> >>>>>>> ssl = required
> >>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>> ssl_cipher_list =
> >>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> >>>>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> >>>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> >>>>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> >>>>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> >>>>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> >>>>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> >>>>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> >>>>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> >>>>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> >>>>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> >>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> >>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>>>> userdb {
> >>>>>>> driver = prefetch
> >>>>>>> }
> >>>>>>> userdb {
> >>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> driver = sql
> >>>>>>> }
> >>>>>>> protocol imap {
> >>>>>>> mail_plugins = quota imap_quota
> >>>>>>> }
> >>>>>>> protocol pop3 {
> >>>>>>> mail_plugins = quota
> >>>>>>> pop3_uidl_format = %08Xu%08Xv
> >>>>>>> }
> >>>>>>> protocol lda {
> >>>>>>> mail_plugins = sieve quota
> >>>>>>> postmaster_address = webmaster at localhost
> >>>>>>> }
> >>>>>>> protocol lmtp {
> >>>>>>> mail_plugins = quota sieve
> >>>>>>> postmaster_address = webmaster at localhost
> >>>>>>> }
> >>>>>>>
> >>>>>>>
> >>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >>>>>>>
> >>>>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote:
> >>>>>>>>> This is debug log files in syslog:
> >>>>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb
> out:
> >>>>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
> >>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >>>>>>>> m5ldD4=
> >>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in:
> >>>> CONT<hidden>
> >>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug:
> sql(
> >>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as
> >>>> user,
> >>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':',
> >>>> maildir,
> >>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>> userdb_mail,
> >>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota,
> >>>> 'B')
> >>>>>> AS
> >>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve
> FROM
> >>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
> >>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND
> server_id =
> >>>> '1'
> >>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
> >>>>>>>>> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5
> >> scheme,
> >>>>>>>> but we
> >>>>>>>>> have only CRYPT
> >>>>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb
> out:
> >>>>>>>>> FAIL#0112#011user=do_not_reply at example.com
> >>>>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> >>>>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
> >>>> authentication
> >>>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT
> >> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> >>>>>> dD4=
> >>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD
> >>>>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line;
> do
> >>>> echo
> >>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> >>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
> >>>>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do
> >> echo
> >>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> >>>>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >>>>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb
> out:
> >>>>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
> >>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >>>>>>>> m5ldD4=
> >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> >>>> CONT<hidden>
> >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug:
> sql(
> >>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as
> >>>> user,
> >>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':',
> >>>> maildir,
> >>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>> userdb_mail,
> >>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota,
> >>>> 'B')
> >>>>>> AS
> >>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve
> FROM
> >>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
> >>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND
> server_id =
> >>>> '1'
> >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
> >>>>>>>>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5
> >> scheme,
> >>>>>> but
> >>>>>>>> we
> >>>>>>>>> have only CRYPT
> >>>>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb
> out:
> >>>>>>>>> FAIL#0113#011user=do_not_reply at example.com
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> #####################
> >>>>>>>>> I added in dovecot.conf lines in passdb block:
> >>>>>>>>> driver = passwd-file
> >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>>>>>> and commented out default lines
> >>>>>>>>> #args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>> #driver = sql
> >>>>>>>>> When I try set again default lines I got above error
> >>>>>>>> Can you run doveconf -n with the configuration that causes the
> above
> >>>>>>>> error? Also it clearly does SQL lookup, so that error is happening
> >>>> with
> >>>>>>>> SQL passdb. You need to remember to restart dovecot between
> >>>>>>>> configuration changes.
> >>>>>>>>
> >>>>>>>> Aki
> >>>>>>>>
> >>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >>>>>>>>>
> >>>>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>>>>>>>>>> I set up cram-md5 using this tutorial
> >>>>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> >>>>>> /etc/dovecot/dovecot.conf
> >>>>>>>> in
> >>>>>>>>>>> passdb code block:
> >>>>>>>>>>> listen = *,[::]
> >>>>>>>>>>> protocols = imap pop3
> >>>>>>>>>>> #auth_mechanisms = plain login cram-md5
> >>>>>>>>>>> auth_mechanisms = cram-md5 plain login
> >>>>>>>>>>> #dodana nizej linia
> >>>>>>>>>>> ssl = required
> >>>>>>>>>>> disable_plaintext_auth = yes
> >>>>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>>>>>>>> mail_privileged_group = vmail
> >>>>>>>>>>> postmaster_address = postmaster at vps342401.ovh.net
> >>>>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>>>>>>>> ssl_cipher_list =
> >>>>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[
> image:
> >>>>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>>>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> mail_max_userip_connections = 100
> >>>>>>>>>>> passdb {
> >>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> # driver = sql
> >>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>>>>>>>> }
> >>>>>>>>>>> userdb {
> >>>>>>>>>>> driver = prefetch
> >>>>>>>>>>> }
> >>>>>>>>>>> userdb {
> >>>>>>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> driver = sql
> >>>>>>>>>>> }
> >>>>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and
> come
> >>>>>>>> nicely.
> >>>>>>>>>>> But after I want to do default settings by commented out these
> >> two
> >>>>>>>> lines:
> >>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>>>>>>>> and uncomment
> >>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> # driver = sql
> >>>>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on
> >>>>>> server
> >>>>>>>>>>> mail.example.com not work out". Error in logs:
> >>>>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different
> >>>>>>>>>>> passdbs/userdbs than auth server.
> >>>>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> >>>>>>>>>>>
> >>>>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was
> >>>>>> written
> >>>>>>>> to
> >>>>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't
> change
> >>>> any
> >>>>>>>>>> userdb
> >>>>>>>>>>> {} block and this second userdb block has this same lines like
> >>>>>> default
> >>>>>>>>>>> settings in passdb block.
> >>>>>>>>>>>
> >>>>>>>>>> Try
> >>>>>>>>>>
> >>>>>>>>>> auth_debug=yes
> >>>>>>>>>> auth_verbose=yes
> >>>>>>>>>>
> >>>>>>>>>> and see if it gives any more reasonable messages.
> >>>>>>>>>>
> >>>>>>>>>> Aki
> >>>>>>>>>>
> >>>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*
More information about the dovecot
mailing list