Re: please help this newbie get started
Hi again, I see now it's possible to restricting IMAP/POP3 access, but that shouldn't be enabled. In conf.d/10-auth.conf that's commented out: #!include auth-deny.conf.ext Thanks, Bob
Re: Compiling Dovecot on Solaris 10
On 02/03/2017 03:22 PM, KSB wrote: A bit offtopic, but I'm interested what's the point of using so old OS (support still exists though)? Short version: It works. Long version: Solaris 10 is still supported; the production systems here are patched up to current as of last week. So while the base release is quite a few years old, the OS installed on these systems is considered current. When support and a current patch stream are no longer available, we will revisit our configuration. For these production systems, there is currently no need for any capability or feature that exists only in "newer" OS releases. When that changes, we will revisit our configuration. Until then, it's rock solid and does everything required of it. There are no problems to be addressed. At least here, we don't fix things that aren't broken. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
please help this newbie get started
Hi, everyone, I'm trying to get email working on a server. Web servers I have some experience with, but this is new for me. On FreeBSD, with dovecot2 (2.2.27), when I try to check email, Thunderbird says: Sending of password for user xxx did not succeed.Mail server xxxresponded: Authentication failed. And on the server, in the mail log, there's a message: dovecot: pop3-login: Disconnected (user disabled) Any idea what I'm doing wrong? I didn't mean to disable any users. Thanks! Bob
Re: Compiling Dovecot on Solaris 10
On 2017.02.03. 16:10, Mantas Gegužis wrote: Hi, thank You for a reply, compiling with Solaris Studio 12.5 solved this case. Martin Preen rašė: Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin A bit offtopic, but I'm interested what's the point of using so old OS (support still exists though)? -- Kaspars
Re: Compiling Dovecot on Solaris 10
I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). ... and I don't have problems with Solaris10/gcc, but I don't have as many options as you do. Joseph Tam
Re: Compiling Dovecot on Solaris 10
Same here Sun compiler v5.12 on SPARC. Built cleanly this morning. I'll be upgrading from 2.2.18 this afternoon. :) -Dave On 02/03/2017 05:36 AM, Martin Preen wrote: Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen -- Dave McGuire, AK4HZ New Kensington, PA
Crash while reading compressed mbox: Panic: file istream-zlib.c: line 416 (i_stream_zlib_seek): assertion failed: (ret == -1)
Hello, I use mbox compressed by gzip as read-only folder (using zlib plugin). This setup worked for a while, but doesn't work with latest dovecot version (2.2.27). I have error in logs: Panic: file istream-zlib.c: line 416 (i_stream_zlib_seek): assertion failed: (ret == -1) I can see list of messages in MUA but can't ready body of any message. I've tried to delete indexes, but it doesn't help. Backtrace looks like: (gdb) bt #0 0x11266a4a in thr_kill () from /lib/libc.so.7 #1 0x11266a1b in raise () from /lib/libc.so.7 #2 0x11266989 in abort () from /lib/libc.so.7 #3 0x10ef3850 in default_fatal_finish (type=LOG_TYPE_PANIC, status=0) at failures.c:201 #4 0x10ef5167 in i_internal_fatal_handler (ctx=0x7fffe010, format=0x1222cf93 "file %s: line %d (%s): assertion failed: (%s)", args=0x7fffdff0) at failures.c:670 #5 0x10ef3e5f in i_panic (format=0x1222cf93 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275 #6 0x12229238 in i_stream_zlib_seek (stream=0x118dd300, v_offset=56248, mark=false) at istream-zlib.c:416 #7 0x10f05e48 in i_stream_skip (stream=0x118dd370, count=32489) at istream.c:278 #8 0x10f057ba in i_stream_seek (stream=0x118dd370, v_offset=56248) at istream.c:300 #9 0x10b17702 in istream_raw_mbox_get_body_size (stream=0x118ec870, expected_body_size=36695, body_size_r=0x7fffe2a0) at istream-raw-mbox.c:612 #10 0x10b2b0aa in mbox_sync_read_next_mail (sync_ctx=0x7fffe418, mail_ctx=0x7fffe270) at mbox-sync.c:162 #11 0x10b2964a in mbox_sync_loop (sync_ctx=0x7fffe418, mail_ctx=0x7fffe270, partial=false) at mbox-sync.c:1057 #12 0x10b290cb in mbox_sync_do (sync_ctx=0x7fffe418, flags=MBOX_SYNC_UNDIRTY) at mbox-sync.c:1642 #13 0x10b28999 in mbox_sync_int (mbox=0x118ee040, flags=MBOX_SYNC_UNDIRTY, lock_id=0x7fffe640) at mbox-sync.c:1969 #14 0x10b280ea in mbox_sync (mbox=0x118ee040, flags=MBOX_SYNC_UNDIRTY) at mbox-sync.c:2022 #15 0x10b28c9e in mbox_storage_sync_init (box=0x118ee040, flags=65) at mbox-sync.c:2071 #16 0x10acc280 in mailbox_sync_init (box=0x118ee040, flags=65) at mail-storage.c:1740 #17 0x10acb45d in mailbox_sync (box=0x118ee040, flags=65) at mail-storage.c:1788 #18 0x00418cf5 in select_open (ctx=0x1184a1a8, mailbox=0x11816f50 "old/Example/INBOX.gz", readonly=false) at cmd-select.c:303 #19 0x00418937 in cmd_select_full (cmd=0x1184a040, readonly=false) at cmd-select.c:426 #20 0x004190f7 in cmd_select (cmd=0x1184a040) at cmd-select.c:435 #21 0x00423b00 in command_exec (cmd=0x1184a040) at imap-commands.c:181 #22 0x004220c0 in client_command_input (cmd=0x1184a040) at imap-client.c:986 -- Best Regards, Anton Yuzhaninov
Re: Revision-proof archiving
On 2 Feb 2017, at 16.05, Paul Atreides wrote: > > Hi, > > I am interested in the "Dovecot Email Archive" solution. Does anyone know > if it is suitable revision-proof archiving? The mails are stored to archive from incoming & outgoing SMTP mail deliveries. User has read-only access to the archive via IMAP. So it's not tracking any folders or flag changes. > Is it available for smaller companies? I tried to contact people at > dovecot.fi but I haven’t gotten any response yet. Where/how? I didn't find any mails from you, although I found an archive-related mail from someone else in info@ mailbox on Jan 13th. That mail was forwarded to sales.. I don't know what happened afterwards.
dsync backup public namespace - how?
Hello, We just celebrated the launch of our new mailserver setup (Dovecot and Postfix). Really nice! Now we want to change our quickfix backup with rsync to dsync. For mailder backup of users this was an easy task: dsync -v -f -u "${user}" backup "maildir:${destination}" (local file path destination) We use many public folder with ACL and now we are wondering how we can backup these folder in a similar manner: a) dsync -u dove...@domain.com backup -n Namespacename "maildir:/var/vmail-backup/backup/public" or b) dsync -v -u dove...@domain.com -N backup "maildir:${destination} But this is not working. a) does nothing, no error b) Error message: doveadm(dove...@domain.com): Fatal: -N parameter requires syncing with remote host Any ideas? # dovecot --version 2.2.13 -- Tobias Kirchhofer tob...@kirchhofer.net signature.asc Description: OpenPGP digital signature
Re: Dovecot auth-worker error after cram-md5 auth
You could try install libsasl2-modules (on debian/ubuntu) or cyrus-sasl-plain (on rhel/centos) Aki On 2017-02-01 10:55, Poliman - Serwis wrote: I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? My config (default passdb block and auth_mechanisms, nothing more changed): root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmas...@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = &1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne) Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done ) 2017-02-01 9:40 GMT+01:00 Aki Tuomi : doveadm log errors can be helpful too On 01.02.2017 10:25, Poliman - Serwis wrote: I can check each logs, I have root privileges. 2017-02-01 9:04 GMT+01:00 Aki Tuomi : Can you check your logs? Aki On 01.02.2017 10:02, Poliman - Serwis wrote: When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would point out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql And in auth_mechanisms add line cram-md5. Nothing more in any other file. I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple. 2017-02-01 8:59 GMT+01:00 Aki Tuomi : Are you still trying to authenticate using cram-md5? Aki On 01.02.2017 09:51, Poliman - Serwis wrote: It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } When I delete above and delete "cram-md5" in auth_mechanisms it still not working. 2017-02-01 8:45 GMT+01:00 Aki Tuomi : You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } Why you want to use cram-md5 is beyond me, because using SSL is much more safer. Aki On 01.02.2017 09:41, Poliman - Serwis wrote: Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)? 2017-02-01 8:36 GMT+01:00 Aki Tuomi : Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5. Aki On 01.02.2017 09:33, Poliman - Serwis wrote: I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is: # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmas...@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000
Re: Dovecot dsync 'ssl_client_ca'
Hi, I have removed it on both server and on both server I do have: ssl-params: Info: Generating SSL parameters ssl-params: Info: SSL parameters regeneration completed But still: Feb 03 16:36:28 doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 Feb 03 16:36:28 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL Thx Le vendredi 3 février 2017 à 17:09:52, vous écriviez : > Please keep responses in list. rm -f > /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir. > On 2017-02-03 17:00, Thierry wrote: >> Hi, >> >> I have removed the '<' : >> >> ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem >> >> But now: >> >> doveadm: Error: Corrupted SSL parameters file in state_dir: >> ssl-parameters.dat - disabling SSL 360 >> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL >> doveadm: Error: Corrupted SSL parameters file in state_dir: >> ssl-parameters.dat - disabling SSL 360 >> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL >> >> Any idea ? >> >> Thx >> >>> Yes. The ssl_client_ca_file is not actually expecting <, just file name. >>> Aki >> >>> On 2017-02-03 15:13, Thierry wrote: Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = >>> ssl_cert = >>> ssl_client_ca_file = >>> # Create a listener for doveadm-server service doveadm { user = vmail inet_listener { port = 12345 ssl= yes } } and doveadm_port = 12345// mail_replica = tcps:server2.domain.ltd # use doveadm_port And now: Feb 03 14:11:16 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 Feb 03 14:11:17 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL Thx for your support Le vendredi 3 février 2017 à 11:34:43, vous écriviez : > Hello, > On 02/03/2017 08:51 AM, Thierry wrote: >> Hello, >> >> Still working with my dsync pb. >> I have done a clone (vmware) of my email server. >> Today I have two strictly identical emails servers (server1 >> (main) and server2 (bck) (except IP, hostname and mail_replica). >> >> The ssl config on my both server: >> >> ssl_protocols = !SSLv2 !SSLv3 >> ssl = required >> verbose_ssl = no >> ssl_key = > ssl_cert = > ssl_ca = I think it should be ssl_client_ca_file = > > This config is working for my email client and my email web >> interface ... >> >> Are they on the right order ? >> >> mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd >> >> There is trafic on my iptables rules on my both servers: >> >> 60 3600 ACCEPT tcp -- * * 0.0.0.0/0 >> 0.0.0.0/0tcp dpt:4711 >> >> >> >> My error message from server1 (main server): >> >> Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't >> initialize SSL context: Can't verify remote server certs without trusted >> CAs (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't >> initialize SSL context: Can't verify remote server certs without trusted >> CAs (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't >> initialize SSL context: Can't verify remote server certs without trusted >> CAs (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't >> initialize SSL context: Can't verify remote server certs without trusted >> CAs (ssl_client_ca_* settings) >> >> No logs from server2 >> >> Any ideas ? >> >> Thx for your support >> >> -- Cordialement, Thierrye-mail : lenai...@maelenn.org
Re: Dovecot dsync 'ssl_client_ca'
Please keep responses in list. rm -f /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir. On 2017-02-03 17:00, Thierry wrote: Hi, I have removed the '<' : ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem But now: doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL Any idea ? Thx Yes. The ssl_client_ca_file is not actually expecting <, just file name. Aki On 2017-02-03 15:13, Thierry wrote: Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = Hello, On 02/03/2017 08:51 AM, Thierry wrote: Hello, Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica). The ssl config on my both server: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = I think it should be ssl_client_ca_file = This config is working for my email client and my email web interface ... Are they on the right order ? mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd There is trafic on my iptables rules on my both servers: 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:4711 My error message from server1 (main server): Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) No logs from server2 Any ideas ? Thx for your support
Re: Compiling Dovecot on Solaris 10
Hi, thank You for a reply, compiling with Solaris Studio 12.5 solved this case. Martin Preen rašė: Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen -- Pagarbiai Mantas Gegužis VU Informacinių technologijų taikymo centras tel. 8 5 236 6208
Re: Dovecot dsync 'ssl_client_ca'
Yes. The ssl_client_ca_file is not actually expecting <, just file name. Aki On 2017-02-03 15:13, Thierry wrote: Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = Hello, On 02/03/2017 08:51 AM, Thierry wrote: Hello, Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica). The ssl config on my both server: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = I think it should be ssl_client_ca_file = This config is working for my email client and my email web interface ... Are they on the right order ? mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd There is trafic on my iptables rules on my both servers: 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:4711 My error message from server1 (main server): Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) No logs from server2 Any ideas ? Thx for your support
Re: Dovecot dsync 'ssl_client_ca'
Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = Hello, > On 02/03/2017 08:51 AM, Thierry wrote: >> Hello, >> >> Still working with my dsync pb. >> I have done a clone (vmware) of my email server. >> Today I have two strictly identical emails servers (server1 >> (main) and server2 (bck) (except IP, hostname and mail_replica). >> >> The ssl config on my both server: >> >> ssl_protocols = !SSLv2 !SSLv3 >> ssl = required >> verbose_ssl = no >> ssl_key = > ssl_cert = > ssl_ca = I think it should be ssl_client_ca_file = > > >> This config is working for my email client and my email web >> interface ... >> >> Are they on the right order ? >> >> mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd >> >> There is trafic on my iptables rules on my both servers: >> >> 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 >> tcp dpt:4711 >> >> >> >> My error message from server1 (main server): >> >> Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> >> No logs from server2 >> >> Any ideas ? >> >> Thx for your support >> >> -- Cordialement, Thierrye-mail : lenai...@maelenn.org
Re: Dovecot dsync 'ssl_client_ca'
Bonjour Mike, I have made the change from 'ssl_ca =' tp 'ssl_client_ca_file =' but now I do have: Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long thx Le vendredi 3 février 2017 à 11:34:43, vous écriviez : > Hello, > On 02/03/2017 08:51 AM, Thierry wrote: >> Hello, >> >> Still working with my dsync pb. >> I have done a clone (vmware) of my email server. >> Today I have two strictly identical emails servers (server1 >> (main) and server2 (bck) (except IP, hostname and mail_replica). >> >> The ssl config on my both server: >> >> ssl_protocols = !SSLv2 !SSLv3 >> ssl = required >> verbose_ssl = no >> ssl_key = > ssl_cert = > ssl_ca = I think it should be ssl_client_ca_file = > > >> This config is working for my email client and my email web >> interface ... >> >> Are they on the right order ? >> >> mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd >> >> There is trafic on my iptables rules on my both servers: >> >> 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 >> tcp dpt:4711 >> >> >> >> My error message from server1 (main server): >> >> Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> >> No logs from server2 >> >> Any ideas ? >> >> Thx for your support >> >> -- Cordialement, Thierrye-mail : lenai...@maelenn.org
Re: Compiling Dovecot on Solaris 10
Hi there... I just had the same problem yesterday. I believe you're using the gcc3 compiler from /usr/sfw ? Try with a newer gcc 4. I used/installed the gcc4 packages from opencsw.org to get it going faster. (Installs under /opt/csw, so no problems with existing software.) Change your PATH to "/opt/csw/bin/gcc4:/opt/csw/bin:$PATH" bevor configure/compile and give it a try. Worked for me ... and 2.2.27 runs since a few hours. Am 02.02.2017 um 18:38 schrieb Mantas Gegužis: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me?
Re: Dovecot auth-worker error after cram-md5 auth
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 1 Feb 2017, Poliman - Serwis wrote: I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? run doveadm log find as root. Maybe: doveadm log errors My config (default passdb block and auth_mechanisms, nothing more changed): Is this still a question about CRAM ? I don't see it there. root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmas...@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = &1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne) Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done ) 2017-02-01 9:40 GMT+01:00 Aki Tuomi : doveadm log errors can be helpful too On 01.02.2017 10:25, Poliman - Serwis wrote: I can check each logs, I have root privileges. 2017-02-01 9:04 GMT+01:00 Aki Tuomi : Can you check your logs? Aki On 01.02.2017 10:02, Poliman - Serwis wrote: When I used backup copy of the dovecot.conf file I have this same error. So I think that maybe something was written to database? I really would point out that I only added passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } and comment out from above block default lines #args = /etc/dovecot/dovecot-sql.conf #driver = sql And in auth_mechanisms add line cram-md5. Nothing more in any other file. I don't want to use cram-md5. I need move back to default settings. Cram-md5 was only for testing purposes. :) But I supposed that I can move back to default by commenting out added lines. But unfortunately it isn't that simple. 2017-02-01 8:59 GMT+01:00 Aki Tuomi : Are you still trying to authenticate using cram-md5? Aki On 01.02.2017 09:51, Poliman - Serwis wrote: It still use: passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } When I delete above and delete "cram-md5" in auth_mechanisms it still not working. 2017-02-01 8:45 GMT+01:00 Aki Tuomi : You are probably wanting to do passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } passdb { driver = sql args = /etc/dovecot/dovecot-sql.conf } Why you want to use cram-md5 is beyond me, because using SSL is much more safer. Aki On 01.02.2017 09:41, Poliman - Serwis wrote: Default it was: "auth_mechanisms = plain login" and I added cram-md5. After restart all work perfectly. But after I added: driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd I can't set default lines because I got error. Please tell me which lines should be changed to resolve this issue. Should I remove "login" from auth_mechanism ("login" was default setting and I would like to move back to default settings)? 2017-02-01 8:36 GMT+01:00 Aki Tuomi : Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5. Aki On 01.02.2017 09:33, Poliman - Serwis wrote: I always restart dovecot after change config. ;) Sure, I commented out added two lines by me, restarted dovecot and here it is: # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login cram-md5 listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmas...@example.com protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 p
Re: Compiling Dovecot on Solaris 10
Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen smime.p7s Description: S/MIME Cryptographic Signature
Re: Dovecot dsync 'ssl_client_ca'
Hello, On 02/03/2017 08:51 AM, Thierry wrote: Hello, Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica). The ssl config on my both server: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = I think it should be ssl_client_ca_file = This config is working for my email client and my email web interface ... Are they on the right order ? mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd There is trafic on my iptables rules on my both servers: 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:4711 My error message from server1 (main server): Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) No logs from server2 Any ideas ? Thx for your support
Revision-proof archiving
Hi, I am interested in the "Dovecot Email Archive" solution. Does anyone know if it is suitable revision-proof archiving? Is it available for smaller companies? I tried to contact people at dovecot.fi but I haven’t gotten any response yet. Thanks Regards,
Re: Dovecot auth-worker error after cram-md5 auth
And my logs: Error from mail.err: Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication mechanisms Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication mechanisms Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms Error from syslog: Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from host9323131.internet.3s.com[12.34.45.56] Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL authentication mechanisms Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process /usr/lib/postfix/smtpd pid 773 exit status 1 Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne) Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done ) Is there any strange thing in these config lines? 2017-02-02 7:30 GMT+01:00 Poliman - Serwis : > I haven't doveadm logs in /var/log/. Are they default in another place or > maybe should I turn on something? > My config (default passdb block and auth_mechanisms, nothing more changed): > root@vps342401:/etc/dovecot# doveconf -n > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > auth_mechanisms = plain login > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_max_userip_connections = 100 > mail_plugins = " quota" > mail_privileged_group = vmail > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > sieve = /var/vmail/%d/%n/.sieve > sieve_max_redirects = 25 > } > postmaster_address = postmas...@vps342401.ovh.net > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service imap-login { > client_limit = 1000 > process_limit = 512 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > ssl = required > ssl_cert = ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:EC > DHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDH > E-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS- > AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE- > ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128- > SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384: > ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA- > AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE- > RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA: > AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256- > SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:! > aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS- > DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > ssl_dh_parameters_length = 2048 > ssl_key = ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > mail_plugins = sieve quota > postmaster_address = webmaster@localhost > } > protocol lmtp { > mail_plugins = quota sieve > postmaster_address = webmaster@localhost > } > > 2017-02-01 12:16 GMT+01:00 Poliman - Serwis : > >> Is there any strange thing in these config lines? >> >> 2017-02-01 9:40 GMT+01:00 Aki Tuomi : >> >>> doveadm log errors can be helpful too >>> >>> >>> On 01.02.2017 10:25, Poliman - Serwis wrote: >>> > I can check each logs, I have root privileges. >>> > >>> > 2017-02-01 9:04 GMT+01:00 Aki Tuomi : >>> > >>> >> Can you check your logs? >>> >> >>> >> Aki >>> >> >>> >> >>> >> On 01.02.2017 10:02, Poliman - Serwis wrote: >>> >>> When I used backup copy of the dovecot.conf file I have this same >>> error. >>> >> So >>> >>> I think that maybe something was written to database? I really would >>> >> point >>> >>> out that I only added >>> >>> passdb { >>> >>> driver = passwd-file >>> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> >>> } >>> >>> >>> >>> and comment out from above block default lines >>> >>> #args = /etc/dovecot/dovecot-sql.conf >>> >>> #driver = sql >>> >>> >>> >>> And in auth_mechanisms add line cram-md5. Nothing more in any other >>> file. >>> >>> >>> >>> I don't want to
Re: Dovecot auth-worker error after cram-md5 auth
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? My config (default passdb block and auth_mechanisms, nothing more changed): root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmas...@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = : > Is there any strange thing in these config lines? > > 2017-02-01 9:40 GMT+01:00 Aki Tuomi : > >> doveadm log errors can be helpful too >> >> >> On 01.02.2017 10:25, Poliman - Serwis wrote: >> > I can check each logs, I have root privileges. >> > >> > 2017-02-01 9:04 GMT+01:00 Aki Tuomi : >> > >> >> Can you check your logs? >> >> >> >> Aki >> >> >> >> >> >> On 01.02.2017 10:02, Poliman - Serwis wrote: >> >>> When I used backup copy of the dovecot.conf file I have this same >> error. >> >> So >> >>> I think that maybe something was written to database? I really would >> >> point >> >>> out that I only added >> >>> passdb { >> >>> driver = passwd-file >> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >>> } >> >>> >> >>> and comment out from above block default lines >> >>> #args = /etc/dovecot/dovecot-sql.conf >> >>> #driver = sql >> >>> >> >>> And in auth_mechanisms add line cram-md5. Nothing more in any other >> file. >> >>> >> >>> I don't want to use cram-md5. I need move back to default settings. >> >>> Cram-md5 was only for testing purposes. :) But I supposed that I can >> move >> >>> back to default by commenting out added lines. But unfortunately it >> isn't >> >>> that simple. >> >>> >> >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi : >> >>> >> Are you still trying to authenticate using cram-md5? >> >> Aki >> >> >> On 01.02.2017 09:51, Poliman - Serwis wrote: >> > It still use: >> > passdb { >> > driver = passwd-file >> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> > } >> > >> > When I delete above and delete "cram-md5" in auth_mechanisms it >> still >> >> not >> > working. >> > >> > 2017-02-01 8:45 GMT+01:00 Aki Tuomi : >> > >> >> You are probably wanting to do >> >> passdb { >> >> driver = passwd-file >> >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >> } >> >> >> >> passdb { >> >> driver = sql >> >> args = /etc/dovecot/dovecot-sql.conf >> >> } >> >> >> >> Why you want to use cram-md5 is beyond me, because using SSL is >> much >> >> more safer. >> >> >> >> Aki >> >> >> >> On 01.02.2017 09:41, Poliman - Serwis wrote: >> >>> Default it was: "auth_mechanisms = plain login" and I added >> >> cram-md5. >> >>> After restart all work perfectly. But after I added: >> >>>driver = passwd-file >> >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >>> I can't set default lines because I got error. Please tell me >> which >> lines >> >>> should be changed to resolve this issue. Should I remove "login" >> from >> >>> auth_mechanism ("login" was default setting and I would like to >> move >> back >> >>> to default settings)? >> >>> >> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi : >> >>> >> Because cram-md5 needs the user's password for calculating >> >> responses, >> it >> cannot work with hashed passwords (one-way encrypted). The only >> supported password schemes are PLAIN and CRAM-MD5. >> >> Aki >> >> On 01.02.2017 09:33, Poliman - Serwis wrote: >> > I always restart dovecot after change config. ;) Sure, I >> commented >> out >> > added two lines by me, restarted dovecot and here it is: >> > >> > # 2.2.9: /etc/dovecot/dovecot.conf >> > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >> > auth_mechanisms = plain login cram-md5 >> > listen = *,[::] >> > log_timestamp = "%Y-%m-%d %H:%M:%S " >> > mail_max_userip_connections = 100 >> > mail_plugins = " quota" >> > mail_privileged_group = vmail >> > passdb { >> >>>
Re: Dovecot auth-worker error after cram-md5 auth
Is there any strange thing in these config lines? 2017-02-01 9:40 GMT+01:00 Aki Tuomi : > doveadm log errors can be helpful too > > > On 01.02.2017 10:25, Poliman - Serwis wrote: > > I can check each logs, I have root privileges. > > > > 2017-02-01 9:04 GMT+01:00 Aki Tuomi : > > > >> Can you check your logs? > >> > >> Aki > >> > >> > >> On 01.02.2017 10:02, Poliman - Serwis wrote: > >>> When I used backup copy of the dovecot.conf file I have this same > error. > >> So > >>> I think that maybe something was written to database? I really would > >> point > >>> out that I only added > >>> passdb { > >>> driver = passwd-file > >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> } > >>> > >>> and comment out from above block default lines > >>> #args = /etc/dovecot/dovecot-sql.conf > >>> #driver = sql > >>> > >>> And in auth_mechanisms add line cram-md5. Nothing more in any other > file. > >>> > >>> I don't want to use cram-md5. I need move back to default settings. > >>> Cram-md5 was only for testing purposes. :) But I supposed that I can > move > >>> back to default by commenting out added lines. But unfortunately it > isn't > >>> that simple. > >>> > >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi : > >>> > Are you still trying to authenticate using cram-md5? > > Aki > > > On 01.02.2017 09:51, Poliman - Serwis wrote: > > It still use: > > passdb { > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > When I delete above and delete "cram-md5" in auth_mechanisms it still > >> not > > working. > > > > 2017-02-01 8:45 GMT+01:00 Aki Tuomi : > > > >> You are probably wanting to do > >> passdb { > >> driver = passwd-file > >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >> } > >> > >> passdb { > >> driver = sql > >> args = /etc/dovecot/dovecot-sql.conf > >> } > >> > >> Why you want to use cram-md5 is beyond me, because using SSL is much > >> more safer. > >> > >> Aki > >> > >> On 01.02.2017 09:41, Poliman - Serwis wrote: > >>> Default it was: "auth_mechanisms = plain login" and I added > >> cram-md5. > >>> After restart all work perfectly. But after I added: > >>>driver = passwd-file > >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> I can't set default lines because I got error. Please tell me which > lines > >>> should be changed to resolve this issue. Should I remove "login" > from > >>> auth_mechanism ("login" was default setting and I would like to > move > back > >>> to default settings)? > >>> > >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi : > >>> > Because cram-md5 needs the user's password for calculating > >> responses, > it > cannot work with hashed passwords (one-way encrypted). The only > supported password schemes are PLAIN and CRAM-MD5. > > Aki > > On 01.02.2017 09:33, Poliman - Serwis wrote: > > I always restart dovecot after change config. ;) Sure, I > commented > out > > added two lines by me, restarted dovecot and here it is: > > > > # 2.2.9: /etc/dovecot/dovecot.conf > > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > > auth_mechanisms = plain login cram-md5 > > listen = *,[::] > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > mail_max_userip_connections = 100 > > mail_plugins = " quota" > > mail_privileged_group = vmail > > passdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > plugin { > > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > > sieve = /var/vmail/%d/%n/.sieve > > sieve_max_redirects = 25 > > } > > postmaster_address = postmas...@example.com > > protocols = imap pop3 > > service auth { > > unix_listener /var/spool/postfix/private/auth { > > group = postfix > > mode = 0660 > > user = postfix > > } > > unix_listener auth-userdb { > > group = vmail > > mode = 0600 > > user = vmail > > } > > user = root > > } > > service imap-login { > > client_limit = 1000 > > process_limit = 512 > > } > > service lmtp { > > unix_listener /var/spool/postfix/private/dovecot-lmtp { > > group = postfix > > mode = 0600 > > user = postfix > > } > > } > > ssl = required > > ssl_cert = > ssl_cipher_list = > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > DHE-RSA-AES128-GCM-SHA256:DHE-DSS
Re: Dovecot auth-worker error after cram-md5 auth
I haven't doveadm logs in /var/log/. Are they default in another place or maybe should I turn on something? My config (default passdb block and auth_mechanisms, nothing more changed): root@vps342401:/etc/dovecot# doveconf -n # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS auth_mechanisms = plain login listen = *,[::] log_timestamp = "%Y-%m-%d %H:%M:%S " mail_max_userip_connections = 100 mail_plugins = " quota" mail_privileged_group = vmail passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = /var/vmail/%d/%n/.sieve sieve_max_redirects = 25 } postmaster_address = postmas...@vps342401.ovh.net protocols = imap pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } user = root } service imap-login { client_limit = 1000 process_limit = 512 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = &1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne) Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done ) 2017-02-01 9:40 GMT+01:00 Aki Tuomi : > doveadm log errors can be helpful too > > > On 01.02.2017 10:25, Poliman - Serwis wrote: > > I can check each logs, I have root privileges. > > > > 2017-02-01 9:04 GMT+01:00 Aki Tuomi : > > > >> Can you check your logs? > >> > >> Aki > >> > >> > >> On 01.02.2017 10:02, Poliman - Serwis wrote: > >>> When I used backup copy of the dovecot.conf file I have this same > error. > >> So > >>> I think that maybe something was written to database? I really would > >> point > >>> out that I only added > >>> passdb { > >>> driver = passwd-file > >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> } > >>> > >>> and comment out from above block default lines > >>> #args = /etc/dovecot/dovecot-sql.conf > >>> #driver = sql > >>> > >>> And in auth_mechanisms add line cram-md5. Nothing more in any other > file. > >>> > >>> I don't want to use cram-md5. I need move back to default settings. > >>> Cram-md5 was only for testing purposes. :) But I supposed that I can > move > >>> back to default by commenting out added lines. But unfortunately it > isn't > >>> that simple. > >>> > >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi : > >>> > Are you still trying to authenticate using cram-md5? > > Aki > > > On 01.02.2017 09:51, Poliman - Serwis wrote: > > It still use: > > passdb { > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > When I delete above and delete "cram-md5" in auth_mechanisms it still > >> not > > working. > > > > 2017-02-01 8:45 GMT+01:00 Aki Tuomi : > > > >> You are probably wanting to do > >> passdb { > >> driver = passwd-file > >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >> } > >> > >> passdb { > >> driver = sql > >> args = /etc/dovecot/dovecot-sql.conf > >> } > >> > >> Why you want to use cram-md5 is beyond me, because using SSL is much > >> more safer. > >> > >> Aki > >> > >> On 01.02.2017 09:41, Poliman - Serwis wrote: > >>> Default it was: "auth_mechanisms = plain login" and I added > >> cram-md5. > >>> After restart all work perfectly. But after I added: > >>>driver = passwd-file > >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> I can't set default lines because I got error. Please tell me which > lines > >>> should be changed to resolve this issue. Should I remove "login" > from > >>> auth_mechanism ("login" was default setting and I would like to > move > back > >>> to default settings)? > >>> > >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi : > >>> > Because cram-md5 needs the user's password for calculating > >> responses, > it > cannot work with hashed passwords (one-way encrypted). The only > supported password schemes are PLAIN and CRAM-MD5. > > Aki > > On 01.02.2017 09:33, Poliman - Serwis wrote: > > I always restart dovecot after change config. ;) Sure, I > commented > out > > added two lines by me, restarted dovecot and here it is: > > > > # 2.2.9: /etc/dovecot/dovecot.conf > > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > > auth_mechanisms = plain login cram-md5 > > listen = *,[::] > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > mail_max_userip_connections = 100 > > mail_plugin
Re: Dovecot performance and proxy loops with IPv6
Ok, got it. change imap-login and pop-login to these like showed in dovocot wiki for high-performance login mode. service imap-login { chroot = login service_count = 0 client_limit = 600 process_limit = 100 process_min_avail = 16 } service pop3-login { chroot = login service_count = 0 client_limit = 600 process_limit = 100 process_min_avail = 16 }