Re: [Dovecot] dovecot: imap-login: Aborted login
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Jul 2013, Adnane wrote: I think the issue is with authentication root@mailer:~# tail -f /var/log/syslogJul Jul 22 03:34:41 mailer dovecot:imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking: Disconnected Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking: Disconnected Jul 22 03:35:03 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS: Disconnected There is no auth attempts, so you do not have an issue with authentication. Because of the TLS handshaking: Disconnected it looks like the connection gets cut during the initial TLS handshake. To debug this, first increare logging, then try from localhost without encryption, e.g.: telnet localhost 143 1 login loginname password and watch the human friendly output. Terminate the IMAP connection via 2 logout Maybe that client does not like your SSL cert and drops the connection thereof? Or maybe a firewall thinks it has to fiddle in, e.g. change Thunderbird to use SSL on port 993 instead of STARTTLS on 143. Kind regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUezg/13r2wJMiz2NAQKjkQf+MSiRcG8h4C3cdH2uKQNvc4K1UkJVmPjx tZvsBQmMQB0kY9y9GC9YiDKKCx3Cua6lxQ89Mbh4UDkjWdIV6T617QXT55HglLoY +fS1vVAIjCQlOD42GW1W8XKrQN9mfzCDw2CvdtMX8weiXPvsMA0ZMT/m5ZCWOtzR 8eP1Jjd8APuTPQqYg13+vWBSWNOfeyeY69m3loqKAuSw4ntSRglx5qlMrK8IRSji MHXkX2HJmbSV+iFstDRvbqVRWkJCGj6mzt+N34HU3py1H5zxiCjOSF9Q3UkU4psO 7xIGEDHbIrLpAca+6B2ZRIcfU0BgRAsvmcLLogqH40G/F7edud9YGw== =9TD0 -END PGP SIGNATURE-
Re: [Dovecot] dovecot: imap-login: Aborted login
here is the dovecot -n dump dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.8.13--grs-ipv6-64-vps x86_64 Ubuntu 12.04.2 LTS ext3 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap pop3 lmtp service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } } ssl = required ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static } root@mailer:~# telnet localhost 143 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused netstat -la -pute | grep dovecot tcp0 0 *:pop3s *:* LISTEN root 12974 5098/dovecot tcp0 0 *:imaps *:* LISTEN root 12989 5098/dovecot tcp6 0 0 [::]:pop3s [::]:* LISTEN root 12975 5098/dovecot tcp6 0 0 [::]:imaps [::]:* LISTEN root 12990 5098/dovecot I dont like the port = 0 but thats what was mentionned in the tutorial so I changed /etc/dovecot/conf.d/10-master.conf / service imap-login { inet_listener imap { port = 143 } ... } service pop3-login { inet_listener pop3 { port = 110 } ... } now netstat -la -pute | grep dovecot tcp0 0 *:pop3s *:* LISTEN root 162828 8341/dovecot tcp0 0 *:pop3 *:* LISTEN root 162826 8341/dovecot tcp0 0 *:imap2 *:* LISTEN root 162845 8341/dovecot tcp0 0 *:imaps *:* LISTEN root 162847 8341/dovecot tcp6 0 0 [::]:pop3s [::]:* LISTEN root 162829 8341/dovecot tcp6 0 0 [::]:pop3 [::]:* LISTEN root 162827 8341/dovecot tcp6 0 0 [::]:imap2 [::]:* LISTEN root 162846 8341/dovecot tcp6 0 0 [::]:imaps [::]:* LISTEN root 162848 8341/dovecot telnet localhost 110 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready. user adn...@mailer.adnane.me +OK pass mypasseword +OK Logged in. LIST +OK 0 messages: root@mailer:~# telnet mailer.adnane.me 143 Trying 2001:41d0:52:200::326... Connected to mailer.adnane.me. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 login adn...@mailer.adnane.me mypassword 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in 2 logout * BYE Logging out 2 OK Logout completed. Connection closed by foreign host. / /but for thunderbird I got this in logs Jul 22 22:32:53 mailer dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): rip=196.217.182.199, lip=5.135.151.43 Jul 22 22:36:04 mailer dovecot: pop3(adn...@mailer.adnane.me): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 On 07/22/2013 08:36 AM, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Jul 2013, Adnane wrote: I think the issue is with authentication root@mailer:~# tail -f /var/log/syslogJul Jul 22 03:34:41 mailer dovecot:imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking: Disconnected Jul 22 03:35:02 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS handshaking: Disconnected Jul 22 03:35:03 mailer dovecot: imap-login: Disconnected (no auth attempts): rip=41.251.155.145, lip=5.135.151.43, TLS: Disconnected There is no auth attempts, so you do not have an issue with authentication. Because of the TLS handshaking: Disconnected it looks like the connection gets cut during the initial TLS handshake. To debug this, first increare
Re: [Dovecot] dovecot: imap-login: Aborted login
From: Adnane m...@adnane.me writes: Jul 22 22:32:53 mailer dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): rip=196.217.182.199, lip=5.135.151.43 Jul 22 22:36:04 mailer dovecot: pop3(adn...@mailer.adnane.me): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Looks like a mail client issue: you're not enabling STARTTLS on port 110. Fiddle with the SSL configuration. Joseph Tam jtam.h...@gmail.com
Re: [Dovecot] dovecot: imap-login: Aborted login
Hello again I can connect with thunderbird now and retrieve mails, I changed auth to ssl and normal password, Jul 23 02:58:14 mailer postfix/lmtp[9253]: D5E7FF81D2: to=adn...@mailer.adnane.me, relay=mailer.adnane.me[private/dovecot-lmtp], delay=0.35, delays=0.29/0/0/0.05, dsn=2.0.0, status=sent (250 2.0.0 adn...@mailer.adnane.me DbyiBCbV7VEmJAAALj+mJA Saved) Jul 23 02:58:14 mailer postfix/qmgr[8283]: D5E7FF81D2: removed Jul 23 02:58:14 mailer postfix/smtpd[9243]: disconnect from mail-vc0-f177.google.com[209.85.220.177] but I cant send mails Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1 at Jul 23 02:58:13 any help plz On 07/22/2013 09:50 PM, Adnane wrote: here is the dovecot -n dump dovecot -n # 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.8.13--grs-ipv6-64-vps x86_64 Ubuntu 12.04.2 LTS ext3 auth_mechanisms = plain login mail_location = maildir:/var/mail/vhosts/%d/%n mail_privileged_group = mail passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocols = imap pop3 lmtp service auth-worker { user = vmail } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-userdb { mode = 0600 user = vmail } user = dovecot } service imap-login { inet_listener imap { port = 0 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service pop3-login { inet_listener pop3 { port = 0 } } ssl = required ssl_cert = /etc/ssl/certs/dovecot.pem ssl_key = /etc/ssl/private/dovecot.pem userdb { args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n driver = static } root@mailer:~# telnet localhost 143 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused netstat -la -pute | grep dovecot tcp0 0 *:pop3s *:* LISTEN root 12974 5098/dovecot tcp0 0 *:imaps *:* LISTEN root 12989 5098/dovecot tcp6 0 0 [::]:pop3s [::]:* LISTEN root 12975 5098/dovecot tcp6 0 0 [::]:imaps [::]:* LISTEN root 12990 5098/dovecot I dont like the port = 0 but thats what was mentionned in the tutorial so I changed /etc/dovecot/conf.d/10-master.conf / service imap-login { inet_listener imap { port = 143 } ... } service pop3-login { inet_listener pop3 { port = 110 } ... } now netstat -la -pute | grep dovecot tcp0 0 *:pop3s *:* LISTEN root 162828 8341/dovecot tcp0 0 *:pop3 *:* LISTEN root 162826 8341/dovecot tcp0 0 *:imap2 *:* LISTEN root 162845 8341/dovecot tcp0 0 *:imaps *:* LISTEN root 162847 8341/dovecot tcp6 0 0 [::]:pop3s [::]:* LISTEN root 162829 8341/dovecot tcp6 0 0 [::]:pop3 [::]:* LISTEN root 162827 8341/dovecot tcp6 0 0 [::]:imap2 [::]:* LISTEN root 162846 8341/dovecot tcp6 0 0 [::]:imaps [::]:* LISTEN root 162848 8341/dovecot telnet localhost 110 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready. user adn...@mailer.adnane.me +OK pass mypasseword +OK Logged in. LIST +OK 0 messages: root@mailer:~# telnet mailer.adnane.me 143 Trying 2001:41d0:52:200::326... Connected to mailer.adnane.me. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 1 login adn...@mailer.adnane.me mypassword 1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in 2 logout * BYE Logging out 2 OK Logout completed. Connection closed by foreign host. / /but for thunderbird I got this in logs Jul 22 22:32:53 mailer dovecot: pop3-login: Disconnected (tried to use disabled plaintext auth): rip=196.217.182.199, lip=5.135.151.43 Jul 22 22:36:04 mailer dovecot: pop3(adn...@mailer.adnane.me): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 On 07/22/2013 08:36 AM, Steffen Kaiser wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 22 Jul 2013, Adnane wrote: I think the issue is with authentication root@mailer:~# tail -f
Re: [Dovecot] dovecot: imap-login: Aborted login
Adnane m...@adnane.me writes: but I cant send mails Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1 at Jul 23 02:58:13 Not a dovecot issue. In fact, neither was your previous problem, which was a mail reader configuration problem. Joseph Tam jtam.h...@gmail.com
Re: [Dovecot] dovecot: imap-login: Aborted login
On Tue, 2013-07-23 at 02:20 +0100, Adnane wrote: Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1 at Jul 23 02:58:13 any help plz anvil logs wont help much, look for your connect from: lines, it should show your connecting IP, and few lines after it detailing what it is doing, I suspect you may have the same issues as with dovecot, never ever ever force ssl on clients unless you know what you (and they) are doing, and not knowing what version you are using makes it more difficult. Should be using postfix 2.10.1 (the latest) smtpd_tls_security_level = may signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot: imap-login: Aborted login
On Mon, 2013-07-22 at 18:30 -0700, Joseph Tam wrote: Adnane m...@adnane.me writes: but I cant send mails Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection rate 1/60s for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max connection count 1 for (smtp:209.85.220.177) at Jul 23 02:58:13 Jul 23 03:01:34 mailer postfix/anvil[9245]: statistics: max cache size 1 at Jul 23 02:58:13 Not a dovecot issue. In fact, neither was your previous problem, which was a mail reader configuration problem. Joseph Tam jtam.h...@gmail.com Thats helpful how... The fact he uses dovecot for auth, would likely mean smtp-auth which does involve dovecot. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Thanks a lot! I got it done with imapc_ssl and imapc_ssl_ca_dir settings. I was not aware of those settings. Thanks a bunch! On Wed, Mar 20, 2013 at 10:58 PM, Timo Sirainen [via Dovecot] ml-node+s2317879n40933...@n4.nabble.com wrote: On 8.3.2013, at 8.08, pvsuja [hidden email]http://user/SendEmail.jtp?type=nodenode=40933i=0 wrote: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? imapc_ssl = starttls See also other related settings in http://wiki2.dovecot.org/Migration/Dsync I guess imapc should have its own wiki page some day. -- If you reply to this email, your message will be added to the discussion below: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40933.html To unsubscribe from dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB, click herehttp://dovecot.2317879.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=40684code=cHZzdWphQGdtYWlsLmNvbXw0MDY4NHwtNzgyNTk5NDQ0 . NAMLhttp://dovecot.2317879.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40973.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
On 8.3.2013, at 8.08, pvsuja pvs...@gmail.com wrote: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? imapc_ssl = starttls See also other related settings in http://wiki2.dovecot.org/Migration/Dsync I guess imapc should have its own wiki page some day.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Am 08.03.2013 07:08, schrieb pvsuja: Through wireshark, I found the username and password is going in plain text only to the server. How will I enable starttls in ImapcProxy before any communication starts? Mhh, well, communication encryption and password encryption are two different things. If you speak over SSL with your server, it doesn't matter if the password is transmitted in plain. http://wiki.dovecot.org/Authentication/Mechanisms
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? -- View this message in context: http://dovecot.2317879.n4.nabble.com/dovecot-imap-login-Aborted-login-auth-failed-1-attempts-in-2-secs-user-xxx-method-PLAIN-rip-127-0-0--tp40684p40689.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] dovecot: imap-login: Aborted login (auth failed, 1 attempts in 2 secs): user=xxx, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, TLS, session=1pBG/03XogB/AAAB
On 3/8/2013 1:04 AM, pvsuja wrote: Yes, I know that. When I am telnetting to my ImapcProxy over 143, the capabilities are listed .. STARTTLS AUTH=PLAIN AUTH=LOGIN . I need the AUTH capability to be enabled only after STARTTLS I have done this in Postfix. Is there a way to do it in Dovecot? From the template /etc/dovecot/conf.d/10-auth.conf # Disable LOGIN command and all other plaintext authentications unless # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP # matches the local IP (ie. you're connecting from the same computer), the # connection is considered secure and plaintext authentication is allowed. #disable_plaintext_auth = yes Dem