Re: [Dovecot] Mailing list's prefix
On 3/5/2010 1:17 AM, Noel Butler wrote: of the myriad of lists im' on and have been on for many many years, only nanog and bind lists dont use tags. postfix doesn't, and I know you're on there (you replied to the 'copy-to-sent' thread with some helpful hints)... ;) -- Best regards, Charles
Re: [Dovecot] Limit login attempts per connection?
On 05/03/2010 04:43, Tony Nelson wrote: On 10-03-04 20:22:15, Frank Cusack wrote: On 3/4/10 6:42 PM -0500 Tony Nelson wrote: Looking at the source, I see that there are no options. It tarpits a bit, but currently has no limit on the number of attempts. I'll see what I can do. I think it's a brilliant idea. After one login attempt, all others on the same connection should fail. A fan! Anyway, there should at least be a choice. Not that I've coded a choice, just a dumb patch -- see attachment. It's a bit of a compromise, with a hard-coded limit of 4 attempts. Maybe I'll lower it to 2. I would be all in favour of a setting like this because it's easier to configure than fail2ban... ...but ... At least my public facing servers seem to be receiving trickle scans where there is definite evidence of a slow distributed bruteforcer which uses multiple IPs to try multiple usernames and I probably only see each IP a few times a day... This is quite hard to defend against without some kind of distributed system (and I believe there are such things?) Good luck Ed W
Re: [Dovecot] Mailing list's prefix
On 04/03/2010 20:59, Timo Sirainen wrote: Do you think I'd break a lot of people's filters if I removed the prefix? :) Anyone strongly for/against removing it? It seems kind of annoying to me whenever I happen to think about it. Doesn't bother me, but I have a feeling that at least some of the older M$ email clients cannot easily filter messages based on header fields, subject filters are the simplest options for them. Certainly I would say that it's currently still the status quo that mailing lists have subject prefixes, so you are slightly going against the flow. You could test the backlash by sending out a small number of warning messages without the subject prefix and see who complains... I would suggest it might be an over-bold move given that it changes the requirement to understand your filtering LDA from beginner to intermediate, but personally not fussed since my rules all filter on list headers... (Presumably all those who rate black belt on their relevant LDA have already got filtering rules to remove the prefix...) Good luck Ed W
Re: [Dovecot] Saving Sent Messages to Sent Folder
On 04/03/2010 15:47, Timo Sirainen wrote: On Thu, 2010-03-04 at 10:05 -0500, Charles Marcus wrote: On 2010-03-04 9:32 AM, Timo Sirainen wrote: LEMONADE group solved this with IMAP URLAUTH (RFC 4467) and SMTP BURL (RFC 4468) extensions. The idea is basically (copypasting from RFCs): C: RCPT TO:r...@gryffindor.example.com S: 250 2.1.5 r...@gryffindor.example.com OK. C: BURL imap://ha...@gryffindor.example.com/outbox ;uidvalidity=1078863300/;uid=25;urlauth=submit+harry :internal:91354a473744909de610943775f92038 LAST S: 250 2.5.0 Ok. So after receiving BURL command, SMTP server connects to IMAP server and fetches the message: But wouldn't this also require the MUA to support the concept of an 'Outbox'? MUA would have to support both of those URLAUTH and BURL extensions, so that it can register a temporary URL on the IMAP server, then connect to SMTP server and give that URL to BURL command (instead of sending the mail with DATA command). So from MUA's point of view it's basically the same as before: save to IMAP and after that send via SMTP. This seems like such a convolution... Given that the RFC already proposes some changes to the IMAP side then it would seem sensible to get the IMAP server to do the proxy connection to the MTA and deliver. Perhaps a simple case of adding a flag when saving into a folder would mark the message as being required to be sent onwards? I would guess the reason for the LEMONADE version is that they wanted it to be quite explicit if mail was not immediately able to be sent, rather than creating a bounce (REJECT vs BOUNCE). However, I should imagine a bit more thought about how to implement the IMAP side could allow an extension which handled submission and also gave immediate feedback in the case of obviously non-deliverable mail? The other pain in the bum about most current clients is that they: - send the email via smtp - post the message to the Sent folder - THEN they DOWNLOAD the message again from the Sent folder!! THIS is craziness! Ed W
Re: [Dovecot] Limit login attempts per connection?
On Thu, 2010-03-04 at 23:43 -0500, Tony Nelson wrote: I think it's a brilliant idea. After one login attempt, all others on the same connection should fail. A fan! Anyway, there should at least be a choice. Not that I've coded a choice, just a dumb patch -- see attachment. It's a bit of a compromise, with a hard-coded limit of 4 attempts. Maybe I'll lower it to 2. I think I'll change v2.0 to simply disconnect 3 minutes after the client connected. With the tarpitting doubling the auth failure delay for up to 15 seconds, that allows maybe max. 15 auth attempts before being disconnected. I don't really see why that would be too much, there's not much brute forcing that can be done with 15 attempts.. (And this assumes that something externally blocks that IP by then. If you disconnect without blocking the IP, they'll just reconnect and continue so that won't help much. And banning IP for just 2-4 failed auth attempts seems a bit too early.) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Saving Sent Messages to Sent Folder
On Fri, 2010-03-05 at 09:59 +, Ed W wrote: MUA would have to support both of those URLAUTH and BURL extensions, so that it can register a temporary URL on the IMAP server, then connect to SMTP server and give that URL to BURL command (instead of sending the mail with DATA command). So from MUA's point of view it's basically the same as before: save to IMAP and after that send via SMTP. This seems like such a convolution... Given that the RFC already proposes some changes to the IMAP side then it would seem sensible to get the IMAP server to do the proxy connection to the MTA and deliver. Perhaps a simple case of adding a flag when saving into a folder would mark the message as being required to be sent onwards? Well, I'm not very happy about the idea of IMAP server sending messages to SMTP server either.. :) signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Mailing list's prefix
On Fri, 2010-03-05 at 03:57 -0500, Charles Marcus wrote: On 3/5/2010 1:17 AM, Noel Butler wrote: of the myriad of lists im' on and have been on for many many years, only nanog and bind lists dont use tags. postfix doesn't, and I know you're on there (you replied to the 'copy-to-sent' thread with some helpful hints)... ;) I have not been on the postfix list in some time, and i was only on it for a short period of time for my inquiry which went unanswered.
Re: [Dovecot] Mailing list's prefix
On 2010-03-05 5:28 AM, Noel Butler wrote: On Fri, 2010-03-05 at 03:57 -0500, Charles Marcus wrote: On 3/5/2010 1:17 AM, Noel Butler wrote: of the myriad of lists im' on and have been on for many many years, only nanog and bind lists dont use tags. postfix doesn't, and I know you're on there (you replied to the 'copy-to-sent' thread with some helpful hints)... ;) I have not been on the postfix list in some time, and i was only on it for a short period of time for my inquiry which went unanswered. Oops, my bad, confused you with Noel Jones... apologies...
Re: [Dovecot] Saving Sent Messages to Sent Folder
On 2010-03-05 5:10 AM, Timo Sirainen wrote: Well, I'm not very happy about the idea of IMAP server sending messages to SMTP server either.. :) Not to belabor the point, but the dovecot LDA is already talking to the SMTP server in one direction... this is why I proposed something as simple as possible, a 'LSA proxy'... just enough to make sure the message is accepted for delivery, then save the copy to the Sent folder. I imagine a lot more things could be done to, especially if sieve support was available to it. Of course, I have no idea what 'as simple as possible' means in terms of code requirements, especially since - were you to do it, which you have already said you have no interest in - you would obviously want it to be rock-solid... ;) That said - could this be done in a plugin? I didn't think so, but maybe I'm wrong? -- Best regards, Charles
Re: [Dovecot] Limit login attempts per connection?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Mar 04, 2010 at 06:43:21PM -0500, Tony Nelson wrote: On 10-03-04 00:51:40, to...@tuxteam.de wrote: [...fail2ban...] I already have something that works with any program secure enough not to allow unlimited login attempts. Using fail2ban might work if I configure it enough to sever existing connections. Understood. Thanks - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFLkOfPBcgs9XrR2kYRAuztAJ9LJdWEP7LuUOuB6nDHTjVN1Ov7RACeNawb hXuUgpi15dUYNgfVDcMzFJc= =2cDu -END PGP SIGNATURE-
Re: [Dovecot] Saving Sent Messages to Sent Folder
On 05/03/2010 10:10, Timo Sirainen wrote: On Fri, 2010-03-05 at 09:59 +, Ed W wrote: MUA would have to support both of those URLAUTH and BURL extensions, so that it can register a temporary URL on the IMAP server, then connect to SMTP server and give that URL to BURL command (instead of sending the mail with DATA command). So from MUA's point of view it's basically the same as before: save to IMAP and after that send via SMTP. This seems like such a convolution... Given that the RFC already proposes some changes to the IMAP side then it would seem sensible to get the IMAP server to do the proxy connection to the MTA and deliver. Perhaps a simple case of adding a flag when saving into a folder would mark the message as being required to be sent onwards? Well, I'm not very happy about the idea of IMAP server sending messages to SMTP server either.. :) Go on... Why's that..? Weight of history defines that we do things in certain ways and we sometimes get stuck in a bit of a rut, but if M$ has shown us one thing it's that we should (cautiously) look at how disparate systems can be integrated into a cohesive whole (granted they also showed how you can make an insecure system also, but I think that's an optional problem). Not a dig at Dovecot, but: many software projects overlook the opportunity to integrate with other systems and become larger than the individual pieces. An example in point would be that I'm sitting here battling with SNMP + Cacti + Nagios trying to get them all to talk to each other... There has to be a reason Groundworks charges so much for selling you a package where this is already done... Spinning off at a tangent, but I fell in love with (the concept of) Lotus Notes some 18 years ago. The way I saw it was a massive distributed multi-master data store + some presentation layers which could make any database look like whatever you wanted it to look like. I used it for: - Email inbox - Calendar - Project documentation, discussion and design - Staff holiday tracking - Recruitment workflow (track all candidate details, results of interviews, contact correspondence, etc) - Loads of inhouse custom one off projects I also used it as an SQL database (with a bit of magic) and built an application used to handle billions of £s of financing for a UK bank. The IRA blew up one of the banks offices (which kind of stopped the server working so well), all the staff simply changed their Notes tel number to that of a different office and just carried on as though nothing had happened... No data lost, work carried on I had naively assumed that IMAP servers would head down the same road... To my eye it's all just unstructured data and I really don't see what's so special about a CalDev server or an SMTP server which makes it anything other than a plugin to an unstructured data store. If anyone starts to buy that idea then lift your vision and imagine that we start to see all these just distributed databases, specialist interfaces to query them efficiently and a bunch of protocols to distribute documents between the databases - personally I would then vote we start to shift to some kind of jabber style protocol to connect all these datastores together. Once you head down that road you can imagine perhaps an MMS style storage model where the sender hosts all the mail storage and just sends a short SMS note to the recipient to let them know an email is waiting for them. (possibly even has some small positive anti-spam benefit...) Anyway, back to reality... So what's the problem with a protocol extension which effectively means take this message, connect to the server which was pre-configured and fully tested by you earlier, and give it a MAIL FROM, RCPT TO, DATA and let me know the answer? Cheers Ed W
Re: [Dovecot] Saving Sent Messages to Sent Folder
On 2010-03-05 4:59 AM, Ed W wrote: Perhaps a simple case of adding a flag when saving into a folder would mark the message as being required to be sent onwards? Way to error-prone for my taste. What about the luser that accidentally drops 5000 messages in there shudder... no thanks... ;) snip The other pain in the bum about most current clients is that they: - send the email via smtp - post the message to the Sent folder That is what this thread is about... - THEN they DOWNLOAD the message again from the Sent folder!! THIS is craziness! Yeah, but I don't see a sane way to handle that one, and the client would definitely have to have direct support for 'it', whatever it turned out to be. I'm only interested in server-side solutions and was just hoping that the LSA proxy idea might be doable and wouldn't be too hard... Wishing I was a coder (for the 12th time today already)... or had the time to learn... -- Best regards, Charles
Re: [Dovecot] Mailing list's prefix
On Fri, 2010-03-05 at 05:57 -0500, Charles Marcus wrote: On 2010-03-05 5:28 AM, Noel Butler wrote: On Fri, 2010-03-05 at 03:57 -0500, Charles Marcus wrote: On 3/5/2010 1:17 AM, Noel Butler wrote: of the myriad of lists im' on and have been on for many many years, only nanog and bind lists dont use tags. postfix doesn't, and I know you're on there (you replied to the 'copy-to-sent' thread with some helpful hints)... ;) I have not been on the postfix list in some time, and i was only on it for a short period of time for my inquiry which went unanswered. Oops, my bad, confused you with Noel Jones... apologies... hehe no problems.. i knew a Noel Jones once but i doubt its the same guy i went to school with :) wrong country and all... attachment: stock_smiley-1.png
Re: [Dovecot] Mailing list's prefix
Frank Elsner put forth on 3/4/2010 3:51 PM: Removal gives 10 chars more for the subject. Remove it. And what ever will people do with those extra 10 characters. I've got 1744 messages in my Dovecot folder and not one has a subject line too long to fit in my MUA. I say ban all the people wasting the list's time with this absolutely stupid, irrelevant subject. ;) -- Stan
Re: [Dovecot] Limit login attempts per connection?
Ed W put forth on 3/5/2010 3:44 AM: ...but ... At least my public facing servers seem to be receiving trickle scans where there is definite evidence of a slow distributed bruteforcer which uses multiple IPs to try multiple usernames and I probably only see each IP a few times a day... This is quite hard to defend against without some kind of distributed system (and I believe there are such things?) It's good policy these days to use ipdeny.com cidr tables and ban all countries from your servers that will never need legitimate access to them. If you're in the US, do you need to allow Chinese or Russian IP space to connect to your IMAP ports? If not, it's pretty simple to add iptables rules on all your servers to ban all the countries where a large amount of unauthorized connection attempts originate. This usually can't be done with off the shelf firewalls from the likes of Cisco et al as they don't have enough memory. For a large server farm, it would be better to have a Linux or NetBSD box running firewall duty for the farm so you only have to load these rules once and eat cycles on only one machine. Also keep in mind that iptables load time for huge country files can be pretty substantial. I experimented with this on an old dual 550 MHz machine and it took something like 30 seconds to load just the China cidrs into iptables. If you plan to load up multiple countries, initial iptables loading might take a while. Once you've got it set up and tuned it can work very well. -- Stan
Re: [Dovecot] Mailing list's prefix
Timo Sirainen t...@iki.fi wrote: Do you think I'd break a lot of people's filters if I removed the prefix? :) Anyone strongly for/against removing it? It seems kind of annoying to me whenever I happen to think about it. You can filter it out for yourself, can not you? ;-) I would suggest to keep it as it is even if it is annoying you a little :-) -- [plen: Andrew] Andrzej Adam Filip : a...@onet.eu It's not easy, being green. -- Kermit the Frog
[Dovecot] Number of users for one Solr instance
Dear all. (I'm new to the list.) Our regional government is considering, due to our proposal, migrate from Courier to Dovecot. 70k mailboxes. One of the most attractive features for them is the usage of indexes, and especially Solr FTS plugin. Their question is: How many users (range of users) could support one Solr instance used as index and search backend? Are there any deployment examples? I think, it would be easy to split users into different Solr instances, but it's not that easy to reorganize them, as we have to reindex if one user is moved from one instance to another. Regards. Erny Yaco Sistemas
Re: [Dovecot] Saving Sent Messages to Sent Folder
On Fri, 2010-03-05 at 06:08 -0500, Charles Marcus wrote: Not to belabor the point, but the dovecot LDA is already talking to the SMTP server in one direction... this is why I proposed something as simple as possible, a 'LSA proxy'... just enough to make sure the message is accepted for delivery, then save the copy to the Sent folder. I imagine a lot more things could be done to, especially if sieve support was available to it. That said - could this be done in a plugin? I didn't think so, but maybe I'm wrong? With v2.0 you can do basically everything as external plugin. Even managesieve no longer requires patching Dovecot. LDA talks to SMTP server by calling sendmail binary. That's kind of ugly. v2.0 actually has SMTP client support, so maybe I should change it to use localhost:25 as default instead of using sendmail binary. Anyway, your LSA proxy would be able to use the SMTP client library. Although it would probably be easiest to start with the current LMTP code, because it already supports proxying and saving to local disk, those could be combined and the server could be added to support incoming SMTP clients.. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] Number of users for one Solr instance
Hi, This is my first mail, fyi. I dont know internals of the plugin but it depends more on Solr than Dovecot. Also the activity level and real-timeness of the index is important. Assuming this as the search only machine and relatively moderate usage, a big box with lots of RAM and 4-way server may work in your case. Lee
Re: [Dovecot] Saving Sent Messages to Sent Folder
On 2010-03-05 8:43 AM, Timo Sirainen wrote: With v2.0 you can do basically everything as external plugin. Even managesieve no longer requires patching Dovecot. LDA talks to SMTP server by calling sendmail binary. That's kind of ugly. v2.0 actually has SMTP client support, so maybe I should change it to use localhost:25 as default instead of using sendmail binary. Anyway, your LSA proxy would be able to use the SMTP client library. Although it would probably be easiest to start with the current LMTP code, because it already supports proxying and saving to local disk, those could be combined and the server could be added to support incoming SMTP clients.. Excellent! Thanks for the feedback Timo... -- Best regards, Charles
Re: [Dovecot] Mailing list's prefix
On Fri, 2010-03-05 at 14:01 +0800, Patrick Nagel wrote: On 2010-03-05 07:49, Karsten Bräckelmann wrote: I don't recall any, other than plain refusal to use a dedicated folder, rather than dumping it all into the Inbox... IMO, Michael M. Slusarz had a valid reason: Frankly, I disagree. I do receive legit private messages, forked off of an on-list thread. From various mailing-lists. I would not want them to be filtered into a dedicated list folder. For that reason, Subject based filtering is wrong, and the proper mailing-list headers do a perfect job here. [...] a common situation (at least for me) is someone who replies directly to your message from a list instead of to the list address. This will most likely cause that message to end up in your INBOX rather than being filtered into the appropriate mailing list mailbox. Having It is an off-list reply. It doesn't belong in the list folder. I'm ok with both ways, but given that there is a considerable amount of opposition, I think Timo's decision to keep it as it is will work best. Well, I'd prefer to drop the Subject tagging. But this decision isn't my call on this list. :) If it bugs me enough, I can always drop it locally. The procmail recipe to accomplish that was the important point of my previous post. I didn't argue about the tagging itself. guenther -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: [Dovecot] Mailing list's prefix
On Fri, 2010-03-05 at 09:50 +, Ed W wrote: I would suggest it might be an over-bold move given that it changes the requirement to understand your filtering LDA from beginner to intermediate, [...] This is an IMAP *server* list. It should be fairly safe to assume mail admins exceeded the beginner level for their tools... Should. Reality on a lot of related lists eloquently shows, this is not the case. :/ -- char *t=\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4; main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;il;i++){ i%8? c=1: (c=*++x); c128 (s+=h); if (!(h=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
[Dovecot] Bug in driver-mysql.c + fix
I tried to use MySQL stored procedures from dovecot: password_query = CALL user_pass_check('%n', '%d', '%w') user_query = CALL user_info('%n', '%d') This failed with the message: User query failed: PROCEDURE imap.user_info can't return a result set in the given context The root of this problem is that mysql_real_connect() needs to be called with option CLIENT_MULTI_RESULTS and mysql_next_result() called to retrieve extra results (that will not exist in the way that we use it). I attach a patch that fixes this problem -- the patch is against dovecot-1.2.10. This works for me ... but could probably do with testing by other people. BTW: I got the same problem with exim this morning, wrote a patch that has now been accepted. The dovecot patch is similar. I am looking to use mysql procedures, there are some interesting things that can be done. Two suggestions that I have will help with this: 1) There be variable (say) %o - this be the obscured password, ie what password_query returns. 2) that dovecot look for either ''password_query'' as above, or ''password_check''. password_check would NOT return a password, but would be given %o and determine itself if the password is correct. It would return the other values (user, userdb_home, ...) and auth_result that would encode success/retry/fail (0, 1, 2 - or maybe more structured [**]) and auth_reason some human readable reason. The ''nologin'' value encodes some of this. The motivation for this is that my stored procedure will record the number of successive login failures and lock the account after 3 of them. It would also be possible to do time based restrictions the such. Also: by passing %o the password is not sent in plain to the database server - which will increase security. I will publish my stored procedures when done. Regards [**] eg taking ideas from the HTTP codes: 200 - OK 300 5 - try again in 5 minutes 301 2 9 - try again on tuesday at 9am 400 - Login forbidden, no reason given 401 - bad username and/or password 402 - account locked administratively 403 - too many failed login attempts 500 - authentication system error The above would allow a native language version of auth_reason to be produced -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 http://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php Past chairman of UKUUG: http://www.ukuug.org/ #include std_disclaimer.h --- driver-mysql.c 2010-03-05 19:38:10.512212871 + +++ driver-mysql.c 2010-03-05 19:38:17.0 + @@ -132,9 +132,10 @@ } alarm(MYSQL_CONNECT_FAILURE_TIMEOUT); + /* CLIENT_MULTI_RESULTS allows the use of stored procedures */ failed = mysql_real_connect(conn-mysql, host, db-user, db-password, db-dbname, db-port, unix_socket, - db-client_flags) == NULL; + db-client_flags | CLIENT_MULTI_RESULTS) == NULL; alarm(0); if (failed) { if (conn-connect_failure_count 0) { @@ -429,6 +430,7 @@ struct mysql_db *db = (struct mysql_db *)_db; struct mysql_connection *conn; struct mysql_result *result; + int nr; result = i_new(struct mysql_result, 1); result-api = driver_mysql_result; @@ -442,6 +444,17 @@ case 1: /* query ok */ result-result = mysql_store_result(conn-mysql); + while((nr = mysql_next_result(conn-mysql)) = 0) { + /* more results? -1 = no, 0 = error, 0 = yes +* Because of the CLIENT_MULTI_RESULTS on mysql_real_connect() +* we need to read extra results - there should not be any. +*/ + if(nr == 0) /* Just ignore more results */ + continue; + + result-api = driver_mysql_error_result; + goto off; + } if (result-result != NULL || mysql_errno(conn-mysql) == 0) break; /* fallback */ @@ -451,6 +464,7 @@ break; } +off: result-conn = conn; return result-api; }
[Dovecot] Simple authentication problem
I'm trying to configure dovecot on a SUSE system, and having trouble with the simplest possible authentication scheme: using the standard Linux users and passwords. My configuration is: dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.27.45-0.1-pae i686 openSUSE 11.1 (i586) protocols: imap pop3 ssl_listen: * ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 auth default: default_realm: renomustangcarclub.com passdb: driver: pam userdb: driver: passwd Attempts to log in: 99-26-248-100:~ dramsey$ telnet renomustangcarclub.com pop3 Trying 99.26.248.108... Connected to renomustangcarclub.com. Escape character is '^]'. +OK Dovecot ready. user dramsey +OK pass raskin -ERR Authentication failed. Looking in the mail log file: Mar 5 16:40:55 Microstar dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=dram...@renomustangcarclub.com, method=PLAIN, rip=99.26.248.100, lip=99.26.248.108 Any ideas?
Re: [Dovecot] Simple authentication problem
On 03/06/2010 01:39 AM David Ramsey wrote: I'm trying to configure dovecot on a SUSE system, and having trouble with the simplest possible authentication scheme: using the standard Linux users and passwords. My configuration is: dovecot -n # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.27.45-0.1-pae i686 openSUSE 11.1 (i586) protocols: imap pop3 ssl_listen: * ssl_disable: yes disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 auth default: default_realm: renomustangcarclub.com passdb: driver: pam userdb: driver: passwd Attempts to log in: 99-26-248-100:~ dramsey$ telnet renomustangcarclub.com pop3 Trying 99.26.248.108... Connected to renomustangcarclub.com. Escape character is '^]'. +OK Dovecot ready. user dramsey +OK pass raskin -ERR Authentication failed. Looking in the mail log file: Mar 5 16:40:55 Microstar dovecot: pop3-login: Disconnected (auth failed, 1 attempts): user=dram...@renomustangcarclub.com, method=PLAIN, rip=99.26.248.100, lip=99.26.248.108 Any ideas? grep dram...@renomustangcarclub.com /etc/passwd will produce no output. Why do you set a default_realm? Regards, Pascal -- The trapper recommends today: c01dcafe.1006...@localdomain.org