Re: [Dovecot] dovecot: imap-login: Aborted login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Jul 2013, Adnane wrote: I think the issue is with authentication root@mailer:~# tail -f /var/log/syslogJul Jul 22 03:34:41 mailer dovecot:imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking: Disconnected Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking: Disconnected Jul 22 03:35:03 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS: Disconnected There is no auth attempts, so you do not have an issue with authentication. Because of the TLS handshaking: Disconnected it looks like the connection gets cut during the initial TLS handshake. To debug this, first increare logging, then try from localhost without encryption, e.g.: telnet localhost 143 1 login loginname password and watch the human friendly output. Terminate the IMAP connection via 2 logout Maybe that client does not like your SSL cert and drops the connection thereof? Or maybe a firewall thinks it has to fiddle in, e.g. change Thunderbird to use SSL on port 993 instead of STARTTLS on 143. Kind regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUezg/13r2wJMiz2NAQKjkQf+MSiRcG8h4C3cdH2uKQNvc4K1UkJVmPjx tZvsBQmMQB0kY9y9GC9YiDKKCx3Cua6lxQ89Mbh4UDkjWdIV6T617QXT55HglLoY +fS1vVAIjCQlOD42GW1W8XKrQN9mfzCDw2CvdtMX8weiXPvsMA0ZMT/m5ZCWOtzR 8eP1Jjd8APuTPQqYg13+vWBSWNOfeyeY69m3loqKAuSw4ntSRglx5qlMrK8IRSji MHXkX2HJmbSV+iFstDRvbqVRWkJCGj6mzt+N34HU3py1H5zxiCjOSF9Q3UkU4psO 7xIGEDHbIrLpAca+6B2ZRIcfU0BgRAsvmcLLogqH40G/F7edud9YGw== =9TD0 -END PGP SIGNATURE-
Re: [Dovecot] dovecot: imap-login: Aborted login
here is the dovecot -n dump
dovecot -n
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.8.13--grs-ipv6-64-vps x86_64 Ubuntu 12.04.2 LTS ext3
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocols = imap pop3 lmtp
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
}
ssl = required
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
root@mailer:~# telnet localhost 143
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
netstat -la -pute | grep dovecot
tcp0 0 *:pop3s *:* LISTEN
root 12974 5098/dovecot
tcp0 0 *:imaps *:* LISTEN
root 12989 5098/dovecot
tcp6 0 0 [::]:pop3s [::]:* LISTEN
root 12975 5098/dovecot
tcp6 0 0 [::]:imaps [::]:* LISTEN
root 12990 5098/dovecot
I dont like the port = 0 but thats what was mentionned in the tutorial
so I changed /etc/dovecot/conf.d/10-master.conf
/
service imap-login {
inet_listener imap {
port = 143
}
...
}
service pop3-login {
inet_listener pop3 {
port = 110
}
...
}
now
netstat -la -pute | grep dovecot
tcp0 0 *:pop3s *:* LISTEN
root 162828 8341/dovecot
tcp0 0 *:pop3 *:* LISTEN
root 162826 8341/dovecot
tcp0 0 *:imap2 *:* LISTEN
root 162845 8341/dovecot
tcp0 0 *:imaps *:* LISTEN
root 162847 8341/dovecot
tcp6 0 0 [::]:pop3s [::]:* LISTEN
root 162829 8341/dovecot
tcp6 0 0 [::]:pop3 [::]:* LISTEN
root 162827 8341/dovecot
tcp6 0 0 [::]:imap2 [::]:* LISTEN
root 162846 8341/dovecot
tcp6 0 0 [::]:imaps [::]:* LISTEN
root 162848 8341/dovecot
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Dovecot ready.
user adn...@mailer.adnane.me
+OK
pass mypasseword
+OK Logged in.
LIST
+OK 0 messages:
root@mailer:~# telnet mailer.adnane.me 143
Trying 2001:41d0:52:200::326...
Connected to mailer.adnane.me.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
1 login adn...@mailer.adnane.me mypassword
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT
SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN
NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT
SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
2 logout
* BYE Logging out
2 OK Logout completed.
Connection closed by foreign host.
/
/but for thunderbird I got this in logs
Jul 22 22:32:53 mailer dovecot: pop3-login: Disconnected (tried to use
disabled plaintext auth): rip=196.217.182.199, lip=5.135.151.43
Jul 22 22:36:04 mailer dovecot: pop3(adn...@mailer.adnane.me):
Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
On 07/22/2013 08:36 AM, Steffen Kaiser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 22 Jul 2013, Adnane wrote:
I think the issue is with authentication
root@mailer:~# tail -f /var/log/syslogJul
Jul 22 03:34:41 mailer dovecot:imap-login: Disconnected (no auth
attempts): rip=41.251.155.145, lip=5.135.151.43, TLS
Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth
attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking:
Disconnected
Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth
attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking:
Disconnected
Jul 22 03:35:03 mailer dovecot: imap-login: Disconnected (no auth
attempts): rip=41.251.155.145, lip=5.135.151.43, TLS: Disconnected
There is no auth attempts, so you do not have an issue with
authentication.
Because of the TLS handshaking: Disconnected it looks like the
connection gets cut during the initial TLS handshake. To debug this,
first increare
Re: [Dovecot] dovecot: imap-login: Aborted login
From: Adnane m...@adnane.me writes: Jul 22 22:32:53 mailer dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): rip=196.217.182.199, lip=5.135.151.43 Jul 22 22:36:04 mailer dovecot: pop3(adn...@mailer.adnane.me): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Looks like a mail client issue: you're not enabling STARTTLS on port 110. Fiddle with the SSL configuration. Joseph Tam jtam.h...@gmail.com
Re: [Dovecot] dovecot: imap-login: Aborted login
Hello again
I can connect with thunderbird now and retrieve mails, I changed auth to
ssl and normal password,
Jul 23 02:58:14 mailer postfix/lmtp[9253]: D5E7FF81D2:
to=adn...@mailer.adnane.me,
relay=mailer.adnane.me[private/dovecot-lmtp], delay=0.35,
delays=0.29/0/0/0.05, dsn=2.0.0, status=sent (250 2.0.0
adn...@mailer.adnane.me DbyiBCbV7VEmJAAALj+mJA Saved)
Jul 23 02:58:14 mailer postfix/qmgr[8283]: D5E7FF81D2: removed
Jul 23 02:58:14 mailer postfix/smtpd[9243]: disconnect from
mail-vc0-f177.google.com[209.85.220.177]
but I cant send mails
Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection
rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13
Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection
count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13
Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1
at Jul 23 02:58:13
any help plz
On 07/22/2013 09:50 PM, Adnane wrote:
here is the dovecot -n dump
dovecot -n
# 2.0.19: /etc/dovecot/dovecot.conf
# OS: Linux 3.8.13--grs-ipv6-64-vps x86_64 Ubuntu 12.04.2 LTS ext3
auth_mechanisms = plain login
mail_location = maildir:/var/mail/vhosts/%d/%n
mail_privileged_group = mail
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocols = imap pop3 lmtp
service auth-worker {
user = vmail
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
mode = 0600
user = vmail
}
user = dovecot
}
service imap-login {
inet_listener imap {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
port = 0
}
}
ssl = required
ssl_cert = /etc/ssl/certs/dovecot.pem
ssl_key = /etc/ssl/private/dovecot.pem
userdb {
args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
driver = static
}
root@mailer:~# telnet localhost 143
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
netstat -la -pute | grep dovecot
tcp0 0 *:pop3s *:* LISTEN root
12974 5098/dovecot
tcp0 0 *:imaps *:* LISTEN root
12989 5098/dovecot
tcp6 0 0 [::]:pop3s [::]:* LISTEN
root 12975 5098/dovecot
tcp6 0 0 [::]:imaps [::]:* LISTEN
root 12990 5098/dovecot
I dont like the port = 0 but thats what was mentionned in the tutorial
so I changed /etc/dovecot/conf.d/10-master.conf
/
service imap-login {
inet_listener imap {
port = 143
}
...
}
service pop3-login {
inet_listener pop3 {
port = 110
}
...
}
now
netstat -la -pute | grep dovecot
tcp0 0 *:pop3s *:* LISTEN
root 162828 8341/dovecot
tcp0 0 *:pop3 *:* LISTEN
root 162826 8341/dovecot
tcp0 0 *:imap2 *:* LISTEN
root 162845 8341/dovecot
tcp0 0 *:imaps *:* LISTEN
root 162847 8341/dovecot
tcp6 0 0 [::]:pop3s [::]:* LISTEN
root 162829 8341/dovecot
tcp6 0 0 [::]:pop3 [::]:* LISTEN
root 162827 8341/dovecot
tcp6 0 0 [::]:imap2 [::]:* LISTEN
root 162846 8341/dovecot
tcp6 0 0 [::]:imaps [::]:* LISTEN
root 162848 8341/dovecot
telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
+OK Dovecot ready.
user adn...@mailer.adnane.me
+OK
pass mypasseword
+OK Logged in.
LIST
+OK 0 messages:
root@mailer:~# telnet mailer.adnane.me 143
Trying 2001:41d0:52:200::326...
Connected to mailer.adnane.me.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
1 login adn...@mailer.adnane.me mypassword
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND
UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1
CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH
LIST-STATUS] Logged in
2 logout
* BYE Logging out
2 OK Logout completed.
Connection closed by foreign host.
/
/but for thunderbird I got this in logs
Jul 22 22:32:53 mailer dovecot: pop3-login: Disconnected (tried to use
disabled plaintext auth): rip=196.217.182.199, lip=5.135.151.43
Jul 22 22:36:04 mailer dovecot: pop3(adn...@mailer.adnane.me):
Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
On 07/22/2013 08:36 AM, Steffen Kaiser wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 22 Jul 2013, Adnane wrote:
I think the issue is with authentication
root@mailer:~# tail -f
Re: [Dovecot] dovecot: imap-login: Aborted login
Adnane m...@adnane.me writes: but I cant send mails Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1 at Jul 23 02:58:13 Not a dovecot issue. In fact, neither was your previous problem, which was a mail reader configuration problem. Joseph Tam jtam.h...@gmail.com
Re: [Dovecot] dovecot: imap-login: Aborted login
On Tue, 2013-07-23 at 02:20 +0100, Adnane wrote: Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1 at Jul 23 02:58:13 any help plz anvil logs wont help much, look for your connect from: lines, it should show your connecting IP, and few lines after it detailing what it is doing, I suspect you may have the same issues as with dovecot, never ever ever force ssl on clients unless you know what you (and they) are doing, and not knowing what version you are using makes it more difficult. Should be using postfix 2.10.1 (the latest) smtpd_tls_security_level = may signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot: imap-login: Aborted login
On Mon, 2013-07-22 at 18:30 -0700, Joseph Tam wrote: Adnane m...@adnane.me writes: but I cant send mails Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1 at Jul 23 02:58:13 Not a dovecot issue. In fact, neither was your previous problem, which was a mail reader configuration problem. Joseph Tam jtam.h...@gmail.com Thats helpful how... The fact he uses dovecot for auth, would likely mean smtp-auth which does involve dovecot. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Thanks a lot! I got it done with imapc_ssl and imapc_ssl_ca_dir settings. I was not aware of those settings. Thanks a bunch! On Wed, Mar 20, 2013 at 10:58 PM, Timo Sirainen [via Dovecot] ml-node+s2317879n40933...@n4.nabble.com wrote: On 8.3.2013, at 8.08, pvsuja [hidden email]http://user/SendEmail.jtp?type=nodenode=40933i=0 wrote: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? imapc_ssl = starttls See also other related settings in http://wiki2.dovecot.org/Migration/Dsync I guess imapc should have its own wiki page some day. -- If you reply to this email, your message will be added to the discussion below: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40933.html To unsubscribe from dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB, click herehttp://dovecot.2317879.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=40684code=cHZzdWphQGdtYWlsLmNvbXw0MDY4NHwtNzgyNTk5NDQ0 . NAMLhttp://dovecot.2317879.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40973.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
On 8.3.2013, at 8.08, pvsuja pvs...@gmail.com wrote: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? imapc_ssl = starttls See also other related settings in http://wiki2.dovecot.org/Migration/Dsync I guess imapc should have its own wiki page some day.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Am 08.03.2013 07:08, schrieb pvsuja: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? Mhh, well, communication encryption and password encryption are two different things. If you speak over SSL with your server, it doesn't matter if the password is transmitted in plain. http://wiki.dovecot.org/Authentication/Mechanisms
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40689.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
On 3/8/2013 1:04 AM, pvsuja wrote: Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? From the template /etc/dovecot/conf.d/10-auth.conf # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes Dem
