Re: NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
On 23 January 2022 1.29.43 UTC, David Koski wrote: >Is NTLM now dead? The Readme says: > >2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek > (48d6f7282) > > auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes > >> >> Regards, >> David Koski >> > You should use GSSAPI instead. Aki
Re: Why would dovecot not be answering
Good question. This looks like a unix socket set up for dovecot to provide authentication services to postfix and anyways postfix would be listening on TCP port 587 for authenticated mail submission. Normally you do not want to offer any user authentication or login on port 25, but that is all set up and specified explicitly in /etc/postfix/main.cf and /etc/postfix/master.cf. Of course you do need user authentication for dovecot itself to offer IMAP and/or POP services for users to fetch or read their email. I can't get really get on the postfix mailing list myself, or sort through all that volume. There's an unsolicited bulk email industry in control of everything. On January 22, 2022 7:05:04 PM AKST, Ruben Safir wrote: >I am really lost as to why dovecot is not authenticating > >I have > >smtpd_sasl_type = dovecot > >in main.cf > >and > ># Postfix smtp-auth >unix_listener /var/spool/postfix/private/auth { > mode = 0666 > user = postfix > group = postfix >} >in /etc/dovecot/conf.d/10-master.conf > > >I want it to authenticate on submition only > >Everything I read says this should do it, but I am up against a wall. I >have no debugging information or log at all to confirm what postfix is >doing. > > >-- >So many immigrant groups have swept through our town >that Brooklyn, like Atlantis, reaches mythological >proportions in the mind of the world - RI Safir 1998 >http://www.mrbrklyn.com > >DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 >http://www.nylxs.com - Leadership Development in Free Software >http://www2.mrbrklyn.com/resources - Unpublished Archive >http://www.coinhangout.com - coins! >http://www.brooklyn-living.com > >Being so tracked is for FARM ANIMALS and extermination camps, >but incompatible with living as a free human being. -RI Safir 2013 > -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Why would dovecot not be answering
I am really lost as to why dovecot is not authenticating I have smtpd_sasl_type = dovecot in main.cf and # Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } in /etc/dovecot/conf.d/10-master.conf I want it to authenticate on submition only Everything I read says this should do it, but I am up against a wall. I have no debugging information or log at all to confirm what postfix is doing. -- So many immigrant groups have swept through our town that Brooklyn, like Atlantis, reaches mythological proportions in the mind of the world - RI Safir 1998 http://www.mrbrklyn.com DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002 http://www.nylxs.com - Leadership Development in Free Software http://www2.mrbrklyn.com/resources - Unpublished Archive http://www.coinhangout.com - coins! http://www.brooklyn-living.com Being so tracked is for FARM ANIMALS and extermination camps, but incompatible with living as a free human being. -RI Safir 2013
Re: NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
Is NTLM now dead? The Readme says: 2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek (48d6f7282) auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes M COPYING M configure.ac M src/Makefile.am M src/auth/Makefile.am D src/auth/mech-ntlm.c M src/auth/mech.c M src/auth/password-scheme.c M src/auth/test-libpassword.c M src/auth/test-mech.c M src/doveadm/Makefile.am D src/lib-ntlm/Makefile.am D src/lib-ntlm/ntlm-des.c D src/lib-ntlm/ntlm-des.h D src/lib-ntlm/ntlm-encrypt.c D src/lib-ntlm/ntlm-encrypt.h D src/lib-ntlm/ntlm-flags.h D src/lib-ntlm/ntlm-message.c D src/lib-ntlm/ntlm-message.h D src/lib-ntlm/ntlm-types.h D src/lib-ntlm/ntlm.h David On 1/22/22 4:22 PM, David Koski wrote: After upgrading Debian to 11 I found Dovecot at version 2.3.13 (89f716dc2). Now auth method NTLM fails and is not even listed: # doveadm pw -l SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 /var/log/dovecot.log Jan 22 16:20:32 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:32 master: Error: service(auth): command startup failed, throttling for 2.000 secs Jan 22 16:20:34 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:34 master: Error: service(auth): command startup failed, throttling for 4.000 secs Jan 22 16:20:38 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:38 master: Error: service(auth): command startup failed, throttling for 8.000 secs Jan 22 16:20:46 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:46 master: Error: service(auth): command startup failed, throttling for 16.000 secs # doveconf -n # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2 # Hostname: imail.khmfdbyekekelj1rmytwnfh1bc.dx.internal.cloudapp.net auth_mechanisms = plain login ntlm debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace compat { alias_for = hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_plugins = " quota trash sieve" sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-client { mode = 0660 } } service stats { unix_listener stats-reader { group = vmail mode = 0660 user = vmail } unix_listener stats-writer { group = vmail mode = 0660 user = vmail } } ssl_cert =
NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
After upgrading Debian to 11 I found Dovecot at version 2.3.13 (89f716dc2). Now auth method NTLM fails and is not even listed: # doveadm pw -l SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2 SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 /var/log/dovecot.log Jan 22 16:20:32 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:32 master: Error: service(auth): command startup failed, throttling for 2.000 secs Jan 22 16:20:34 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:34 master: Error: service(auth): command startup failed, throttling for 4.000 secs Jan 22 16:20:38 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:38 master: Error: service(auth): command startup failed, throttling for 8.000 secs Jan 22 16:20:46 auth: Fatal: Unknown authentication mechanism 'NTLM' Jan 22 16:20:46 master: Error: service(auth): command startup failed, throttling for 16.000 secs # doveconf -n # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.13 (cdd19fe3) # OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2 # Hostname: imail.khmfdbyekekelj1rmytwnfh1bc.dx.internal.cloudapp.net auth_mechanisms = plain login ntlm debug_log_path = /var/log/dovecot-debug.log info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log maildir_stat_dirs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace compat { alias_for = hidden = yes inbox = no list = no location = prefix = INBOX. separator = . } namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = separator = . } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { mail_plugins = " quota trash sieve" sieve = file:~/sieve;active=~/.dovecot.sieve } protocols = " imap sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-client { mode = 0660 } } service stats { unix_listener stats-reader { group = vmail mode = 0660 user = vmail } unix_listener stats-writer { group = vmail mode = 0660 user = vmail } } ssl_cert =