Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On Tue, 1 Apr 2014, Jeffrey Walton wrote: Related: what does the bang mean? I've got a programming background, and to me its a NOT. So I would read that as "don't include conf.d/...". It would have the same effect as commenting it out. I guess it's the semi-arbitray syntax Timo chose for the include directive. Maybe it came from the bang syntax for Unix scripts. Joseph Tam
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On Tue, Apr 1, 2014 at 8:19 PM, Joseph Tam wrote:
> Jeffrey Walton writes:
>
>> passdb {
>> args = /var/mail/%d/users
>> driver = passwd-file
>> }
>> ...
>> userdb {
>> driver = passwd
>> }
>
>
> Your userdb and passdb are not using the same DB: did you intend this?
Yeah, I did not add that. That's coming from somewhere else (like the
auth_mechanisms).
I think Charles said it was a config file in a different directory.
I'll be looking at in more detail soon. I suspect it one of these two
lines from dovecot.conf:
!include conf.d/*.conf
or
!include_try local.conf
Related: what does the bang mean? I've got a programming background,
and to me its a NOT. So I would read that as "don't include
conf.d/...". It would have the same effect as commenting it out.
> Does the userdb have "user@domain" entries, rather than just "user"
> entries?
user@domain
I just performed a fresh install of Debian, so I can look at things
without all the tutorial knob turning.
Thanks for the help.
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
Jeffrey Walton writes:
passdb {
args = /var/mail/%d/users
driver = passwd-file
}
...
userdb {
driver = passwd
}
Your userdb and passdb are not using the same DB: did you intend this?
Does the userdb have "user@domain" entries, rather than just "user"
entries? The diagnostics I referred to in my last post would have been
helpful here.
# postconf -n
If you're having problems authenticating to the IMAP service, then you
ought to concentrate on that problem: it's likely your LDA problem is
dependent on that solution.
Joseph Tam
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On 04/ 1/14 06:56 AM, Jeffrey Walton wrote: On Tue, Apr 1, 2014 at 6:44 AM, Charles Marcus wrote: On 4/1/2014 6:34 AM, Jeffrey Walton wrote: On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus wrote: ... What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here... It proves that you are using the settings you think you are using. # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no So... where is auth_mechanisms? You said you had it set to # doveconf -n | head -1 # 2.1.7: /etc/dovecot/dovecot.conf Check ALL actual settings: # doveconf -a | grep mechanisms auth_mechanisms = plain login .. I guess yours is missing "login" and using only "auth", as the default (hence not showing in "doveconf -n"). You should still be able to use imapsync with --authmech1 PLAIN --authmech2 PLAIN
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On 4/1/2014 6:22 AM, Charles Marcus wrote: What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here... Apologies Jeffrey, I didn't see your doveconf -n at the end, guess I got distracted by someone else's nonsense... -- Best regards, Charles
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On 4/1/2014 6:56 AM, Jeffrey Walton wrote: Obviously, I don't know how. That's the file that conf dovecot claims it is using. It you know how to find out the conf file dovecot is *really* using, then please let me know. First read this: http://wiki2.dovecot.org/BasicConfiguration Especially this part: "The default configuration starts from dovecot.conf, which contains an !include conf.d/*.conf statement to read the rest of the configuration. This split of configuration files isn't a requirement to use, and it doesn't really matter which .conf file you add any particular setting, just as long as it isn't overridden in another file. You can verify with doveconf -n that everything looks as you intended." If you want all settings in a single config file, you need to tell dovecot this. If you don't, then the last settings that are applied, based on the order these split config files (in conf.d) are read (the number prefix determines the order) win. Personally, I put all of mine in /etc/dovecot/conf.d/99-mysettings.conf The 99- prefix makes sure that these settings get applied plast. Also, you never answered my last question - what distro? Some distros put config files in different (non-standard) places, and/or enable chroot by default, complicating things for their users (although it is fully documented, so users who encounter problems because of this do so because they didn't rtfm well enough)... -- Best regards, Charles
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On Tue, Apr 1, 2014 at 6:44 AM, Charles Marcus wrote: > On 4/1/2014 6:34 AM, Jeffrey Walton wrote: >> >> On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus >> wrote: >>> >>> ... >>> >>> What you are missing is that there is a very good reason that ONLY the >>> output of doveconf -n is wanted here... >>> >>> It proves that you are using the settings you think you are using. >>> >> # doveconf -n >> # 2.1.7: /etc/dovecot/dovecot.conf >> # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 >> disable_plaintext_auth = no > > > So... where is auth_mechanisms? You said you had it set to # doveconf -n | head -1 # 2.1.7: /etc/dovecot/dovecot.conf # cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self = Obviously, I don't know how. That's the file that conf dovecot claims it is using. It you know how to find out the conf file dovecot is *really* using, then please let me know. Jeff
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
Am 01.04.2014 12:22, schrieb Charles Marcus: > On 3/31/2014 5:47 PM, Jeffrey Walton wrote: >> On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald >> wrote: >>> >and the settings are*really* in /etc/dovecot/dovecot.conf >>> >or in some ".d"-folder which may or may not be included? >> I believe they are in /etc/dovecot/dovecot.conf: >> >> # cat /etc/dovecot/dovecot.conf | grep -i auth_ >> auth_mechanisms = plain login digest-md5 cram-md5 >> #auth_proxy_self = > > What you are missing is that there is a very good reason that ONLY > the output of doveconf -n is wanted here... if you would really follow the thread you whould have noticed that he did that already and i asked for the complete config file because: * the mentioned one is clearly stated by doveconf -n * the values in question are not displayed in the output Am 01.04.2014 12:44, schrieb Charles Marcus: > So... where is auth_mechanisms? You said you had it set to > > auth_mechanisms = plain login digest-md5 cram-md5 > > Fix this and try again.. and *that* is why i asked for the complete config yesterday because 2.1.7: /etc/dovecot/dovecot.conf is stated as config file and the value in question is not listed signature.asc Description: OpenPGP digital signature
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On 4/1/2014 6:34 AM, Jeffrey Walton wrote: On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus wrote: ... What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here... It proves that you are using the settings you think you are using. # doveconf -n # 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4 disable_plaintext_auth = no So... where is auth_mechanisms? You said you had it set to auth_mechanisms = plain login digest-md5 cram-md5 Fix this and try again... -- Best regards, Charles
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On Tue, Apr 1, 2014 at 6:22 AM, Charles Marcus
wrote:
> ...
>
> What you are missing is that there is a very good reason that ONLY the
> output of doveconf -n is wanted here...
>
> It proves that you are using the settings you think you are using.
>
# doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.4
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /var/mail/%d/users
driver = passwd-file
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
ssl_cert =
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On 3/31/2014 5:37 PM, Jeffrey Walton wrote: My dovecot.conf has the following: You still have yet to prove this (doveconf -n output). # No results when searching the wiki disable_plaintext_auth = no Then you are searching the wiki wrong. After entering the parameter in the searchbox (obviously you should not add the '=no' part), did you click 'Titles'? Or 'Text'? Or did you just hit [enter]? You have to click the 'Text' button (to the right of the searchbox) to search the article CONTENT. Just hitting [Enter] results in a simple 'Titles' search, which only searches the wiki article Titles. Personally I don't like this. I think the default should be to search content. #http://wiki2.dovecot.org/Authentication/Mechanisms auth_mechanisms = plain login digest-md5 cram-md5 When I attempt to run imapsync, I receive an error: Host2: says it has NO CAPABILITY for AUTHENTICATE LOGIN imapsync also dumps the helo string, and it is missing: Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLS AUTH=PLAIN] Dovecot ready. I've restarted the dovecot service with 'service dovecot restart' and even rebooted the machine. There is nothing reported in any on the log files (/var/mail/dovecot.log and /var/log/mail.). Then you are looking at the wrong log files. Any ideas why dovecot is not honoring the setting in its config file? Best guess is you are not using the config file you think you are using. What distro is this? -- Best regards, Charles
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On 3/31/2014 5:47 PM, Jeffrey Walton wrote: On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald wrote: >and the settings are*really* in /etc/dovecot/dovecot.conf >or in some ".d"-folder which may or may not be included? I believe they are in /etc/dovecot/dovecot.conf: # cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self = Jeffrey, What you are missing is that there is a very good reason that ONLY the output of doveconf -n is wanted here... It proves that you are using the settings you think you are using. simply cat'ing the contents of a file that you areediting is not good enough. Like postconf -n in postfix, doveconf -n dumps the output of the config that the running version of dovecot is qactually using. This shines the light on obvious errors, like when you are editing a config file that is NOT being used. This is a common mistake, especially in distributions that put things in non-standard places. So, what is output of doveconf -n? And postconf -n (if needed)? -- Best regards, Charles
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On Mon, 31 Mar 2014, Jeffrey Walton wrote:
Just to confirm, your specified in the passdb corresponds to what
is being authenticated (i.e. client is authenticating as "j...@foo.com",
not "jeff")? Otherwise, you'll need to add domains to your passdb,
or configure "username_format=%n"
Yes, I believe so:
$ sudo cat /var/mail/foo.com/users
# Generate passwords with:
# doveadm pw -s PLAIN -p
# Real users
t...@foo.com:{PLAIN}some-password
j...@foo.com:{PLAIN}some-password
OK, I guess the next step is to see whether the dovecot auth process
is able to read the passdb file. Does your dovecot auth process have
enough authorization to get/read to these files (check what dovecot/auth
runs as versus the file permissions of your passdb)? "doveadm user
j...@foo.com" checks the userdb, and if it coincides with your passdb,
might point out a problem.
Tracing the auth process might also help.
Joseph Tam
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On Mon, Mar 31, 2014 at 6:29 PM, Joseph Tam wrote:
> Jeffrey Walton writes:
>
>> I specified the following in my dovecot.conf.
>>
>>
>> passdb {
>> args = /var/mail/%d/users
>> driver = passwd-file
>> }
>>
>> Attempts to use the configuration result in an authentication failure.
>> Here's an entry from dovecot.log when the failure happens:
>>
>> Mar 31 16:04:12 imap-login: Info: Disconnected (auth failed, 1
>> attempts in 5 secs): user=, method=PLAIN, rip=127.0.0.1,
>> lip=127.0.1.1, secured, session=
>
> Just to confirm, your specified in the passdb corresponds to what
> is being authenticated (i.e. client is authenticating as "j...@foo.com",
> not "jeff")? Otherwise, you'll need to add domains to your passdb,
> or configure "username_format=%n"
Yes, I believe so:
$ sudo cat /var/mail/foo.com/users
# Generate passwords with:
# doveadm pw -s PLAIN -p
# Real users
t...@foo.com:{PLAIN}some-password
j...@foo.com:{PLAIN}some-password
In case it matters, here are the Postfix settings (but they should not
apply since this is an IMAP exercise):
$ sudo cat /etc/postfix/mailboxes
# Real users
t...@foo.com foo.com/tad/
j...@foo.com foo.com/jeff/
Its compiled with `postmap`:
postmap /etc/postfix/mailboxes
And then specified in `main.cf` with:
virtual_mailbox_maps = hash:/etc/postfix/mailboxes
And my two domains are handled similarly in `domains`.
Jeff
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
Jeffrey Walton writes:
I specified the following in my dovecot.conf.
passdb {
args = /var/mail/%d/users
driver = passwd-file
}
Attempts to use the configuration result in an authentication failure.
Here's an entry from dovecot.log when the failure happens:
Mar 31 16:04:12 imap-login: Info: Disconnected (auth failed, 1
attempts in 5 secs): user=, method=PLAIN, rip=127.0.0.1,
lip=127.0.1.1, secured, session=
Just to confirm, your specified in the passdb corresponds to what
is being authenticated (i.e. client is authenticating as "j...@foo.com",
not "jeff")? Otherwise, you'll need to add domains to your passdb,
or configure "username_format=%n"
Joseph Tam
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald wrote: > > > Am 31.03.2014 23:37, schrieb Jeffrey Walton: >> My dovecot.conf has the following: >> >> # No results when searching the wiki >> disable_plaintext_auth = no >> >> # http://wiki2.dovecot.org/Authentication/Mechanisms >> auth_mechanisms = plain login digest-md5 cram-md5 >> >> When I attempt to run imapsync, I receive an error: >> >> Host2: says it has NO CAPABILITY for AUTHENTICATE LOGIN >> >> imapsync also dumps the helo string, and it is missing: >> >> Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLS >> AUTH=PLAIN] Dovecot ready. >> >> I've restarted the dovecot service with 'service dovecot restart' and >> even rebooted the machine. >> >> There is nothing reported in any on the log files >> (/var/mail/dovecot.log and /var/log/mail.). >> >> Any ideas why dovecot is not honoring the setting in its config file? > > and the settings are *really* in /etc/dovecot/dovecot.conf > or in some ".d"-folder which may or may not be included? I believe they are in /etc/dovecot/dovecot.conf: # cat /etc/dovecot/dovecot.conf | grep -i auth_ auth_mechanisms = plain login digest-md5 cram-md5 #auth_proxy_self = Jeff
Re: [Dovecot] Dovecot not honoring configuration settings (auth failure)
Am 31.03.2014 23:37, schrieb Jeffrey Walton:
> My dovecot.conf has the following:
>
> # No results when searching the wiki
> disable_plaintext_auth = no
>
> # http://wiki2.dovecot.org/Authentication/Mechanisms
> auth_mechanisms = plain login digest-md5 cram-md5
>
> When I attempt to run imapsync, I receive an error:
>
> Host2: says it has NO CAPABILITY for AUTHENTICATE LOGIN
>
> imapsync also dumps the helo string, and it is missing:
>
> Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLS
> AUTH=PLAIN] Dovecot ready.
>
> I've restarted the dovecot service with 'service dovecot restart' and
> even rebooted the machine.
>
> There is nothing reported in any on the log files
> (/var/mail/dovecot.log and /var/log/mail.).
>
> Any ideas why dovecot is not honoring the setting in its config file?
and the settings are *really* in /etc/dovecot/dovecot.conf
or in some ".d"-folder which may or may not be included?
> **
>
> # dovecot --version
> 2.1.7
> # doveconf -n
> # 2.1.7: /etc/dovecot/dovecot.conf
> # OS: Linux 3.2.0-4-686-pae i686 Debian 7.4
> disable_plaintext_auth = no
> log_path = /var/log/dovecot.log
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> namespace inbox {
> inbox = yes
> location =
> mailbox Drafts {
> special_use = \Drafts
> }
> ...
> prefix =
> }
> passdb {
> args = /var/mail/%d/users
> driver = passwd-file
> }
> passdb {
> driver = pam
> }
> plugin {
> sieve = ~/.dovecot.sieve
> sieve_dir = ~/sieve
> }
> protocols = " imap pop3"
> ssl_cert = ssl_key = userdb {
> driver = passwd
> }
>
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 (676) 40 221 40, p: +43 (1) 595 3999 33
icq: 154546673, http://www.thelounge.net/
http://www.thelounge.net/signature.asc.what.htm
signature.asc
Description: OpenPGP digital signature
[Dovecot] Dovecot not honoring configuration settings (auth failure)
My dovecot.conf has the following:
# No results when searching the wiki
disable_plaintext_auth = no
# http://wiki2.dovecot.org/Authentication/Mechanisms
auth_mechanisms = plain login digest-md5 cram-md5
When I attempt to run imapsync, I receive an error:
Host2: says it has NO CAPABILITY for AUTHENTICATE LOGIN
imapsync also dumps the helo string, and it is missing:
Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLS
AUTH=PLAIN] Dovecot ready.
I've restarted the dovecot service with 'service dovecot restart' and
even rebooted the machine.
There is nothing reported in any on the log files
(/var/mail/dovecot.log and /var/log/mail.).
Any ideas why dovecot is not honoring the setting in its config file?
**
# dovecot --version
2.1.7
# doveconf -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.4
disable_plaintext_auth = no
log_path = /var/log/dovecot.log
mail_location = mbox:~/mail:INBOX=/var/mail/%u
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
...
prefix =
}
passdb {
args = /var/mail/%d/users
driver = passwd-file
}
passdb {
driver = pam
}
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = " imap pop3"
ssl_cert =
