why is dovecot "Allowing any password"

mj lists at merit.unu.edu
Wed Mar 21 18:12:02 EET 2018


Hi,

I noticed the following in the logs of our debian wheezy server:

> Mar 21 07:13:47 mail dovecot: auth: Debug: ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): bind search: base=CN=Users, DC=samba, DC=company, DC=com filter=(&(objectclass=person)(sAMA
> ccountName=username)(!(userAccountControl=514)))
> Mar 21 07:13:47 mail dovecot: auth: Debug: ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): result: uid=username; uid unused
> Mar 21 07:13:47 mail dovecot: auth: Debug: ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): result: uid=username
> Mar 21 07:13:48 mail dovecot: auth: ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): invalid credentials (given password: invalid_password)
> Mar 21 07:13:48 mail dovecot: auth: Debug: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): lookup
> Mar 21 07:13:48 mail dovecot: auth: Debug: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets: Matching for network 127.0.0.1/32
> Mar 21 07:13:48 mail dovecot: auth: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets check failed: IP not in allowed networks
> Mar 21 07:13:48 mail dovecot: auth: Debug: static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): Allowing any password
> Mar 21 07:13:54 mail dovecot: auth: Debug: auth client connected (pid=6174)

The line second last line "Allowing any password" comes as a surprise..? 
Why would dovecot Allow any password..?

We had the following bit in our config, but I removed it now:

> #passdb {
> #  driver = static
> #  args = nopassword=y allow_nets=127.0.0.1/32
> #}

Could anyone expain the "Allowing any password"?

And lastly our current doveconf -n:

> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.2.0-5-amd64 x86_64 Debian 7.11 xfs
> auth_debug = yes
> auth_debug_passwords = yes
> auth_failure_delay = 10 secs
> auth_master_user_separator = *
> auth_mechanisms = plain login
> auth_username_format = %Ln
> auth_verbose = yes
> auth_verbose_passwords = plain
> deliver_log_format = %f | %s | msgid=%m: %$
> disable_plaintext_auth = no
> lda_mailbox_autocreate = yes
> lda_mailbox_autosubscribe = yes
> login_greeting = Dovecot ready.
> mail_gid = vmail
> mail_location = maildir:/var/vmail/%Ln/Maildir:LAYOUT=fs:DIRNAME=mAildir
> mail_plugins = acl lazy_expunge zlib quota mail_log notify
> mail_uid = vmail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
> namespace {
>   list = children
>   location = maildir:/var/vmail/%%u/Maildir:LAYOUT=fs:DIRNAME=mAildir:INDEX=/var/vmail/%u/shared/%%u
>   prefix = shared/%%n/
>   separator = /
>   subscriptions = no
>   type = shared
> }
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox "Deleted items" {
>     special_use = \Trash
>   }
>   mailbox Drafts {
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     special_use = \Junk
>   }
>   mailbox Sent {
>     special_use = \Sent
>   }
>   mailbox "Sent items" {
>     special_use = \Sent
>   }
>   mailbox Trash {
>     special_use = \Trash
>   }
>   mailbox inbox {
>     auto = subscribe
>   }
>   prefix = 
>   separator = /
>   type = private
> }
> passdb {
>   args = /etc/dovecot/master-users
>   driver = passwd-file
>   master = yes
> }
> passdb {
>   args = /etc/dovecot/dovecot-ldap.conf.ext
>   driver = ldap
> }
> plugin {
>   acl = vfile
>   acl_shared_dict = file:/var/lib/dovecot/db/shared-mailboxes.db
>   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename append
>   mail_log_fields = uid box msgid from subject
>   quota = maildir
>   quota_rule = ?:storage=5G
>   quota_rule2 = Trash:storage=+100M
>   quota_warning = storage=97%% quota-warning 97 %u
>   quota_warning2 = storage=95%% quota-warning 95 %u
>   quota_warning3 = storage=90%% quota-warning 90 %u
>   quota_warning4 = storage=85%% quota-warning 85 %u
>   quota_warning5 = storage=80%% quota-warning 80 %u
>   quota_warning6 = -storage=100%% quota-warning below %u
>   sieve = ~/.dovecot.sieve
>   sieve_default = /var/lib/dovecot/default.sieve
>   sieve_dir = ~/sieve
> }
> protocols = imap lmtp sieve
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
>     mode = 0666
>   }
>   unix_listener auth-userdb {
>     group = vmail
>     mode = 0666
>     user = vmail
>   }
> }
> service imap-login {
>   process_limit = 500
>   process_min_avail = 2
> }
> service quota-warning {
>   executable = script /usr/local/bin/quota-warning.sh
>   unix_listener quota-warning {
>     user = vmail
>   }
>   user = dovecot
> }
> shutdown_clients = no
> ssl_ca = </etc/ssl/letsencrypt/fullchain.pem
> ssl_cert = </etc/ssl/letsencrypt/cert.pem
> ssl_key = </etc/ssl/letsencrypt/key.pem
> ssl_protocols = !SSLv2 !SSLv3
> userdb {
>   args = uid=vmail gid=vmail home=/var/vmail/%n allow_all_users=yes
>   driver = static
> }
> verbose_proctitle = yes
> protocol lda {
>   mail_plugins = acl lazy_expunge zlib quota mail_log notify sieve quota
> }
> protocol imap {
>   imap_max_line_length = 2 M
>   mail_max_userip_connections = 30
>   mail_plugins = acl lazy_expunge zlib quota mail_log notify imap_quota imap_acl
> }

MJ


More information about the dovecot mailing list