subject:"\[Dovecot\] Dovecot auth works when tested with doveadm, but fails with Postfix"

Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

2013-02-25 Thread Darren Pilgrim


Timo,

Thank you for trying to help, but I'm out of time on this.  I switched 
everything over to the PLAIN mechanism with BLF-CRYPT hashes and it 
works fine.  I'm guessing there's something broken with DIGEST-MD5, but 
can't say if the fault is in Dovecot 2 or Postfix.  Given that it's 
obsoleted by SCRAM, that doesn't bother me much.  Now I just need to 
either get SCRAM support into cyrus-sasl, or SASL client support from 
Dovecot.  I'd much rather the latter, of course. :)

Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

2013-02-22 Thread Timo Sirainen

If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be in 
plaintext format. 
http://wiki2.dovecot.org/Authentication/Mechanisms#Non-plaintext_authentication

(In theory it would be possible to have both CRAM-MD5 and DIGEST-MD5 hashes 
stored in the passdb and have Dovecot use the one that's needed, but currently 
this isn't supported.)

On 19.2.2013, at 13.38, Darren Pilgrim list_dove...@bluerosetech.com wrote:

 I have three postfix 2.9.5 servers: chombo, rush, yoshi.  Chombo relays to 
 rush and yoshi for outbound email.  Outbound relay requires SASL 
 authentication.  Rush and yoshi run Dovecot 2.1.12 servers with simple 
 passwd-file backends.
 
 If I create a new password hash for chombo's user, houseloki, on either rush 
 or yoshi:
 
 # doveadm pw -u houseloki -p password
 {CRAM-MD5}...
 
 Then I add that to rush and yoshi's passwd file:
 
 houseloki@_auth.bluerosetech.com:{CRAM-MD5}...
 
 Then `doveadm reload`, it works fine:
 
 # doveadm auth houseloki password
 passdb: houseloki auth succeeded
 extra fields:
user=houseloki@_auth.bluerosetech.com
 
 So I add that username and password to the smtp_sasl_password_maps hash file 
 on chombo, reload postfix, and then try to relay something from chombo, it 
 fails with rush and yoshi logging warnings like:
 
 Feb 19 03:32:33 yoshi postfix/smtpd[75783]: warning: 
 chombo.example.com[2001:db8::2]: SASL DIGEST-MD5 authentication failed: 
 really long string redacted
 
 Rush and yoshi have other hashes in their passwd files, and if I configure 
 chombo to use one of those, it works fine.  Those hashes use digest-md5 and 
 are at least a few years old.  I tried that scheme instead of the default 
 cram-md5, as well as several others, but none work.  I've poured over the 
 wiki and man pages, but can't find the problem.
 
 What am I missing?  Why can I not generate new hashes correctly?

Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

2013-02-22 Thread Darren Pilgrim


On 2013-02-22 03:30, Timo Sirainen wrote:

If you want both CRAM-MD5 and DIGEST-MD5 auth, the password must be
in plaintext format.


I tried using a DIGEST-MD5 hash instead of CRAM-MD5.  It doesn't work 
either:


rush# doveadm pw -s digest-md5 -u houseloki -p password
{DIGEST-MD5}...

Add to passwd file:

houseloki@_auth.bluerosetech.com:{DIGEST-MD5}...

rush# doveadm auth houseloki password
passdb: houseloki auth succeeded
extra fields:
   user=houseloki@_auth.bluerosetech.com

Give new password to chombo, attempt relay:

rush postfix/smtpd[49653]: warning: chombo[2001:db8::2]: SASL DIGEST-MD5 
authentication failed: ...


Without changing anything on rush or yoshi, I can swap in one of the 
older digest-md5 hashes and chombo can relay just fine (in fact, this 
email was relayed via chombo using SASL auth with one of the older 
DIGEST-MD5 hashes).


There are three other servers also successfully relaying through yoshi 
and rush, also using the older DIGEST-MD5 hashes.  I can use any of the 
four older hashes on any of the machines and they work.  I can't 
generate any new hashes that work for any.  I also checked that all six 
machines generate the same hashes.

[Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

2013-02-19 Thread Darren Pilgrim

I have three postfix 2.9.5 servers: chombo, rush, yoshi.  Chombo relays 
to rush and yoshi for outbound email.  Outbound relay requires SASL 
authentication.  Rush and yoshi run Dovecot 2.1.12 servers with simple 
passwd-file backends.


If I create a new password hash for chombo's user, houseloki, on either 
rush or yoshi:


# doveadm pw -u houseloki -p password
{CRAM-MD5}...

Then I add that to rush and yoshi's passwd file:

houseloki@_auth.bluerosetech.com:{CRAM-MD5}...

Then `doveadm reload`, it works fine:

# doveadm auth houseloki password
passdb: houseloki auth succeeded
extra fields:
user=houseloki@_auth.bluerosetech.com

So I add that username and password to the smtp_sasl_password_maps hash 
file on chombo, reload postfix, and then try to relay something from 
chombo, it fails with rush and yoshi logging warnings like:


Feb 19 03:32:33 yoshi postfix/smtpd[75783]: warning: 
chombo.example.com[2001:db8::2]: SASL DIGEST-MD5 authentication failed: 
really long string redacted


Rush and yoshi have other hashes in their passwd files, and if I 
configure chombo to use one of those, it works fine.  Those hashes use 
digest-md5 and are at least a few years old.  I tried that scheme 
instead of the default cram-md5, as well as several others, but none 
work.  I've poured over the wiki and man pages, but can't find the problem.


What am I missing?  Why can I not generate new hashes correctly?

Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

Re: [Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

[Dovecot] Dovecot auth works when tested with doveadm, but fails with Postfix

4 matches

Site Navigation

Mail list logo

Footer information