Re: please help this newbie get started
Hi again, I see now it's possible to restricting IMAP/POP3 access, but that shouldn't be enabled. In conf.d/10-auth.conf that's commented out: #!include auth-deny.conf.ext Thanks, Bob
Re: Compiling Dovecot on Solaris 10
On 02/03/2017 03:22 PM, KSB wrote: A bit offtopic, but I'm interested what's the point of using so old OS (support still exists though)? Short version: It works. Long version: Solaris 10 is still supported; the production systems here are patched up to current as of last week. So while the base release is quite a few years old, the OS installed on these systems is considered current. When support and a current patch stream are no longer available, we will revisit our configuration. For these production systems, there is currently no need for any capability or feature that exists only in "newer" OS releases. When that changes, we will revisit our configuration. Until then, it's rock solid and does everything required of it. There are no problems to be addressed. At least here, we don't fix things that aren't broken. -Dave -- Dave McGuire, AK4HZ New Kensington, PA
please help this newbie get started
Hi, everyone, I'm trying to get email working on a server. Web servers I have some experience with, but this is new for me. On FreeBSD, with dovecot2 (2.2.27), when I try to check email, Thunderbird says: Sending of password for user xxx did not succeed.Mail server xxxresponded: Authentication failed. And on the server, in the mail log, there's a message: dovecot: pop3-login: Disconnected (user disabled) Any idea what I'm doing wrong? I didn't mean to disable any users. Thanks! Bob
Re: Compiling Dovecot on Solaris 10
On 2017.02.03. 16:10, Mantas Gegužis wrote: Hi, thank You for a reply, compiling with Solaris Studio 12.5 solved this case. Martin Preen rašė: Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin A bit offtopic, but I'm interested what's the point of using so old OS (support still exists though)? -- Kaspars
Re: Compiling Dovecot on Solaris 10
I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). ... and I don't have problems with Solaris10/gcc, but I don't have as many options as you do. Joseph Tam
Re: Compiling Dovecot on Solaris 10
Same here Sun compiler v5.12 on SPARC. Built cleanly this morning. I'll be upgrading from 2.2.18 this afternoon. :) -Dave On 02/03/2017 05:36 AM, Martin Preen wrote: Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen -- Dave McGuire, AK4HZ New Kensington, PA
Crash while reading compressed mbox: Panic: file istream-zlib.c: line 416 (i_stream_zlib_seek): assertion failed: (ret == -1)
Hello, I use mbox compressed by gzip as read-only folder (using zlib plugin). This setup worked for a while, but doesn't work with latest dovecot version (2.2.27). I have error in logs: Panic: file istream-zlib.c: line 416 (i_stream_zlib_seek): assertion failed: (ret == -1) I can see list of messages in MUA but can't ready body of any message. I've tried to delete indexes, but it doesn't help. Backtrace looks like: (gdb) bt #0 0x11266a4a in thr_kill () from /lib/libc.so.7 #1 0x11266a1b in raise () from /lib/libc.so.7 #2 0x11266989 in abort () from /lib/libc.so.7 #3 0x10ef3850 in default_fatal_finish (type=LOG_TYPE_PANIC, status=0) at failures.c:201 #4 0x10ef5167 in i_internal_fatal_handler (ctx=0x7fffe010, format=0x1222cf93 "file %s: line %d (%s): assertion failed: (%s)", args=0x7fffdff0) at failures.c:670 #5 0x10ef3e5f in i_panic (format=0x1222cf93 "file %s: line %d (%s): assertion failed: (%s)") at failures.c:275 #6 0x12229238 in i_stream_zlib_seek (stream=0x118dd300, v_offset=56248, mark=false) at istream-zlib.c:416 #7 0x10f05e48 in i_stream_skip (stream=0x118dd370, count=32489) at istream.c:278 #8 0x10f057ba in i_stream_seek (stream=0x118dd370, v_offset=56248) at istream.c:300 #9 0x10b17702 in istream_raw_mbox_get_body_size (stream=0x118ec870, expected_body_size=36695, body_size_r=0x7fffe2a0) at istream-raw-mbox.c:612 #10 0x10b2b0aa in mbox_sync_read_next_mail (sync_ctx=0x7fffe418, mail_ctx=0x7fffe270) at mbox-sync.c:162 #11 0x10b2964a in mbox_sync_loop (sync_ctx=0x7fffe418, mail_ctx=0x7fffe270, partial=false) at mbox-sync.c:1057 #12 0x10b290cb in mbox_sync_do (sync_ctx=0x7fffe418, flags=MBOX_SYNC_UNDIRTY) at mbox-sync.c:1642 #13 0x10b28999 in mbox_sync_int (mbox=0x118ee040, flags=MBOX_SYNC_UNDIRTY, lock_id=0x7fffe640) at mbox-sync.c:1969 #14 0x10b280ea in mbox_sync (mbox=0x118ee040, flags=MBOX_SYNC_UNDIRTY) at mbox-sync.c:2022 #15 0x10b28c9e in mbox_storage_sync_init (box=0x118ee040, flags=65) at mbox-sync.c:2071 #16 0x10acc280 in mailbox_sync_init (box=0x118ee040, flags=65) at mail-storage.c:1740 #17 0x10acb45d in mailbox_sync (box=0x118ee040, flags=65) at mail-storage.c:1788 #18 0x00418cf5 in select_open (ctx=0x1184a1a8, mailbox=0x11816f50 "old/Example/INBOX.gz", readonly=false) at cmd-select.c:303 #19 0x00418937 in cmd_select_full (cmd=0x1184a040, readonly=false) at cmd-select.c:426 #20 0x004190f7 in cmd_select (cmd=0x1184a040) at cmd-select.c:435 #21 0x00423b00 in command_exec (cmd=0x1184a040) at imap-commands.c:181 #22 0x004220c0 in client_command_input (cmd=0x1184a040) at imap-client.c:986 -- Best Regards, Anton Yuzhaninov
Re: Revision-proof archiving
On 2 Feb 2017, at 16.05, Paul Atreides wrote: > > Hi, > > I am interested in the "Dovecot Email Archive" solution. Does anyone know > if it is suitable revision-proof archiving? The mails are stored to archive from incoming & outgoing SMTP mail deliveries. User has read-only access to the archive via IMAP. So it's not tracking any folders or flag changes. > Is it available for smaller companies? I tried to contact people at > dovecot.fi but I haven’t gotten any response yet. Where/how? I didn't find any mails from you, although I found an archive-related mail from someone else in info@ mailbox on Jan 13th. That mail was forwarded to sales.. I don't know what happened afterwards.
dsync backup public namespace - how?
Hello,
We just celebrated the launch of our new mailserver setup (Dovecot and
Postfix). Really nice!
Now we want to change our quickfix backup with rsync to dsync.
For mailder backup of users this was an easy task:
dsync -v -f -u "${user}" backup "maildir:${destination}" (local file path
destination)
We use many public folder with ACL and now we are wondering how we can backup
these folder in a similar manner:
a)
dsync -u dove...@domain.com backup -n Namespacename
"maildir:/var/vmail-backup/backup/public"
or
b)
dsync -v -u dove...@domain.com -N backup "maildir:${destination}
But this is not working.
a) does nothing, no error
b) Error message: doveadm(dove...@domain.com): Fatal: -N parameter requires
syncing with remote host
Any ideas?
# dovecot --version
2.2.13
--
Tobias Kirchhofer
tob...@kirchhofer.net
signature.asc
Description: OpenPGP digital signature
Re: Dovecot auth-worker error after cram-md5 auth
You could try install libsasl2-modules (on debian/ubuntu) or
cyrus-sasl-plain (on rhel/centos)
Aki
On 2017-02-01 10:55, Poliman - Serwis wrote:
I haven't doveadm logs in /var/log/. Are they default in another place or
maybe should I turn on something?
My config (default passdb block and auth_mechanisms, nothing more changed):
root@vps342401:/etc/dovecot# doveconf -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmas...@vps342401.ovh.net
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = &1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne)
Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; done )
2017-02-01 9:40 GMT+01:00 Aki Tuomi :
doveadm log errors can be helpful too
On 01.02.2017 10:25, Poliman - Serwis wrote:
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi :
Can you check your logs?
Aki
On 01.02.2017 10:02, Poliman - Serwis wrote:
When I used backup copy of the dovecot.conf file I have this same
error.
So
I think that maybe something was written to database? I really would
point
out that I only added
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
and comment out from above block default lines
#args = /etc/dovecot/dovecot-sql.conf
#driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other
file.
I don't want to use cram-md5. I need move back to default settings.
Cram-md5 was only for testing purposes. :) But I supposed that I can
move
back to default by commenting out added lines. But unfortunately it
isn't
that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi :
Are you still trying to authenticate using cram-md5?
Aki
On 01.02.2017 09:51, Poliman - Serwis wrote:
It still use:
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
When I delete above and delete "cram-md5" in auth_mechanisms it still
not
working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi :
You are probably wanting to do
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
Why you want to use cram-md5 is beyond me, because using SSL is much
more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added
cram-md5.
After restart all work perfectly. But after I added:
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
I can't set default lines because I got error. Please tell me which
lines
should be changed to resolve this issue. Should I remove "login"
from
auth_mechanism ("login" was default setting and I would like to
move
back
to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi :
Because cram-md5 needs the user's password for calculating
responses,
it
cannot work with hashed passwords (one-way encrypted). The only
supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I
commented
out
added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login cram-md5
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmas...@example.com
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
Re: Dovecot dsync 'ssl_client_ca'
Hi,
I have removed it on both server and on both server I do have:
ssl-params: Info: Generating SSL parameters
ssl-params: Info: SSL parameters regeneration completed
But still:
Feb 03 16:36:28 doveadm: Error: Corrupted SSL parameters file in state_dir:
ssl-parameters.dat - disabling SSL 360
Feb 03 16:36:28 doveadm: Error: Couldn't initialize SSL parameters,
disabling SSL
Thx
Le vendredi 3 février 2017 à 17:09:52, vous écriviez :
> Please keep responses in list. rm -f
> /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir.
> On 2017-02-03 17:00, Thierry wrote:
>> Hi,
>>
>> I have removed the '<' :
>>
>> ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem
>>
>> But now:
>>
>> doveadm: Error: Corrupted SSL parameters file in state_dir:
>> ssl-parameters.dat - disabling SSL 360
>> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
>> doveadm: Error: Corrupted SSL parameters file in state_dir:
>> ssl-parameters.dat - disabling SSL 360
>> doveadm: Error: Couldn't initialize SSL parameters, disabling SSL
>>
>> Any idea ?
>>
>> Thx
>>
>>> Yes. The ssl_client_ca_file is not actually expecting <, just file name.
>>> Aki
>>
>>> On 2017-02-03 15:13, Thierry wrote:
Hi,
I have made change:
ssl_protocols = !SSLv2 !SSLv3
ssl = required
verbose_ssl = no
ssl_key = >>> ssl_cert = >>> ssl_client_ca_file = >>>
# Create a listener for doveadm-server
service doveadm {
user = vmail
inet_listener {
port = 12345
ssl= yes
}
}
and doveadm_port = 12345// mail_replica = tcps:server2.domain.ltd #
use doveadm_port
And now:
Feb 03 14:11:16 doveadm(us...@domain.ltd): Error: sync: Couldn't
initialize SSL context: Can't load CA certs from directory :
error:02001024:system library:fopen:File name too long
Feb 03 14:11:17 doveadm: Error: Corrupted SSL parameters file in
state_dir: ssl-parameters.dat - disabling SSL 360
Feb 03 14:11:17 doveadm: Error: Couldn't initialize SSL parameters,
disabling SSL
Thx for your support
Le vendredi 3 février 2017 à 11:34:43, vous écriviez :
> Hello,
> On 02/03/2017 08:51 AM, Thierry wrote:
>> Hello,
>>
>> Still working with my dsync pb.
>> I have done a clone (vmware) of my email server.
>> Today I have two strictly identical emails servers (server1
>> (main) and server2 (bck) (except IP, hostname and mail_replica).
>>
>> The ssl config on my both server:
>>
>> ssl_protocols = !SSLv2 !SSLv3
>> ssl = required
>> verbose_ssl = no
>> ssl_key = > ssl_cert = > ssl_ca = I think it should be ssl_client_ca_file =
> > This config is working for my email client and my email web
>> interface ...
>>
>> Are they on the right order ?
>>
>> mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd
>>
>> There is trafic on my iptables rules on my both servers:
>>
>> 60 3600 ACCEPT tcp -- * * 0.0.0.0/0
>> 0.0.0.0/0tcp dpt:4711
>>
>>
>>
>> My error message from server1 (main server):
>>
>> Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't
>> initialize SSL context: Can't verify remote server certs without trusted
>> CAs (ssl_client_ca_* settings)
>> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't
>> initialize SSL context: Can't verify remote server certs without trusted
>> CAs (ssl_client_ca_* settings)
>> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't
>> initialize SSL context: Can't verify remote server certs without trusted
>> CAs (ssl_client_ca_* settings)
>> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't
>> initialize SSL context: Can't verify remote server certs without trusted
>> CAs (ssl_client_ca_* settings)
>>
>> No logs from server2
>>
>> Any ideas ?
>>
>> Thx for your support
>>
>>
--
Cordialement,
Thierrye-mail : lenai...@maelenn.org
Re: Dovecot dsync 'ssl_client_ca'
Please keep responses in list. rm -f /var/lib/dovecot/ssl-parameters.dat, i think it was in that dir. On 2017-02-03 17:00, Thierry wrote: Hi, I have removed the '<' : ssl_client_ca_file = /etc/ssl/certs/GandiCA2.pem But now: doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL doveadm: Error: Corrupted SSL parameters file in state_dir: ssl-parameters.dat - disabling SSL 360 doveadm: Error: Couldn't initialize SSL parameters, disabling SSL Any idea ? Thx Yes. The ssl_client_ca_file is not actually expecting <, just file name. Aki On 2017-02-03 15:13, Thierry wrote: Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = Hello, On 02/03/2017 08:51 AM, Thierry wrote: Hello, Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica). The ssl config on my both server: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = I think it should be ssl_client_ca_file = This config is working for my email client and my email web interface ... Are they on the right order ? mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd There is trafic on my iptables rules on my both servers: 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:4711 My error message from server1 (main server): Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) No logs from server2 Any ideas ? Thx for your support
Re: Compiling Dovecot on Solaris 10
Hi, thank You for a reply, compiling with Solaris Studio 12.5 solved this case. Martin Preen rašė: Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen -- Pagarbiai Mantas Gegužis VU Informacinių technologijų taikymo centras tel. 8 5 236 6208
Re: Dovecot dsync 'ssl_client_ca'
Yes. The ssl_client_ca_file is not actually expecting <, just file name. Aki On 2017-02-03 15:13, Thierry wrote: Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = Hello, On 02/03/2017 08:51 AM, Thierry wrote: Hello, Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica). The ssl config on my both server: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = I think it should be ssl_client_ca_file = This config is working for my email client and my email web interface ... Are they on the right order ? mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd There is trafic on my iptables rules on my both servers: 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:4711 My error message from server1 (main server): Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) No logs from server2 Any ideas ? Thx for your support
Re: Dovecot dsync 'ssl_client_ca'
Hi, I have made change: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = Hello, > On 02/03/2017 08:51 AM, Thierry wrote: >> Hello, >> >> Still working with my dsync pb. >> I have done a clone (vmware) of my email server. >> Today I have two strictly identical emails servers (server1 >> (main) and server2 (bck) (except IP, hostname and mail_replica). >> >> The ssl config on my both server: >> >> ssl_protocols = !SSLv2 !SSLv3 >> ssl = required >> verbose_ssl = no >> ssl_key = > ssl_cert = > ssl_ca = I think it should be ssl_client_ca_file = > > >> This config is working for my email client and my email web >> interface ... >> >> Are they on the right order ? >> >> mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd >> >> There is trafic on my iptables rules on my both servers: >> >> 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 >> tcp dpt:4711 >> >> >> >> My error message from server1 (main server): >> >> Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> >> No logs from server2 >> >> Any ideas ? >> >> Thx for your support >> >> -- Cordialement, Thierrye-mail : lenai...@maelenn.org
Re: Dovecot dsync 'ssl_client_ca'
Bonjour Mike, I have made the change from 'ssl_ca =' tp 'ssl_client_ca_file =' but now I do have: Error: sync: Couldn't initialize SSL context: Can't load CA certs from directory : error:02001024:system library:fopen:File name too long thx Le vendredi 3 février 2017 à 11:34:43, vous écriviez : > Hello, > On 02/03/2017 08:51 AM, Thierry wrote: >> Hello, >> >> Still working with my dsync pb. >> I have done a clone (vmware) of my email server. >> Today I have two strictly identical emails servers (server1 >> (main) and server2 (bck) (except IP, hostname and mail_replica). >> >> The ssl config on my both server: >> >> ssl_protocols = !SSLv2 !SSLv3 >> ssl = required >> verbose_ssl = no >> ssl_key = > ssl_cert = > ssl_ca = I think it should be ssl_client_ca_file = > > >> This config is working for my email client and my email web >> interface ... >> >> Are they on the right order ? >> >> mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd >> >> There is trafic on my iptables rules on my both servers: >> >> 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 >> tcp dpt:4711 >> >> >> >> My error message from server1 (main server): >> >> Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize >> SSL context: Can't verify remote server certs without trusted CAs >> (ssl_client_ca_* settings) >> >> No logs from server2 >> >> Any ideas ? >> >> Thx for your support >> >> -- Cordialement, Thierrye-mail : lenai...@maelenn.org
Re: Compiling Dovecot on Solaris 10
Hi there... I just had the same problem yesterday. I believe you're using the gcc3 compiler from /usr/sfw ? Try with a newer gcc 4. I used/installed the gcc4 packages from opencsw.org to get it going faster. (Installs under /opt/csw, so no problems with existing software.) Change your PATH to "/opt/csw/bin/gcc4:/opt/csw/bin:$PATH" bevor configure/compile and give it a try. Worked for me ... and 2.2.27 runs since a few hours. Am 02.02.2017 um 18:38 schrieb Mantas Gegužis: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me?
Re: Dovecot auth-worker error after cram-md5 auth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 1 Feb 2017, Poliman - Serwis wrote:
I haven't doveadm logs in /var/log/. Are they default in another place or
maybe should I turn on something?
run
doveadm log find
as root.
Maybe: doveadm log errors
My config (default passdb block and auth_mechanisms, nothing more changed):
Is this still a question about CRAM ? I don't see it there.
root@vps342401:/etc/dovecot# doveconf -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmas...@vps342401.ovh.net
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = &1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne)
Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; done )
2017-02-01 9:40 GMT+01:00 Aki Tuomi :
doveadm log errors can be helpful too
On 01.02.2017 10:25, Poliman - Serwis wrote:
I can check each logs, I have root privileges.
2017-02-01 9:04 GMT+01:00 Aki Tuomi :
Can you check your logs?
Aki
On 01.02.2017 10:02, Poliman - Serwis wrote:
When I used backup copy of the dovecot.conf file I have this same
error.
So
I think that maybe something was written to database? I really would
point
out that I only added
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
and comment out from above block default lines
#args = /etc/dovecot/dovecot-sql.conf
#driver = sql
And in auth_mechanisms add line cram-md5. Nothing more in any other
file.
I don't want to use cram-md5. I need move back to default settings.
Cram-md5 was only for testing purposes. :) But I supposed that I can
move
back to default by commenting out added lines. But unfortunately it
isn't
that simple.
2017-02-01 8:59 GMT+01:00 Aki Tuomi :
Are you still trying to authenticate using cram-md5?
Aki
On 01.02.2017 09:51, Poliman - Serwis wrote:
It still use:
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
When I delete above and delete "cram-md5" in auth_mechanisms it still
not
working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi :
You are probably wanting to do
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
Why you want to use cram-md5 is beyond me, because using SSL is much
more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:
Default it was: "auth_mechanisms = plain login" and I added
cram-md5.
After restart all work perfectly. But after I added:
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
I can't set default lines because I got error. Please tell me which
lines
should be changed to resolve this issue. Should I remove "login"
from
auth_mechanism ("login" was default setting and I would like to
move
back
to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi :
Because cram-md5 needs the user's password for calculating
responses,
it
cannot work with hashed passwords (one-way encrypted). The only
supported password schemes are PLAIN and CRAM-MD5.
Aki
On 01.02.2017 09:33, Poliman - Serwis wrote:
I always restart dovecot after change config. ;) Sure, I
commented
out
added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login cram-md5
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmas...@example.com
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
p
Re: Compiling Dovecot on Solaris 10
Hello, I don't have problems building 2.2.27 on Solaris 10 (using Sun Workshop compiler 5.11). The configuration is the same as your. Maybe a compiler/version problem on your system ? Regards, Martin Mantas Gegužis wrote: Hello, I am tying to compile Dovecot 2.2.27 on Solaris 10, and I get this error: test-ioloop.c: In function `test_ioloop_pending_io': test-ioloop.c:188: error: size of array `type name' is negative My configuration is like this: Install prefix . : /usr/local File offsets ... : 64bit I/O polling : poll I/O notifys : none SSL : yes (OpenSSL) GSSAPI . : no passdbs : static passwd passwd-file shadow pam checkpassword dcrypt ..: yes : -bsdauth -sia -ldap -sql -vpopmail userdbs : static prefetch passwd passwd-file checkpassword : -ldap -sql -vpopmail -nss SQL drivers : : -pgsql -mysql -sqlite -cassandra Full text search : squat : -lucene -solr Last version that I have compiled was 2.2.24, version 2.2.25 failed with error: In file included from guid.c:6: sha1.h:80: error: static or type qualifiers in abstract declarator Is there anyone who can help me? -- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum EG-006, 79110 Freiburg, Germany phone: ++49 761 203-8250pr...@informatik.uni-freiburg.de fax: ++49 761 203-8242 swt.informatik.uni-freiburg.de/staff/preen smime.p7s Description: S/MIME Cryptographic Signature
Re: Dovecot dsync 'ssl_client_ca'
Hello, On 02/03/2017 08:51 AM, Thierry wrote: Hello, Still working with my dsync pb. I have done a clone (vmware) of my email server. Today I have two strictly identical emails servers (server1 (main) and server2 (bck) (except IP, hostname and mail_replica). The ssl config on my both server: ssl_protocols = !SSLv2 !SSLv3 ssl = required verbose_ssl = no ssl_key = I think it should be ssl_client_ca_file = This config is working for my email client and my email web interface ... Are they on the right order ? mail_replica = tcps:serv...@domain.ltd and tcps:serv...@domain.ltd There is trafic on my iptables rules on my both servers: 60 3600 ACCEPT tcp -- * * 0.0.0.0/00.0.0.0/0 tcp dpt:4711 My error message from server1 (main server): Feb 03 08:38:08 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) Feb 03 08:42:35 doveadm(us...@domain.ltd): Error: sync: Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) No logs from server2 Any ideas ? Thx for your support
Revision-proof archiving
Hi, I am interested in the "Dovecot Email Archive" solution. Does anyone know if it is suitable revision-proof archiving? Is it available for smaller companies? I tried to contact people at dovecot.fi but I haven’t gotten any response yet. Thanks Regards,
Re: Dovecot auth-worker error after cram-md5 auth
And my logs:
Error from mail.err:
Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication
mechanisms
Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication
mechanisms
Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication
mechanisms
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL
authentication mechanisms
Error from syslog:
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from
host9323131.internet.3s.com[12.34.45.56]
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL
authentication mechanisms
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process
/usr/lib/postfix/smtpd pid 773 exit status 1
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD
(/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne)
Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; done )
Is there any strange thing in these config lines?
2017-02-02 7:30 GMT+01:00 Poliman - Serwis :
> I haven't doveadm logs in /var/log/. Are they default in another place or
> maybe should I turn on something?
> My config (default passdb block and auth_mechanisms, nothing more changed):
> root@vps342401:/etc/dovecot# doveconf -n
> # 2.2.9: /etc/dovecot/dovecot.conf
> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> auth_mechanisms = plain login
> listen = *,[::]
> log_timestamp = "%Y-%m-%d %H:%M:%S "
> mail_max_userip_connections = 100
> mail_plugins = " quota"
> mail_privileged_group = vmail
> passdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> plugin {
> quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> sieve = /var/vmail/%d/%n/.sieve
> sieve_max_redirects = 25
> }
> postmaster_address = postmas...@vps342401.ovh.net
> protocols = imap pop3
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> unix_listener auth-userdb {
> group = vmail
> mode = 0600
> user = vmail
> }
> user = root
> }
> service imap-login {
> client_limit = 1000
> process_limit = 512
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> ssl = required
> ssl_cert = ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:EC
> DHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDH
> E-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-
> AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-
> ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-
> SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:
> ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-
> AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-
> RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:
> AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-
> SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!
> aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-
> DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> ssl_dh_parameters_length = 2048
> ssl_key = ssl_prefer_server_ciphers = yes
> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> userdb {
> driver = prefetch
> }
> userdb {
> args = /etc/dovecot/dovecot-sql.conf
> driver = sql
> }
> protocol imap {
> mail_plugins = quota imap_quota
> }
> protocol pop3 {
> mail_plugins = quota
> pop3_uidl_format = %08Xu%08Xv
> }
> protocol lda {
> mail_plugins = sieve quota
> postmaster_address = webmaster@localhost
> }
> protocol lmtp {
> mail_plugins = quota sieve
> postmaster_address = webmaster@localhost
> }
>
> 2017-02-01 12:16 GMT+01:00 Poliman - Serwis :
>
>> Is there any strange thing in these config lines?
>>
>> 2017-02-01 9:40 GMT+01:00 Aki Tuomi :
>>
>>> doveadm log errors can be helpful too
>>>
>>>
>>> On 01.02.2017 10:25, Poliman - Serwis wrote:
>>> > I can check each logs, I have root privileges.
>>> >
>>> > 2017-02-01 9:04 GMT+01:00 Aki Tuomi :
>>> >
>>> >> Can you check your logs?
>>> >>
>>> >> Aki
>>> >>
>>> >>
>>> >> On 01.02.2017 10:02, Poliman - Serwis wrote:
>>> >>> When I used backup copy of the dovecot.conf file I have this same
>>> error.
>>> >> So
>>> >>> I think that maybe something was written to database? I really would
>>> >> point
>>> >>> out that I only added
>>> >>> passdb {
>>> >>> driver = passwd-file
>>> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> >>> }
>>> >>>
>>> >>> and comment out from above block default lines
>>> >>> #args = /etc/dovecot/dovecot-sql.conf
>>> >>> #driver = sql
>>> >>>
>>> >>> And in auth_mechanisms add line cram-md5. Nothing more in any other
>>> file.
>>> >>>
>>> >>> I don't want to
Re: Dovecot auth-worker error after cram-md5 auth
I haven't doveadm logs in /var/log/. Are they default in another place or
maybe should I turn on something?
My config (default passdb block and auth_mechanisms, nothing more changed):
root@vps342401:/etc/dovecot# doveconf -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmas...@vps342401.ovh.net
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = :
> Is there any strange thing in these config lines?
>
> 2017-02-01 9:40 GMT+01:00 Aki Tuomi :
>
>> doveadm log errors can be helpful too
>>
>>
>> On 01.02.2017 10:25, Poliman - Serwis wrote:
>> > I can check each logs, I have root privileges.
>> >
>> > 2017-02-01 9:04 GMT+01:00 Aki Tuomi :
>> >
>> >> Can you check your logs?
>> >>
>> >> Aki
>> >>
>> >>
>> >> On 01.02.2017 10:02, Poliman - Serwis wrote:
>> >>> When I used backup copy of the dovecot.conf file I have this same
>> error.
>> >> So
>> >>> I think that maybe something was written to database? I really would
>> >> point
>> >>> out that I only added
>> >>> passdb {
>> >>> driver = passwd-file
>> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> >>> }
>> >>>
>> >>> and comment out from above block default lines
>> >>> #args = /etc/dovecot/dovecot-sql.conf
>> >>> #driver = sql
>> >>>
>> >>> And in auth_mechanisms add line cram-md5. Nothing more in any other
>> file.
>> >>>
>> >>> I don't want to use cram-md5. I need move back to default settings.
>> >>> Cram-md5 was only for testing purposes. :) But I supposed that I can
>> move
>> >>> back to default by commenting out added lines. But unfortunately it
>> isn't
>> >>> that simple.
>> >>>
>> >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi :
>> >>>
>> Are you still trying to authenticate using cram-md5?
>>
>> Aki
>>
>>
>> On 01.02.2017 09:51, Poliman - Serwis wrote:
>> > It still use:
>> > passdb {
>> > driver = passwd-file
>> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> > }
>> >
>> > When I delete above and delete "cram-md5" in auth_mechanisms it
>> still
>> >> not
>> > working.
>> >
>> > 2017-02-01 8:45 GMT+01:00 Aki Tuomi :
>> >
>> >> You are probably wanting to do
>> >> passdb {
>> >> driver = passwd-file
>> >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> >> }
>> >>
>> >> passdb {
>> >> driver = sql
>> >> args = /etc/dovecot/dovecot-sql.conf
>> >> }
>> >>
>> >> Why you want to use cram-md5 is beyond me, because using SSL is
>> much
>> >> more safer.
>> >>
>> >> Aki
>> >>
>> >> On 01.02.2017 09:41, Poliman - Serwis wrote:
>> >>> Default it was: "auth_mechanisms = plain login" and I added
>> >> cram-md5.
>> >>> After restart all work perfectly. But after I added:
>> >>>driver = passwd-file
>> >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> >>> I can't set default lines because I got error. Please tell me
>> which
>> lines
>> >>> should be changed to resolve this issue. Should I remove "login"
>> from
>> >>> auth_mechanism ("login" was default setting and I would like to
>> move
>> back
>> >>> to default settings)?
>> >>>
>> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi :
>> >>>
>> Because cram-md5 needs the user's password for calculating
>> >> responses,
>> it
>> cannot work with hashed passwords (one-way encrypted). The only
>> supported password schemes are PLAIN and CRAM-MD5.
>>
>> Aki
>>
>> On 01.02.2017 09:33, Poliman - Serwis wrote:
>> > I always restart dovecot after change config. ;) Sure, I
>> commented
>> out
>> > added two lines by me, restarted dovecot and here it is:
>> >
>> > # 2.2.9: /etc/dovecot/dovecot.conf
>> > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
>> > auth_mechanisms = plain login cram-md5
>> > listen = *,[::]
>> > log_timestamp = "%Y-%m-%d %H:%M:%S "
>> > mail_max_userip_connections = 100
>> > mail_plugins = " quota"
>> > mail_privileged_group = vmail
>> > passdb {
>> >>>
Re: Dovecot auth-worker error after cram-md5 auth
Is there any strange thing in these config lines?
2017-02-01 9:40 GMT+01:00 Aki Tuomi :
> doveadm log errors can be helpful too
>
>
> On 01.02.2017 10:25, Poliman - Serwis wrote:
> > I can check each logs, I have root privileges.
> >
> > 2017-02-01 9:04 GMT+01:00 Aki Tuomi :
> >
> >> Can you check your logs?
> >>
> >> Aki
> >>
> >>
> >> On 01.02.2017 10:02, Poliman - Serwis wrote:
> >>> When I used backup copy of the dovecot.conf file I have this same
> error.
> >> So
> >>> I think that maybe something was written to database? I really would
> >> point
> >>> out that I only added
> >>> passdb {
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> and comment out from above block default lines
> >>> #args = /etc/dovecot/dovecot-sql.conf
> >>> #driver = sql
> >>>
> >>> And in auth_mechanisms add line cram-md5. Nothing more in any other
> file.
> >>>
> >>> I don't want to use cram-md5. I need move back to default settings.
> >>> Cram-md5 was only for testing purposes. :) But I supposed that I can
> move
> >>> back to default by commenting out added lines. But unfortunately it
> isn't
> >>> that simple.
> >>>
> >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi :
> >>>
> Are you still trying to authenticate using cram-md5?
>
> Aki
>
>
> On 01.02.2017 09:51, Poliman - Serwis wrote:
> > It still use:
> > passdb {
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > When I delete above and delete "cram-md5" in auth_mechanisms it still
> >> not
> > working.
> >
> > 2017-02-01 8:45 GMT+01:00 Aki Tuomi :
> >
> >> You are probably wanting to do
> >> passdb {
> >> driver = passwd-file
> >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >> }
> >>
> >> passdb {
> >> driver = sql
> >> args = /etc/dovecot/dovecot-sql.conf
> >> }
> >>
> >> Why you want to use cram-md5 is beyond me, because using SSL is much
> >> more safer.
> >>
> >> Aki
> >>
> >> On 01.02.2017 09:41, Poliman - Serwis wrote:
> >>> Default it was: "auth_mechanisms = plain login" and I added
> >> cram-md5.
> >>> After restart all work perfectly. But after I added:
> >>>driver = passwd-file
> >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> I can't set default lines because I got error. Please tell me which
> lines
> >>> should be changed to resolve this issue. Should I remove "login"
> from
> >>> auth_mechanism ("login" was default setting and I would like to
> move
> back
> >>> to default settings)?
> >>>
> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi :
> >>>
> Because cram-md5 needs the user's password for calculating
> >> responses,
> it
> cannot work with hashed passwords (one-way encrypted). The only
> supported password schemes are PLAIN and CRAM-MD5.
>
> Aki
>
> On 01.02.2017 09:33, Poliman - Serwis wrote:
> > I always restart dovecot after change config. ;) Sure, I
> commented
> out
> > added two lines by me, restarted dovecot and here it is:
> >
> > # 2.2.9: /etc/dovecot/dovecot.conf
> > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> > auth_mechanisms = plain login cram-md5
> > listen = *,[::]
> > log_timestamp = "%Y-%m-%d %H:%M:%S "
> > mail_max_userip_connections = 100
> > mail_plugins = " quota"
> > mail_privileged_group = vmail
> > passdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > plugin {
> > quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> > sieve = /var/vmail/%d/%n/.sieve
> > sieve_max_redirects = 25
> > }
> > postmaster_address = postmas...@example.com
> > protocols = imap pop3
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > group = postfix
> > mode = 0660
> > user = postfix
> > }
> > unix_listener auth-userdb {
> > group = vmail
> > mode = 0600
> > user = vmail
> > }
> > user = root
> > }
> > service imap-login {
> > client_limit = 1000
> > process_limit = 512
> > }
> > service lmtp {
> > unix_listener /var/spool/postfix/private/dovecot-lmtp {
> > group = postfix
> > mode = 0600
> > user = postfix
> > }
> > }
> > ssl = required
> > ssl_cert = > ssl_cipher_list =
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> DHE-RSA-AES128-GCM-SHA256:DHE-DSS
Re: Dovecot auth-worker error after cram-md5 auth
I haven't doveadm logs in /var/log/. Are they default in another place or
maybe should I turn on something?
My config (default passdb block and auth_mechanisms, nothing more changed):
root@vps342401:/etc/dovecot# doveconf -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmas...@vps342401.ovh.net
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = &1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne)
Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; done )
2017-02-01 9:40 GMT+01:00 Aki Tuomi :
> doveadm log errors can be helpful too
>
>
> On 01.02.2017 10:25, Poliman - Serwis wrote:
> > I can check each logs, I have root privileges.
> >
> > 2017-02-01 9:04 GMT+01:00 Aki Tuomi :
> >
> >> Can you check your logs?
> >>
> >> Aki
> >>
> >>
> >> On 01.02.2017 10:02, Poliman - Serwis wrote:
> >>> When I used backup copy of the dovecot.conf file I have this same
> error.
> >> So
> >>> I think that maybe something was written to database? I really would
> >> point
> >>> out that I only added
> >>> passdb {
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> and comment out from above block default lines
> >>> #args = /etc/dovecot/dovecot-sql.conf
> >>> #driver = sql
> >>>
> >>> And in auth_mechanisms add line cram-md5. Nothing more in any other
> file.
> >>>
> >>> I don't want to use cram-md5. I need move back to default settings.
> >>> Cram-md5 was only for testing purposes. :) But I supposed that I can
> move
> >>> back to default by commenting out added lines. But unfortunately it
> isn't
> >>> that simple.
> >>>
> >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi :
> >>>
> Are you still trying to authenticate using cram-md5?
>
> Aki
>
>
> On 01.02.2017 09:51, Poliman - Serwis wrote:
> > It still use:
> > passdb {
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > When I delete above and delete "cram-md5" in auth_mechanisms it still
> >> not
> > working.
> >
> > 2017-02-01 8:45 GMT+01:00 Aki Tuomi :
> >
> >> You are probably wanting to do
> >> passdb {
> >> driver = passwd-file
> >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >> }
> >>
> >> passdb {
> >> driver = sql
> >> args = /etc/dovecot/dovecot-sql.conf
> >> }
> >>
> >> Why you want to use cram-md5 is beyond me, because using SSL is much
> >> more safer.
> >>
> >> Aki
> >>
> >> On 01.02.2017 09:41, Poliman - Serwis wrote:
> >>> Default it was: "auth_mechanisms = plain login" and I added
> >> cram-md5.
> >>> After restart all work perfectly. But after I added:
> >>>driver = passwd-file
> >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> I can't set default lines because I got error. Please tell me which
> lines
> >>> should be changed to resolve this issue. Should I remove "login"
> from
> >>> auth_mechanism ("login" was default setting and I would like to
> move
> back
> >>> to default settings)?
> >>>
> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi :
> >>>
> Because cram-md5 needs the user's password for calculating
> >> responses,
> it
> cannot work with hashed passwords (one-way encrypted). The only
> supported password schemes are PLAIN and CRAM-MD5.
>
> Aki
>
> On 01.02.2017 09:33, Poliman - Serwis wrote:
> > I always restart dovecot after change config. ;) Sure, I
> commented
> out
> > added two lines by me, restarted dovecot and here it is:
> >
> > # 2.2.9: /etc/dovecot/dovecot.conf
> > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> > auth_mechanisms = plain login cram-md5
> > listen = *,[::]
> > log_timestamp = "%Y-%m-%d %H:%M:%S "
> > mail_max_userip_connections = 100
> > mail_plugin
Re: Dovecot performance and proxy loops with IPv6
Ok, got it.
change imap-login and pop-login to these like showed in dovocot wiki for
high-performance login mode.
service imap-login {
chroot = login
service_count = 0
client_limit = 600
process_limit = 100
process_min_avail = 16
}
service pop3-login {
chroot = login
service_count = 0
client_limit = 600
process_limit = 100
process_min_avail = 16
}
