Re: NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
On 23 January 2022 1.29.43 UTC, David Koski wrote: >Is NTLM now dead? The Readme says: > >2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek > (48d6f7282) > > auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes > >> >> Regards, >> David Koski >> > You should use GSSAPI instead. Aki
Re: Why would dovecot not be answering
Good question. This looks like a unix socket set up for dovecot to provide
authentication services to postfix and anyways postfix would be listening on
TCP port 587 for authenticated mail submission. Normally you do not want to
offer any user authentication or login on port 25, but that is all set up and
specified explicitly in /etc/postfix/main.cf and /etc/postfix/master.cf.
Of course you do need user authentication for dovecot itself to offer IMAP
and/or POP services for users to fetch or read their email.
I can't get really get on the postfix mailing list myself, or sort through all
that volume. There's an unsolicited bulk email industry in control of
everything.
On January 22, 2022 7:05:04 PM AKST, Ruben Safir wrote:
>I am really lost as to why dovecot is not authenticating
>
>I have
>
>smtpd_sasl_type = dovecot
>
>in main.cf
>
>and
>
># Postfix smtp-auth
>unix_listener /var/spool/postfix/private/auth {
> mode = 0666
> user = postfix
> group = postfix
>}
>in /etc/dovecot/conf.d/10-master.conf
>
>
>I want it to authenticate on submition only
>
>Everything I read says this should do it, but I am up against a wall. I
>have no debugging information or log at all to confirm what postfix is
>doing.
>
>
>--
>So many immigrant groups have swept through our town
>that Brooklyn, like Atlantis, reaches mythological
>proportions in the mind of the world - RI Safir 1998
>http://www.mrbrklyn.com
>
>DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
>http://www.nylxs.com - Leadership Development in Free Software
>http://www2.mrbrklyn.com/resources - Unpublished Archive
>http://www.coinhangout.com - coins!
>http://www.brooklyn-living.com
>
>Being so tracked is for FARM ANIMALS and extermination camps,
>but incompatible with living as a free human being. -RI Safir 2013
>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Why would dovecot not be answering
I am really lost as to why dovecot is not authenticating
I have
smtpd_sasl_type = dovecot
in main.cf
and
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
in /etc/dovecot/conf.d/10-master.conf
I want it to authenticate on submition only
Everything I read says this should do it, but I am up against a wall. I
have no debugging information or log at all to confirm what postfix is
doing.
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
Re: NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
Is NTLM now dead? The Readme says:
2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek
(48d6f7282)
auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes
M COPYING
M configure.ac
M src/Makefile.am
M src/auth/Makefile.am
D src/auth/mech-ntlm.c
M src/auth/mech.c
M src/auth/password-scheme.c
M src/auth/test-libpassword.c
M src/auth/test-mech.c
M src/doveadm/Makefile.am
D src/lib-ntlm/Makefile.am
D src/lib-ntlm/ntlm-des.c
D src/lib-ntlm/ntlm-des.h
D src/lib-ntlm/ntlm-encrypt.c
D src/lib-ntlm/ntlm-encrypt.h
D src/lib-ntlm/ntlm-flags.h
D src/lib-ntlm/ntlm-message.c
D src/lib-ntlm/ntlm-message.h
D src/lib-ntlm/ntlm-types.h
D src/lib-ntlm/ntlm.h
David
On 1/22/22 4:22 PM, David Koski wrote:
After upgrading Debian to 11 I found Dovecot at version 2.3.13
(89f716dc2). Now auth method NTLM fails and is not even listed:
# doveadm pw -l
SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA
DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1
SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2
SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5
/var/log/dovecot.log
Jan 22 16:20:32 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:32 master: Error: service(auth): command startup failed,
throttling for 2.000 secs
Jan 22 16:20:34 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:34 master: Error: service(auth): command startup failed,
throttling for 4.000 secs
Jan 22 16:20:38 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:38 master: Error: service(auth): command startup failed,
throttling for 8.000 secs
Jan 22 16:20:46 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:46 master: Error: service(auth): command startup failed,
throttling for 16.000 secs
# doveconf -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2
# Hostname: imail.khmfdbyekekelj1rmytwnfh1bc.dx.internal.cloudapp.net
auth_mechanisms = plain login ntlm
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
maildir_stat_dirs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace compat {
alias_for =
hidden = yes
inbox = no
list = no
location =
prefix = INBOX.
separator = .
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = .
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_plugins = " quota trash sieve"
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap sieve"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-client {
mode = 0660
}
}
service stats {
unix_listener stats-reader {
group = vmail
mode = 0660
user = vmail
}
unix_listener stats-writer {
group = vmail
mode = 0660
user = vmail
}
}
ssl_cert =
NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
After upgrading Debian to 11 I found Dovecot at version 2.3.13
(89f716dc2). Now auth method NTLM fails and is not even listed:
# doveadm pw -l
SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA
DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1
SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2 SHA256
CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5
/var/log/dovecot.log
Jan 22 16:20:32 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:32 master: Error: service(auth): command startup failed,
throttling for 2.000 secs
Jan 22 16:20:34 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:34 master: Error: service(auth): command startup failed,
throttling for 4.000 secs
Jan 22 16:20:38 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:38 master: Error: service(auth): command startup failed,
throttling for 8.000 secs
Jan 22 16:20:46 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:46 master: Error: service(auth): command startup failed,
throttling for 16.000 secs
# doveconf -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2
# Hostname: imail.khmfdbyekekelj1rmytwnfh1bc.dx.internal.cloudapp.net
auth_mechanisms = plain login ntlm
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
maildir_stat_dirs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace compat {
alias_for =
hidden = yes
inbox = no
list = no
location =
prefix = INBOX.
separator = .
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = .
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
mail_plugins = " quota trash sieve"
sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap sieve"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-client {
mode = 0660
}
}
service stats {
unix_listener stats-reader {
group = vmail
mode = 0660
user = vmail
}
unix_listener stats-writer {
group = vmail
mode = 0660
user = vmail
}
}
ssl_cert =
