> On 08 March 2018 at 10:00 Odhiambo Washington <odhia...@gmail.com> wrote: > > > On 8 March 2018 at 10:09, Aki Tuomi <aki.tu...@dovecot.fi> wrote: > > > > > > > On 07.03.2018 22:07, Odhiambo Washington wrote: > > > > I am a little confused here. > > > > I have been running 2.2.34 which I installed in /opt/dovecot2.2 > > I installed 2.3.0.1 to /opt/dovecot23 > > > > I then used config files from /opt/dovecot2.2/etc/dovecot to > > /opt/dovecot2.3/etc/dovecot and all I did was sed -i.BAK > > 's/dovecot2.2/dovecot2.3/g'. Dovecot started and was running file. > > > > Next, I manually crafted config files for 2.3.0.1 based on the example > > config files provided which diff-ing those with what I had for 2.2.34. I > > doub't if I missed something crucial during the process. > > > > 1. I realized that I cannot start 2.3.0.1 when I enable submission, since > > my Exim MTA is already using that port. This persists even if I tell the > > submission protocol to use a different port than 587. I tested 2587, but it > > would appear that 587 is hard-coded! > > > > 2. I realize that "unix_listener auth-client" service ceased to exist! > > > > 3. *I realized that while 2.2.34 runs with default_pass_scheme = > > MD5-CRYPT, 2.3.0.1 would not run with it.* > > > > 4. I have run dovecot -n from my 2.2.x installation and 2.3.x installation > > and here is the diff from the two files. > > > > I am confused why authentication is failing with dovecot-2.3.0.1 when it > > uses 2.3.x config files using MD5-CRYPT scheme while it is succeeding with > > dovecot-2.2.34 using the same. > > *Mar 07 22:30:22 auth: Info: sql(user.n...@domain.name > > <user.n...@domain.name>,192.168.55.97,<4CETl9dmscvAqDdh>): Requested > > DIGEST-MD5 scheme, but we have only MD5-CRYPT* > > > > Maybe the problem is elsewhere??? I need a 3rd eye to help me. > > > > For now > > > > root@gw:~wash/public_html # sdiff dovecot-2.2.txt dovecot-2.3.txt | less > > # 2.2.34 (874deae): /opt/dovecot2.2/etc/dovecot/dovecot.conf | # 2.3.0.1 > > (ffd8a29): /opt/dovecot2.3/etc/dovecot/dovecot.conf > > # OS: FreeBSD 9.3-STABLE i386 ufs # OS: > > FreeBSD 9.3-STABLE i386 ufs > > # Hostname: localhost < > > auth_cache_size = 20 M > > auth_cache_size = 20 M > > auth_master_user_separator = * > > auth_master_user_separator = * > > auth_mechanisms = plain login digest-md5 > > auth_mechanisms = plain login digest-md5 > > auth_socket_path = /var/run/dovecot/auth-userdb > > auth_socket_path = /var/run/dovecot/auth-userdb > > base_dir = /var/run/dovecot/ base_dir = > > /var/run/dovecot/ > > default_login_user = dovecot > > default_login_user = dovecot > > disable_plaintext_auth = no > > disable_plaintext_auth = no > > first_valid_gid = 0 > > first_valid_gid = 0 > > first_valid_uid = 26 > > first_valid_uid = 26 > > hostname = gw hostname = gw > > info_log_path = /var/log/dovecot.log > > info_log_path = /var/log/dovecot.log > > mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE > > mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDE > > mail_plugins = " quota" < > > namespace inbox { namespace > > inbox { > > inbox = yes inbox = > > yes > > location = location > > = > > mailbox Drafts { mailbox > > Drafts { > > special_use = \Drafts > > special_use = \Drafts > > } } > > mailbox Junk { mailbox > > Junk { > > special_use = \Junk > > special_use = \Junk > > } } > > mailbox Sent { mailbox > > Sent { > > special_use = \Sent > > special_use = \Sent > > } } > > mailbox "Sent Messages" { mailbox > > "Sent Messages" { > > special_use = \Sent > > special_use = \Sent > > } } > > mailbox Trash { mailbox > > Trash { > > special_use = \Trash > > special_use = \Trash > > } } > > prefix = prefix = > > } } > > passdb { passdb { > > args = /opt/dovecot2.2/etc/dovecot/passwd.master_users.ext | args = > > /opt/dovecot2.3/etc/dovecot/passwd.master_users.ext > > driver = passwd-file driver = > > passwd-file > > master = yes master = > > yes > > pass = yes pass = > > yes > > } } > > passdb { passdb { > > args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args = > > /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext > > driver = sql driver = > > sql > > } } > > plugin { plugin { > > mail_log_fields = uid box msgid size > > mail_log_fields = uid box msgid size > > quota_rule = *:storage=1G > > quota_rule = *:storage=1G > > quota_rule2 = Trash:storage=+100M > > quota_rule2 = Trash:storage=+100M > > quota_warning = storage=95%% quota-warning 95 %u > > quota_warning = storage=95%% quota-warning 95 %u > > quota_warning2 = storage=80%% quota-warning 80 %u > > quota_warning2 = storage=80%% quota-warning 80 %u > > quota_warning3 = -storage=100%% quota-warning below %u > > quota_warning3 = -storage=100%% quota-warning below %u > > } } > > service auth { service > > auth { > > unix_listener auth-client { < > > mode = 0600 < > > user = mailnull < > > } > > < > > unix_listener auth-userdb { > > unix_listener auth-userdb { > > group = mailnull group > > = mailnull > > user = mailnull user = > > mailnull > > } } > > } } > > service quota-warning { service > > quota-warning { > > executable = script /opt/dovecot2.2/scripts/quota-warning.s | > > executable = script /opt/dovecot2.3/scripts/quota-warning.s > > unix_listener quota-warning { > > unix_listener quota-warning { > > user = mailnull user = > > mailnull > > } } > > user = dovecot user = > > dovecot > > } } > > ssl_cert = </usr/local/etc/letsencrypt/live/gw.crownkenya.com ssl_cert > > = </usr/local/etc/letsencrypt/live/gw.crownkenya.com > > ssl_key = # hidden, use -P to show it ssl_key = > > # hidden, use -P to show it > > > > > submission_max_mail_size = 4 G > > userdb { userdb { > > args = /opt/dovecot2.2/etc/dovecot/dovecot-sql.conf.ext | args = > > /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext > > driver = sql driver = > > sql > > } } > > protocol lda { < > > mail_plugins = quota < > > } < > > protocol imap { protocol > > imap { > > mail_max_userip_connections = 5 > > mail_max_userip_connections = 5 > > mail_plugins = " quota imap_quota" < > > } } > > protocol pop3 { | protocol > > lda { > > mail_max_userip_connections = 5 | > > mail_plugins = quota > > } } > > > > > > Maybe I am just suffering brainlock and need to debug auth further, but I > > have see a question about this auth issue already from another poster, and > > it's not been answered by anyone. > > > > > > > > > > > > Can you send 'doveconf -n' for the 2.3.0.1 instance? > > > > Also. You cannot use hashed passwords with DIGEST-MD5. MD5-CRYPT is hashed > > password scheme. > > > > To change dovecot's submission service port, use > > > > service submission-login { > > inet_listener { > > port = 2587 > > } > > } > > > > "auth-client" cannot be missing, since you can specify arbitrary listeners > > in dovecot, so https://wiki.dovecot.org/HowTo/EximAndDovecotSASL is still > > quite valid. > > > > Aki > > > > > Here is the output: > > root@gw:/opt/dovecot2.3/etc # ../bin/doveconf -n > # 2.3.0.1 (ffd8a29): /opt/dovecot2.3/etc/dovecot/dovecot.conf > # OS: FreeBSD 9.3-STABLE i386 ufs > auth_cache_size = 20 M > auth_master_user_separator = * > auth_mechanisms = plain login digest-md5 > auth_socket_path = /var/run/dovecot/auth-userdb > base_dir = /var/run/dovecot/ > default_login_user = dovecot > disable_plaintext_auth = no > first_valid_gid = 0 > first_valid_uid = 26 > hostname = gw.crownkenya.com > info_log_path = /var/log/dovecot.log > mail_location = maildir:/var/spool/virtual/%d/%n/Maildir:INDEX=MEMORY > namespace inbox { > inbox = yes > location = > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix = > } > passdb { > args = /opt/dovecot2.3/etc/dovecot/passwd.master_users.ext > driver = passwd-file > master = yes > pass = yes > } > passdb { > args = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > plugin { > mail_log_fields = uid box msgid size > quota_rule = *:storage=1G > quota_rule2 = Trash:storage=+100M > quota_warning = storage=95%% quota-warning 95 %u > quota_warning2 = storage=80%% quota-warning 80 %u > quota_warning3 = -storage=100%% quota-warning below %u > } > postmaster_address = postmas...@ccc.com > service auth { > unix_listener auth-userdb { > group = mailnull > user = mailnull > } > } > service quota-warning { > executable = script /opt/dovecot2.3/scripts/quota-warning.sh > unix_listener quota-warning { > user = mailnull > } > user = dovecot > } > ssl_cert = </usr/local/etc/letsencrypt/live/gw.ccc.com/fullchain.pem > ssl_key = # hidden, use -P to show it > submission_max_mail_size = 4 G > userdb { > args = /opt/dovecot2.3/etc/dovecot/dovecot-sql.conf.ext > driver = sql > } > protocol imap { > mail_max_userip_connections = 5 > } > protocol lda { > mail_plugins = quota > } > > > > My default_pass_scheme = MD5-CRYPT, but while running 2.3.0.1 there were > many authentication failures and I would see some MS OutHouse clients were > asking for DIGEST-MD5! > Right now I am back to running 2.2.33.1 (2.2.34 has been having issues > which were forcing me to reboot the server, but being a busy server it'e > been hard to find a good time to figure out why server would run out of > buffers) and everything is good! > > > About submission, I looked in 10-master.conf and modified as follows: > > service submission-login { > inet_listener submission { > port = 2587 > } > } > > .... but it would still make dovecot fail to start, because Exim is > listening on port 587. > > I see that your suggested modification is slightly different when it comes > to inet_listener line, because you do not include "submission" after > inet_listener and that is different from the format used in 10-master.conf: > > service submission-login { > inet_listener { > port = 2587 > } > } > > PS: I will look at whether I accidentally did something during my editing > which resulted in the auth-client line missing in my new configuration. > > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254 7 3200 0004/+254 7 2274 3223 > "Oh, the cruft."
service submission-login { inet_listener submission { address = haproxy = no port = 587 reuse_port = no ssl = no } } this is the default config. We have not hard-coded any listener port. Aki