Now i understand, that you want to add cram-md5 to the mechs, but to authenticate still against the sql-db?
On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find under "Non-plaintext authentication mechanisms": "The problem with non-plaintext auth mechanisms is that the password must be stored either in plaintext, or using a mechanism-specific scheme that's incompatible with all other non-plaintext mechanisms. In addition, the mechanism-specific schemes often offer very little protection. This isn't a limitation of Dovecot, it's a requirement for the algorithms to even work. For example if you're going to use CRAM-MD5 authentication, the password needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in plaintext. " Does that possibly point out your problem? Otherwise please provide - dovecot logs for the mentioned two cases? - contnet of /etc/dovecot/dovecot-sql.conf? - maybe a link to the mentioned dovecot threat. Did you find your postfix logs? Which system do you use? Willi Am 23.02.2017 um 13:56 schrieb Poliman - Serwis: > Still nothing. If I removed "noplaintext" from these lines, sending email > still working when I have: > auth_mechanisms = plain login cram-md5 #added cram-md5 > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > but with this: > auth_mechanisms = plain login > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > > I still can't send. So sending (or not sending) depends (I think) from > above configurations from dovecot.conf. > > 2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Am 23.02.2017 um 13:27 schrieb Poliman - Serwis: >>> Test email go through when I have in dovecot.conf: >>> auth_mechanisms = plain login cram-md5 #added cram-md5 >>> passdb { >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> >>> but this isn't default setting. I don't need this, need default: >>> auth_mechanisms = plain login >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> >>> but then sending testing email is not working. >> >> Now (i think) i understand. You should look to your postfix main.cf. >> >> smtpd_sasl_security_options = noanonymous,noplaintext >> smtpd_sasl_tls_security_options = noanonymous,noplaintext >> >> Possibly you should remove "noplaintext" from >> smtpd_sasl_tls_security_options. >> >> If you remove it also from smtpd_sasl_security_options your password >> will traverse internet in cleartext. >> >> Details : >> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options >> >> >> Willi >> >> >>> >>> Unfortunatelly dovecot list didn't help me. One developer sends me to >> this >>> group. ;) >>> >>> All logs from mail.log I pasted. I have mail.log and mail.err files. >>> >>> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de < >>> wilfried.es...@essignetz.de>: >>> >>>> Hi, >>>> >>>> >>>> i assume your test mail got through now? >>>> >>>> >>>> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis: >>>>> I am not sure that all in these logs are good because there is info >>>> 'passdb >>>>> didn't return userdb entries'. >>>> I think there is nothing to worry about. >>>> >>>> Dovecot knows about password and user databases. It is possible to have >>>> password and userdata in the same db, like the sql-db from your default >>>> entry. But the cram-md5 file didn't have userdata, which made dovecot >>>> looking in the other db it got to know. I recommend you read details in >>>> http://wiki.dovecot.org/PasswordDatabase , >>>> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe >> other >>>> info from dovecot wiki. >>>> >>>> >>>>> Authentication worked because dovecot used >>>>> cram-md5 file (still custom settings in dovecot.conf about which I say >>>> all >>>>> time) but dovecot can't find match in database (configured in line: >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql). >>>> As this is the postfix list, i'd like to send you to the dovecot >>>> forum/list to ask what you concerns. >>>> >>>> >>>>> How can I provide postfix logs - where can I find them? I have only >>>>> mail.log and mail.err files for mailing errors. :) >>>> If mail got through now, there is no need for further info from postfix. >>>> As i know, postfix logs usually by means of syslog into >>>> /var/log/mail.log or /var/log/mail/mail.log. >>>> >>>> >>>> Willi >>>> >>>> >>>> >>>> >>>> >>>>> >>>>> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de < >>>>> wilfried.es...@essignetz.de>: >>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> now i'm rather unsure what you want to say with this? >>>>>> >>>>>> It looks something like authentification worked. But without the >> postfix >>>>>> loglines i cant see it for sure. >>>>>> >>>>>> >>>>>> >>>>>> Willi >>>>>> >>>>>> >>>>>> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis: >>>>>>> I setup like You pasted and in mail.log I have: >>>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: >> CONT<hidden> >>>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( >>>>>>> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): lookup: >>>>>> user= >>>>>>> do_not_re...@example.com file=/etc/dovecot/cram-m$ >>>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: >>>>>>> OK#0111#011user=do_not_re...@example.com >>>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: >>>>>>> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c >>>>>> bfada#011session_pid=5092 >>>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( >>>>>>> do_not_re...@example.com,93.179.231.31,<Fl+mbC9JRABds+cf>): passdb >>>>>> didn't >>>>>>> return userdb entries, trying the next userdb >>>>>>> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( >>>>>>> do_not_re...@example.com,93.179.231.31): SELECT email as user, >> maildir >>>>>> as >>>>>>> home, CONCAT( maildir_format, ':', mail$ >>>>>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out: >>>>>>> USER#0113625975809# >>>>>>> 011do_not_re...@example.com#011home=/var/vmail/example. >>>>>> com/do_not_reply#011mail=maildir:/var/vma$ >>>>>>> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=< >>>>>>> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31, >>>>>>> lip=193.70.38.6, mpid=5092, TLS, session=<Fl+mbC9JRABds+cf> >>>>>>> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl >> ): >>>>>>> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243 >>>>>>> >>>>>>> >>>>>>> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < >>>>>>> wilfried.es...@essignetz.de>: >>>>>>> >>>>>>>> I wonderd about how dovecot would deside, which "args" belongs to >> wich >>>>>>>> "driver" line. So looked over >>>>>>>> http://wiki.dovecot.org/Authentication/MultipleDatabases. >>>>>>>> >>>>>>>> Possibly you should write something like: >>>>>>>> >>>>>>>> passdb { >>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>> driver = sql >>>>>>>> } >>>>>>>> >>>>>>>> passdb { >>>>>>>> driver = passwd-file >>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> Willi >>>>>>>> >>>>>>>> >>>>>>>> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: >>>>>>>>> You have right, I added 'noplaintext'. But main thing what I want >> to >>>>>> get >>>>>>>> - >>>>>>>>> no cram-md5 in dovecot and ability to send emails. All worked fine >>>>>> until >>>>>>>> I >>>>>>>>> set in dovecot.conf: >>>>>>>>> auth_mechanisms = plain login cram-md5 >>>>>>>>> passdb { >>>>>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> #driver = sql >>>>>>>>> driver = passwd-file >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>> >>>> >>> >>> >> >> > >
