> On 21 March 2018 at 18:12 mj <li...@merit.unu.edu> wrote: > > > Hi, > > I noticed the following in the logs of our debian wheezy server: > > > Mar 21 07:13:47 mail dovecot: auth: Debug: > > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): bind search: base=CN=Users, > > DC=samba, DC=company, DC=com filter=(&(objectclass=person)(sAMA > > ccountName=username)(!(userAccountControl=514))) > > Mar 21 07:13:47 mail dovecot: auth: Debug: > > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): result: uid=username; uid unused > > Mar 21 07:13:47 mail dovecot: auth: Debug: > > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): result: uid=username > > Mar 21 07:13:48 mail dovecot: auth: > > ldap(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): invalid credentials (given > > password: invalid_password) > > Mar 21 07:13:48 mail dovecot: auth: Debug: > > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): lookup > > Mar 21 07:13:48 mail dovecot: auth: Debug: > > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets: Matching for > > network 127.0.0.1/32 > > Mar 21 07:13:48 mail dovecot: auth: > > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): allow_nets check failed: IP > > not in allowed networks > > Mar 21 07:13:48 mail dovecot: auth: Debug: > > static(username,1.2.3.4,<g2/rF+ZnjAAu5ceg>): Allowing any password > > Mar 21 07:13:54 mail dovecot: auth: Debug: auth client connected (pid=6174) > > The line second last line "Allowing any password" comes as a surprise..? > Why would dovecot Allow any password..? > > We had the following bit in our config, but I removed it now: > > > #passdb { > > # driver = static > > # args = nopassword=y allow_nets=127.0.0.1/32 > > #} > > Could anyone expain the "Allowing any password"? >
This is what 'nopassword=y' does. I'm guessing this is an attempt to allow logging in from localhost without password, but I'd use master password (for applications or webmails), or doveadm exec imap -u victim for admin use. Aki