Re: Dovecot,seive and postfix master.cf
If this helps, here's my config : in main.cf : virtual_transport = lmtp:unix:private/dovecot-lmtp I didn't touch anything in master.cf (I let the default lmtp as Ian mentionned). master.cf : lmtp unix - - - - - lmtp in dovecot's 10-master.cf : # This is for dovecot-postfix conversation service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } # I don't remember what's this for but apparently I needed it unix_listener /var/spool/postfix/private/auth { mode = 0666 } That's about it I think. -- Yassine. On Thursday, February 23, 2017 12:46 AM, "b...@bitrate.net" wrote: On Feb 22, 2017, at 16.21, Ian Evans wrote: > > Background: Have a postfix/dovecot/amavisd-new system that has been running > smoothly for several years. Just a handful of virtual users, ie: > /home/vmail/example.com/ianevans/Maildir > > As we are starting to use multiple devices finally, decided to move away from > pop3/imap to all imap. > > sieve plugin has been configured. All that's left is to have postfix use > dovecot lda. Just wanted to make sure that this is all I need to do on the > postfix end in master.cf: > > dovecot unix – n n – – pipe > flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -d > ${recipient} > > Any other config info I should post here to make sure that the dovecot line > will not step on any config toes. i would relay to dovecot via lmtp(8), rather than via pipe(8). additionally, personally, i prefer to use the relay address class for arrangements like this, rather than the virtual address class. lastly, you reference amavis, so i'll mention that, in basic setups [which most are] i'd also suggest relaying from postfix to amavis, via lmtp, and then from amavis to dovecot, also via lmtp, rather than going back through postfix first, which is often how it's been done, traditionally. imo, this simplifies the configuration, and simplifies the flow, conceptually. some might point out a caveat regarding constraints on alias expansion or the like when not passing mail back to postfix, which is true, but imo, doing alias expansion in front of the content filter is the desirable of the two anyway, outside of the exception here or there, like anything else.
Re: dovecot cram-md5 setting break sending emails
I removed all comments which I added. It didn't help. Maybe should I put some config files dovecot or postfix or something? 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > On 23 February 2017 at 07:01, Poliman - Serwis wrote: > > ... > > All worked fine. Then I added in dovecot.conf file: > > auth_mechanisms = plain login cram-md5 #added cram-md5 > > > > passdb { > > #args = /etc/dovecot/dovecot-sql.conf > > #driver = sql > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > In passdb block commented out default lines and add two (I can put whole > > dovecot config). All things still worked fine. Then - in dovecot.conf > file I > > changed back setting to default. After this I can't send emails. In log I > > have: > > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL > > authentication mechanisms > > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL > > authentication mechanisms > > I suspect it is not permitted to have # comments in dovecot conf files > except on a line of their own, though I admit I can't find this > documented. Try removing '#added cram-md5' or putting it on a line of > its own. > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
By the way I did some test. I removed cram-md5 from auth_mechanisms line and I uncommented default lines in passdb block and also left uncommented two lines added by me like below: auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } I can send emails but I have no idea which setting is used - these two lines: args = /etc/dovecot/dovecot-sql.conf driver = sql or these driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > On 23 February 2017 at 07:01, Poliman - Serwis wrote: > > ... > > All worked fine. Then I added in dovecot.conf file: > > auth_mechanisms = plain login cram-md5 #added cram-md5 > > > > passdb { > > #args = /etc/dovecot/dovecot-sql.conf > > #driver = sql > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > In passdb block commented out default lines and add two (I can put whole > > dovecot config). All things still worked fine. Then - in dovecot.conf > file I > > changed back setting to default. After this I can't send emails. In log I > > have: > > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL > > authentication mechanisms > > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL > > authentication mechanisms > > I suspect it is not permitted to have # comments in dovecot conf files > except on a line of their own, though I admit I can't find this > documented. Try removing '#added cram-md5' or putting it on a line of > its own. > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
Hmm. I think that above is not working. Probably I tried sent email too fast after restart dovecot and new settings weren't loaded. 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > By the way I did some test. I removed cram-md5 from auth_mechanisms line > and I uncommented default lines in passdb block and also left uncommented > two lines added by me like below: > auth_mechanisms = plain login > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > I can send emails but I have no idea which setting is used - these two > lines: > args = /etc/dovecot/dovecot-sql.conf > driver = sql > > or these >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > >> On 23 February 2017 at 07:01, Poliman - Serwis wrote: >> > ... >> > All worked fine. Then I added in dovecot.conf file: >> > auth_mechanisms = plain login cram-md5 #added cram-md5 >> > >> > passdb { >> > #args = /etc/dovecot/dovecot-sql.conf >> > #driver = sql >> >driver = passwd-file >> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> > } >> > >> > In passdb block commented out default lines and add two (I can put whole >> > dovecot config). All things still worked fine. Then - in dovecot.conf >> file I >> > changed back setting to default. After this I can't send emails. In log >> I >> > have: >> > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL >> > authentication mechanisms >> > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL >> > authentication mechanisms >> >> I suspect it is not permitted to have # comments in dovecot conf files >> except on a line of their own, though I admit I can't find this >> documented. Try removing '#added cram-md5' or putting it on a line of >> its own. >> > > > > -- > > *Pozdrawiam / Best Regards* > *Piotr Bracha* > > > > > *tel. 534 555 877* > > *ser...@poliman.pl * > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
When I setup config: auth_mechanisms = plain login cram-md5 passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } Then mails can be send. Without 'cram-md5' in auth_mechanisms I can't send emails when passdb block looks like above pasted. 2017-02-23 9:21 GMT+01:00 Poliman - Serwis : > Hmm. I think that above is not working. Probably I tried sent email too > fast after restart dovecot and new settings weren't loaded. > > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > >> By the way I did some test. I removed cram-md5 from auth_mechanisms line >> and I uncommented default lines in passdb block and also left uncommented >> two lines added by me like below: >> auth_mechanisms = plain login >> >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >>driver = passwd-file >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> I can send emails but I have no idea which setting is used - these two >> lines: >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> >> or these >>driver = passwd-file >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >> 2017-02-23 8:17 GMT+01:00 Dominic Raferd : >> >>> On 23 February 2017 at 07:01, Poliman - Serwis >>> wrote: >>> > ... >>> > All worked fine. Then I added in dovecot.conf file: >>> > auth_mechanisms = plain login cram-md5 #added cram-md5 >>> > >>> > passdb { >>> > #args = /etc/dovecot/dovecot-sql.conf >>> > #driver = sql >>> >driver = passwd-file >>> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> > } >>> > >>> > In passdb block commented out default lines and add two (I can put >>> whole >>> > dovecot config). All things still worked fine. Then - in dovecot.conf >>> file I >>> > changed back setting to default. After this I can't send emails. In >>> log I >>> > have: >>> > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL >>> > authentication mechanisms >>> > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL >>> > authentication mechanisms >>> >>> I suspect it is not permitted to have # comments in dovecot conf files >>> except on a line of their own, though I admit I can't find this >>> documented. Try removing '#added cram-md5' or putting it on a line of >>> its own. >>> >> >> >> >> -- >> >> *Pozdrawiam / Best Regards* >> *Piotr Bracha* >> >> >> >> >> *tel. 534 555 877* >> >> *ser...@poliman.pl * >> > > > > -- > > *Pozdrawiam / Best Regards* > *Piotr Bracha* > > > > > *tel. 534 555 877* > > *ser...@poliman.pl * > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
In log I have also these lines: Feb 23 09:12:55 vps342401 dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF Feb 23 09:18:40 vps342401 postfix/smtpd[30395]: fatal: no SASL authentication mechanisms Feb 23 09:19:04 vps342401 postfix/smtps/smtpd[30426]: fatal: no SASL authentication mechanisms Feb 23 09:20:02 vps342401 postfix/smtpd[30519]: fatal: no SASL authentication mechanisms Feb 23 09:20:05 vps342401 postfix/smtps/smtpd[30525]: fatal: no SASL authentication mechanisms 2017-02-23 9:26 GMT+01:00 Poliman - Serwis : > When I setup config: > auth_mechanisms = plain login cram-md5 > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > Then mails can be send. Without 'cram-md5' in auth_mechanisms I can't send > emails when passdb block looks like above pasted. > > 2017-02-23 9:21 GMT+01:00 Poliman - Serwis : > >> Hmm. I think that above is not working. Probably I tried sent email too >> fast after restart dovecot and new settings weren't loaded. >> >> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : >> >>> By the way I did some test. I removed cram-md5 from auth_mechanisms line >>> and I uncommented default lines in passdb block and also left uncommented >>> two lines added by me like below: >>> auth_mechanisms = plain login >>> >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>>driver = passwd-file >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> >>> I can send emails but I have no idea which setting is used - these two >>> lines: >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> >>> or these >>>driver = passwd-file >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> >>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd : >>> On 23 February 2017 at 07:01, Poliman - Serwis wrote: > ... > All worked fine. Then I added in dovecot.conf file: > auth_mechanisms = plain login cram-md5 #added cram-md5 > > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > In passdb block commented out default lines and add two (I can put whole > dovecot config). All things still worked fine. Then - in dovecot.conf file I > changed back setting to default. After this I can't send emails. In log I > have: > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL > authentication mechanisms > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL > authentication mechanisms I suspect it is not permitted to have # comments in dovecot conf files except on a line of their own, though I admit I can't find this documented. Try removing '#added cram-md5' or putting it on a line of its own. >>> >>> >>> >>> -- >>> >>> *Pozdrawiam / Best Regards* >>> *Piotr Bracha* >>> >>> >>> >>> >>> *tel. 534 555 877* >>> >>> *ser...@poliman.pl * >>> >> >> >> >> -- >> >> *Pozdrawiam / Best Regards* >> *Piotr Bracha* >> >> >> >> >> *tel. 534 555 877* >> >> *ser...@poliman.pl * >> > > > > -- > > *Pozdrawiam / Best Regards* > *Piotr Bracha* > > > > > *tel. 534 555 877* > > *ser...@poliman.pl * > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
Hi, would suggest : - Try turning off chroot operation in master.cf - Verbose logging for specific SMTP connections (see http://www.postfix.org/DEBUG_README.html) Willi Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: > Hmm. I think that above is not working. Probably I tried sent email too > fast after restart dovecot and new settings weren't loaded. > > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > >> By the way I did some test. I removed cram-md5 from auth_mechanisms line >> and I uncommented default lines in passdb block and also left uncommented >> two lines added by me like below: >> auth_mechanisms = plain login >> >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >>driver = passwd-file >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> I can send emails but I have no idea which setting is used - these two >> lines: >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> >> or these >>driver = passwd-file >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >> 2017-02-23 8:17 GMT+01:00 Dominic Raferd : >> >>> On 23 February 2017 at 07:01, Poliman - Serwis wrote: ... All worked fine. Then I added in dovecot.conf file: auth_mechanisms = plain login cram-md5 #added cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } In passdb block commented out default lines and add two (I can put whole dovecot config). All things still worked fine. Then - in dovecot.conf >>> file I changed back setting to default. After this I can't send emails. In log >>> I have: Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL authentication mechanisms Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL authentication mechanisms >>> >>> I suspect it is not permitted to have # comments in dovecot conf files >>> except on a line of their own, though I admit I can't find this >>> documented. Try removing '#added cram-md5' or putting it on a line of >>> its own. >>> >> >> >> >> -- >> >> *Pozdrawiam / Best Regards* >> *Piotr Bracha* >> >> >> >> >> *tel. 534 555 877* >> >> *ser...@poliman.pl * >> > > >
Re: dovecot cram-md5 setting break sending emails
Ok, so I added in main.cf at the bottom of the file the line: debug_peer_list = 127.0.0.1,93.X.X.31 and in master.cf (set 'n' in chroot column): submission inet n - n - - smtpd smtps inet n - n - - smtpd What is next step? 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > Hi, > > > would suggest : > - Try turning off chroot operation in master.cf > - Verbose logging for specific SMTP connections > (see http://www.postfix.org/DEBUG_README.html) > > > Willi > > > Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: > > Hmm. I think that above is not working. Probably I tried sent email too > > fast after restart dovecot and new settings weren't loaded. > > > > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > > > >> By the way I did some test. I removed cram-md5 from auth_mechanisms line > >> and I uncommented default lines in passdb block and also left > uncommented > >> two lines added by me like below: > >> auth_mechanisms = plain login > >> > >> passdb { > >> args = /etc/dovecot/dovecot-sql.conf > >> driver = sql > >>driver = passwd-file > >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >> } > >> > >> I can send emails but I have no idea which setting is used - these two > >> lines: > >> args = /etc/dovecot/dovecot-sql.conf > >> driver = sql > >> > >> or these > >>driver = passwd-file > >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >> > >> 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > >> > >>> On 23 February 2017 at 07:01, Poliman - Serwis > wrote: > ... > All worked fine. Then I added in dovecot.conf file: > auth_mechanisms = plain login cram-md5 #added cram-md5 > > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > In passdb block commented out default lines and add two (I can put > whole > dovecot config). All things still worked fine. Then - in dovecot.conf > >>> file I > changed back setting to default. After this I can't send emails. In > log > >>> I > have: > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL > authentication mechanisms > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL > authentication mechanisms > >>> > >>> I suspect it is not permitted to have # comments in dovecot conf files > >>> except on a line of their own, though I admit I can't find this > >>> documented. Try removing '#added cram-md5' or putting it on a line of > >>> its own. > >>> > >> > >> > >> > >> -- > >> > >> *Pozdrawiam / Best Regards* > >> *Piotr Bracha* > >> > >> > >> > >> > >> *tel. 534 555 877* > >> > >> *ser...@poliman.pl * > >> > > > > > > > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
I also turned on verbose log in dovecot and below is output in mail.log: Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_connect: auth reply: DONE Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL authentication mechanisms Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process /usr/lib/postfix/smtpd pid 3640 exit status 1 Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size 3 at Feb 23 09:58:21 2017-02-23 9:59 GMT+01:00 Poliman - Serwis : > Ok, so I added in main.cf at the bottom of the file the line: > debug_peer_list = 127.0.0.1,93.X.X.31 > > and in master.cf (set 'n' in chroot column): > submission inet n - n - - smtpd > smtps inet n - n - - smtpd > > What is next step? > > 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Hi, >> >> >> would suggest : >> - Try turning off chroot operation in master.cf >> - Verbose logging for specific SMTP connections >> (see http://www.postfix.org/DEBUG_README.html) >> >> >> Willi >> >> >> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: >> > Hmm. I think that above is not working. Probably I tried sent email too >> > fast after restart dovecot and new settings weren't loaded. >> > >> > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : >> > >> >> By the way I did some test. I removed cram-md5 from auth_mechanisms >> line >> >> and I uncommented default lines in passdb block and also left >> uncommented >> >> two lines added by me like below: >> >> auth_mechanisms = plain login >> >> >> >> passdb { >> >> args = /etc/dovecot/dovecot-sql.conf >> >> driver = sql >> >>driver = passwd-file >> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >> } >> >> >> >> I can send emails but I have no idea which setting is used - these two >> >> lines: >> >> args = /etc/dovecot/dovecot-sql.conf >> >> driver = sql >> >> >> >> or these >> >>driver = passwd-file >> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >> >> >> 2017-02-23 8:17 GMT+01:00 Dominic Raferd : >> >> >> >>> On 23 February 2017 at 07:01, Poliman - Serwis >> wrote: >> ... >> All worked fine. Then I added in dovecot.conf file: >> auth_mechanisms = plain login cram-md5 #added cram-md5 >> >> passdb { >> #args = /etc/dovecot/dovecot-sql.conf >> #driver = sql >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> In passdb block commented out default lines and add two (I can put >> whole >> dovecot config). All things still worked fine. Then - in dovecot.conf >> >>> file I >> changed back setting to default. After this I can't send emails. In >> log >> >>> I >> have: >> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL >> authentication mechanisms >> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL >> authentication mechanisms >> >>> >> >>> I suspect it is not permitted to have # comments in dovecot conf files >> >>> except on a line of their own, though I admit I can't find this >> >>> documented. Try removing '#added cram-md5' or putting it on a line of >> >>> its own. >> >>> >> >> >> >> >> >> >> >> -- >> >> >> >> *Pozdrawiam / Best Regards* >> >> *Piotr Bracha* >> >> >> >> >> >> >> >> >> >> *tel. 534 555 877* >> >> >> >> *ser...@poliman.pl * >> >> >> > >> > >> > >> >> > > > -- > > *Pozdrawiam / Best Regards* > *Piotr Bracha* > > > > > *tel. 534 555 877* > > *ser...@poliman.pl * > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
Am 23.02.2017 um 09:59 schrieb Poliman - Serwis: > Ok, so I added in main.cf at the bottom of the file the line: > debug_peer_list = 127.0.0.1,93.X.X.31 Only for shure: you didn't really wrote "X" in main.cf? > and in master.cf (set 'n' in chroot column): > submission inet n - n - - smtpd > smtps inet n - n - - smtpd > > What is next step? Next steps : - try sending mails - looking up the logs (for finding error or to make shure you didn't open your system up completely) Willi > > 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Hi, >> >> >> would suggest : >> - Try turning off chroot operation in master.cf >> - Verbose logging for specific SMTP connections >> (see http://www.postfix.org/DEBUG_README.html) >> >> >> Willi >> >> >> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: >>> Hmm. I think that above is not working. Probably I tried sent email too >>> fast after restart dovecot and new settings weren't loaded. >>> >>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : >>> By the way I did some test. I removed cram-md5 from auth_mechanisms line and I uncommented default lines in passdb block and also left >> uncommented two lines added by me like below: auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } I can send emails but I have no idea which setting is used - these two lines: args = /etc/dovecot/dovecot-sql.conf driver = sql or these driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > On 23 February 2017 at 07:01, Poliman - Serwis >> wrote: >> ... >> All worked fine. Then I added in dovecot.conf file: >> auth_mechanisms = plain login cram-md5 #added cram-md5 >> >> passdb { >> #args = /etc/dovecot/dovecot-sql.conf >> #driver = sql >>driver = passwd-file >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> In passdb block commented out default lines and add two (I can put >> whole >> dovecot config). All things still worked fine. Then - in dovecot.conf > file I >> changed back setting to default. After this I can't send emails. In >> log > I >> have: >> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL >> authentication mechanisms >> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL >> authentication mechanisms > > I suspect it is not permitted to have # comments in dovecot conf files > except on a line of their own, though I admit I can't find this > documented. Try removing '#added cram-md5' or putting it on a line of > its own. > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl * >>> >>> >>> >> >> > >
Re: dovecot cram-md5 setting break sending emails
On 23/02/2017 09:06, Poliman - Serwis wrote: I also turned on verbose log in dovecot and below is output in mail.log: Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_connect: auth reply: DONE Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL authentication mechanisms Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process /usr/lib/postfix/smtpd pid 3640 exit status 1 Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size 3 at Feb 23 09:58:21 These seem to be from postfix, not from dovecot. You can get more info from dovecot by enabling debug_log_path = path/to/debug/log and by ensuring that the changes you've made to the configuration are actually seen by dovecot. The easiest way to verify what dovecot is actually using at runtime is the doveconf command, dovecot -a will show you these values. Are you using fail2ban? (suggestions cribbed from http://serverfault.com/questions/588391/how-to-get-doveconf-to-reload-its-config-or-read-from-etc-dovecot)
Re: dovecot cram-md5 setting break sending emails
Hehe I didn't put there X, only here for public place. ;) I sent emails but it not working when I do in dovecot.conf file (which is default settings): auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql # driver = passwd-file # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } I can send emails when I set in dovecot.conf file: auth_mechanisms = plain login cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } 2017-02-23 10:08 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > Am 23.02.2017 um 09:59 schrieb Poliman - Serwis: > > Ok, so I added in main.cf at the bottom of the file the line: > > debug_peer_list = 127.0.0.1,93.X.X.31 > > Only for shure: you didn't really wrote "X" in main.cf? > > > and in master.cf (set 'n' in chroot column): > > submission inet n - n - - smtpd > > smtps inet n - n - - smtpd > > > > What is next step? > > Next steps : > - try sending mails > - looking up the logs (for finding error or to make shure you didn't > open your system up completely) > > > Willi > > > > > 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de < > > wilfried.es...@essignetz.de>: > > > >> Hi, > >> > >> > >> would suggest : > >> - Try turning off chroot operation in master.cf > >> - Verbose logging for specific SMTP connections > >> (see http://www.postfix.org/DEBUG_README.html) > >> > >> > >> Willi > >> > >> > >> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: > >>> Hmm. I think that above is not working. Probably I tried sent email too > >>> fast after restart dovecot and new settings weren't loaded. > >>> > >>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > >>> > By the way I did some test. I removed cram-md5 from auth_mechanisms > line > and I uncommented default lines in passdb block and also left > >> uncommented > two lines added by me like below: > auth_mechanisms = plain login > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > I can send emails but I have no idea which setting is used - these two > lines: > args = /etc/dovecot/dovecot-sql.conf > driver = sql > > or these > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > > > On 23 February 2017 at 07:01, Poliman - Serwis > >> wrote: > >> ... > >> All worked fine. Then I added in dovecot.conf file: > >> auth_mechanisms = plain login cram-md5 #added cram-md5 > >> > >> passdb { > >> #args = /etc/dovecot/dovecot-sql.conf > >> #driver = sql > >>driver = passwd-file > >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >> } > >> > >> In passdb block commented out default lines and add two (I can put > >> whole > >> dovecot config). All things still worked fine. Then - in > dovecot.conf > > file I > >> changed back setting to default. After this I can't send emails. In > >> log > > I > >> have: > >> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL > >> authentication mechanisms > >> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL > >> authentication mechanisms > > > > I suspect it is not permitted to have # comments in dovecot conf > files > > except on a line of their own, though I admit I can't find this > > documented. Try removing '#added cram-md5' or putting it on a line of > > its own. > > > > > > -- > > *Pozdrawiam / Best Regards* > *Piotr Bracha* > > > > > *tel. 534 555 877* > > *ser...@poliman.pl * > > >>> > >>> > >>> > >> > >> > > > > > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
Strange thing, I can't send emails when I do in dovecot.conf file (which is default settings): auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql # driver = passwd-file # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } I can send emails when I set in dovecot.conf file: auth_mechanisms = plain login cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } Besides in dovecot.conf file I added: auth_debug=yes auth_verbose=yes I attach file with dovecot -a output. 2017-02-23 10:11 GMT+01:00 Dominic Raferd : > On 23/02/2017 09:06, Poliman - Serwis wrote: > > I also turned on verbose log in dovecot and below is output in mail.log: > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > xsasl_dovecot_server_connect: auth reply: DONE > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL > authentication mechanisms > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process > /usr/lib/postfix/smtpd pid 3640 exit status 1 > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: > /usr/lib/postfix/smtpd: bad command startup -- throttling > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection > rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20 > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection > count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message > rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size > 3 at Feb 23 09:58:21 > > > These seem to be from postfix, not from dovecot. You can get more info > from dovecot by enabling debug_log_path = path/to/debug/log and by ensuring > that the changes you've made to the configuration are actually seen by > dovecot. The easiest way to verify what dovecot is actually using at > runtime is the doveconf command, dovecot -a will show you these values. Are > you using fail2ban? (suggestions cribbed from http://serverfault.com/ > questions/588391/how-to-get-doveconf-to-reload-its-config- > or-read-from-etc-dovecot) > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl * # 2.2.9: /etc/dovecot/dovecot.conf # OS: Linux 4.4.0-62-generic x86_64 Ubuntu 14.04.5 LTS # NOTE: Send doveconf -n output instead when asking for help. auth_anonymous_username = anonymous auth_cache_negative_ttl = 1 hours auth_cache_size = 0 auth_cache_ttl = 1 hours auth_debug = yes auth_debug_passwords = no auth_default_realm = auth_failure_delay = 2 secs auth_gssapi_hostname = auth_krb5_keytab = auth_master_user_separator = auth_mechanisms = plain login cram-md5 auth_proxy_self = auth_realms = auth_socket_path = auth-userdb auth_ssl_require_client_cert = no auth_ssl_username_from_cert = no auth_use_winbind = no auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ auth_username_format = %Lu auth_username_translation = auth_verbose = yes auth_verbose_passwords = no auth_winbind_helper_path = /usr/bin/ntlm_auth auth_worker_max_count = 30 base_dir = /var/run/dovecot config_cache_size = 1 M debug_log_path = default_client_limit = 1000 default_idle_kill = 1 mins default_internal_user = dovecot default_login_user = dovenull default_process_limit = 100 default_vsz_limit = 256 M deliver_log_format = msgid=%m: %$ dict_db_config = director_doveadm_port = 0 director_mail_servers = director_servers = director_user_expire = 15 mins director_username_hash = %Lu disable_plaintext_auth = yes dotlock_use_excl = yes doveadm_allowed_commands = doveadm_password = doveadm_port = 0 doveadm_socket_path = doveadm-server doveadm_worker_count = 0 dsync_alt_char = _ dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U first_valid_gid = 1 first_valid_uid = 500 hostname = imap_capability = imap_client_workarounds = imap_id_log = imap_id_send = name * imap_idle_notify_interval = 2 mins imap_logout_format = in=%i out=%o imap_max_line_length = 64 k imap_metadata = no imap_urlauth_host = imap_urlauth_logout_format = in=%i out=%o imap_urlauth_port = 143 imapc_features = imapc_host = imapc_list_prefix = imapc_master_user = imapc_max_idle_time = 29 mins imapc_password = imapc_port = 143 imapc_rawlog_dir = imapc_ssl = no imapc_ssl_verify = yes imapc_user = import_environment = TZ DEBUG_OUTOFMEM info_log_path = instance_name = dovecot last_valid_gid = 0 last_valid_uid = 0 lda_mailbox_autocreate = no lda_mailbox_autosubscribe = no lda_original_recipient_header = libexec_dir = /usr/lib/dovecot listen = *,[::] lmtp_address_translate = lmtp_proxy = no lm
Re: dovecot cram-md5 setting break sending emails
Am 23.02.2017 um 10:06 schrieb Poliman - Serwis: > I also turned on verbose log in dovecot and below is output in mail.log: > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > xsasl_dovecot_server_connect: auth reply: DONE > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL > authentication mechanisms I'm no dovecot brain - but there is cram-md5 missing. Seems to less loglines for debug_peer_list active. Did you reload postfix? Can you also add the postfix loglines according to the sending client? Willi > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process > /usr/lib/postfix/smtpd pid 3640 exit status 1 > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: > /usr/lib/postfix/smtpd: bad command startup -- throttling > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection > rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20 > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection > count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message rate > 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size 3 > at Feb 23 09:58:21 > > > 2017-02-23 9:59 GMT+01:00 Poliman - Serwis : > >> Ok, so I added in main.cf at the bottom of the file the line: >> debug_peer_list = 127.0.0.1,93.X.X.31 >> >> and in master.cf (set 'n' in chroot column): >> submission inet n - n - - smtpd >> smtps inet n - n - - smtpd >> >> What is next step? >> >> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de < >> wilfried.es...@essignetz.de>: >> >>> Hi, >>> >>> >>> would suggest : >>> - Try turning off chroot operation in master.cf >>> - Verbose logging for specific SMTP connections >>> (see http://www.postfix.org/DEBUG_README.html) >>> >>> >>> Willi >>> >>> >>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: Hmm. I think that above is not working. Probably I tried sent email too fast after restart dovecot and new settings weren't loaded. 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > By the way I did some test. I removed cram-md5 from auth_mechanisms >>> line > and I uncommented default lines in passdb block and also left >>> uncommented > two lines added by me like below: > auth_mechanisms = plain login > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > I can send emails but I have no idea which setting is used - these two > lines: > args = /etc/dovecot/dovecot-sql.conf > driver = sql > > or these >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > >> On 23 February 2017 at 07:01, Poliman - Serwis >>> wrote: >>> ... >>> All worked fine. Then I added in dovecot.conf file: >>> auth_mechanisms = plain login cram-md5 #added cram-md5 >>> >>> passdb { >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>>driver = passwd-file >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> >>> In passdb block commented out default lines and add two (I can put >>> whole >>> dovecot config). All things still worked fine. Then - in dovecot.conf >> file I >>> changed back setting to default. After this I can't send emails. In >>> log >> I >>> have: >>> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL >>> authentication mechanisms >>> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL >>> authentication mechanisms >> >> I suspect it is not permitted to have # comments in dovecot conf files >> except on a line of their own, though I admit I can't find this >> documented. Try removing '#added cram-md5' or putting it on a line of >> its own. >> > > > > -- > > *Pozdrawiam / Best Regards* > *Piotr Bracha* > > > > > *tel. 534 555 877* > > *ser...@poliman.pl * > >>> >>> >> >> >> -- >> >> *Pozdrawiam / Best Regards* >> *Piotr Bracha* >> >> >> >> >> *tel. 534 555 877* >> >> *ser...@poliman.pl * >> > > >
Re: dovecot cram-md5 setting break sending emails
Yes, You have right. These logs show when I setup default lines in dovecot.conf: auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql # driver = passwd-file # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } I can send emails (and then no errors/warnings on logs) when I have (these are custom settings from tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5) auth_mechanisms = plain login cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } Yes, I reloaded postfix like author said in documentation to which You put link. Dovecot/postfix log lines are in main.log and mail.err files on ubuntu. I paste all what I have there. 2017-02-23 10:17 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > > > Am 23.02.2017 um 10:06 schrieb Poliman - Serwis: > > I also turned on verbose log in dovecot and below is output in mail.log: > > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > > xsasl_dovecot_server_connect: auth reply: DONE > > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > > xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN > > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: > > xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN > > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL > > authentication mechanisms > I'm no dovecot brain - but there is cram-md5 missing. > > > Seems to less loglines for debug_peer_list active. Did you reload postfix? > > Can you also add the postfix loglines according to the sending client? > > > Willi > > > > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process > > /usr/lib/postfix/smtpd pid 3640 exit status 1 > > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: > > /usr/lib/postfix/smtpd: bad command startup -- throttling > > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection > > rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20 > > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection > > count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 > > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message > rate > > 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 > > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache > size 3 > > at Feb 23 09:58:21 > > > > > > 2017-02-23 9:59 GMT+01:00 Poliman - Serwis : > > > >> Ok, so I added in main.cf at the bottom of the file the line: > >> debug_peer_list = 127.0.0.1,93.X.X.31 > >> > >> and in master.cf (set 'n' in chroot column): > >> submission inet n - n - - smtpd > >> smtps inet n - n - - smtpd > >> > >> What is next step? > >> > >> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de < > >> wilfried.es...@essignetz.de>: > >> > >>> Hi, > >>> > >>> > >>> would suggest : > >>> - Try turning off chroot operation in master.cf > >>> - Verbose logging for specific SMTP connections > >>> (see http://www.postfix.org/DEBUG_README.html) > >>> > >>> > >>> Willi > >>> > >>> > >>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: > Hmm. I think that above is not working. Probably I tried sent email > too > fast after restart dovecot and new settings weren't loaded. > > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > > > By the way I did some test. I removed cram-md5 from auth_mechanisms > >>> line > > and I uncommented default lines in passdb block and also left > >>> uncommented > > two lines added by me like below: > > auth_mechanisms = plain login > > > > passdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > I can send emails but I have no idea which setting is used - these > two > > lines: > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > > > or these > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > > > 2017-02-23 8:17 GMT+01:00 Dominic Raferd : > > > >> On 23 February 2017 at 07:01, Poliman - Serwis > >>> wrote: > >>> ... > >>> All worked fine. Then I added in dovecot.conf file: > >>> auth_mechanisms = plain login cram-md5 #added cram-md5 > >>> > >>> passdb { > >>> #args = /etc/dovecot/dovecot-sql.conf > >>> #driver = sql > >>>driver = passwd-file > >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> } > >>> > >>> In passdb block commented out default lines and add two (I can put > >>> whole > >>> dovecot config). All things still worked fine. Then - in > dovecot.conf > >> file I > >>> changed back setting to default. After this I can't send emails. In > >>> log > >> I > >>> have: > >>> Feb
Re: dovecot cram-md5 setting break sending emails
On 2017-02-23 10:06, Poliman - Serwis wrote: I also turned on verbose log in dovecot and below is output in mail.log: Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_connect: auth reply: DONE Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL authentication mechanisms From your postconf -n you disabled the use of mechanisms that use plaintext password smtpd_sasl_security_options = noanonymous,noplaintext smtpd_sasl_tls_security_options = noanonymous,noplaintext The default for both is "noanonymous" see http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options Postfix defaults to use the cyrus sasl implementation with saslauthd and probably the cram-md5 is module is not installed. You should be using the dovecot sasl implementation in postfix, from your postconf -n i don't see that you are using the dovecot sasl implementation. In main.cf set (from: http://www.postfix.org/SASL_README.html#server_sasl_enable ): smtpd_sasl_type = dovecot and if you configured the dovecot auth socket in /var/spool/postfix/private/auth smtpd_sasl_path = private/auth from: http://www.postfix.org/SASL_README.html#server_dovecot Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process /usr/lib/postfix/smtpd pid 3640 exit status 1 Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size 3 at Feb 23 09:58:21 2017-02-23 9:59 GMT+01:00 Poliman - Serwis : Ok, so I added in main.cf [3] at the bottom of the file the line: debug_peer_list = 127.0.0.1,93.X.X.31 and in master.cf [1] (set 'n' in chroot column): submission inet n - n - - smtpd smtps inet n - n - - smtpd What is next step? 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de : Hi, would suggest : - Try turning off chroot operation in master.cf [1] - Verbose logging for specific SMTP connections (see http://www.postfix.org/DEBUG_README.html [2]) Willi Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: Hmm. I think that above is not working. Probably I tried sent email too fast after restart dovecot and new settings weren't loaded. 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : By the way I did some test. I removed cram-md5 from auth_mechanisms line and I uncommented default lines in passdb block and also left uncommented two lines added by me like below: auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } I can send emails but I have no idea which setting is used - these two lines: args = /etc/dovecot/dovecot-sql.conf driver = sql or these driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd 2017-02-23 8:17 GMT+01:00 Dominic Raferd : On 23 February 2017 at 07:01, Poliman - Serwis wrote: ... All worked fine. Then I added in dovecot.conf file: auth_mechanisms = plain login cram-md5 #added cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } In passdb block commented out default lines and add two (I can put whole dovecot config). All things still worked fine. Then - in dovecot.conf file I changed back setting to default. After this I can't send emails. In log I have: Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL authentication mechanisms Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL authentication mechanisms I suspect it is not permitted to have # comments in dovecot conf files except on a line of their own, though I admit I can't find this documented. Try removing '#added cram-md5' or putting it on a line of its own. -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl * -- Pozdrawiam / Best Regards _Piotr Bracha_ tel. 534 555 877 ser...@poliman.pl -- Pozdrawiam / Best Regards _Piotr Bracha_ tel. 534 555 877 ser...@poliman.pl Links: -- [1] http://master.cf [2] http://www.postfix.org/DEBUG_README.html [3] http://main.cf -- Christian Kivalo
Re: dovecot cram-md5 setting break sending emails
You have right, I added 'noplaintext'. But main thing what I want to get - no cram-md5 in dovecot and ability to send emails. All worked fine until I set in dovecot.conf: auth_mechanisms = plain login cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } Where default is: auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql # driver = passwd-file # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } and after I checked that sending emails worked I set again default settings in dovecot.conf. After this change I can't send emails. 2017-02-23 10:24 GMT+01:00 Christian Kivalo : > > > On 2017-02-23 10:06, Poliman - Serwis wrote: > >> I also turned on verbose log in dovecot and below is output in >> mail.log: >> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: >> xsasl_dovecot_server_connect: auth reply: DONE >> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: >> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN >> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: >> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN >> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL >> authentication mechanisms >> > From your postconf -n you disabled the use of mechanisms that use > plaintext password > smtpd_sasl_security_options = noanonymous,noplaintext > smtpd_sasl_tls_security_options = noanonymous,noplaintext > The default for both is "noanonymous" see http://www.postfix.org/postcon > f.5.html#smtpd_sasl_security_options > Postfix defaults to use the cyrus sasl implementation with saslauthd and > probably the cram-md5 is module is not installed. > You should be using the dovecot sasl implementation in postfix, from your > postconf -n i don't see that you are using the dovecot sasl implementation. > > In main.cf set (from: http://www.postfix.org/SASL_RE > ADME.html#server_sasl_enable ): > > smtpd_sasl_type = dovecot > > and if you configured the dovecot auth socket in > /var/spool/postfix/private/auth > > smtpd_sasl_path = private/auth > > from: http://www.postfix.org/SASL_README.html#server_dovecot > >> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process >> /usr/lib/postfix/smtpd pid 3640 exit status 1 >> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: >> /usr/lib/postfix/smtpd: bad command startup -- throttling >> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max >> connection rate 27/60s for (submission:54.175.125.239) at Feb 23 >> 09:58:20 >> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max >> connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 >> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message >> rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 >> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache >> size 3 at Feb 23 09:58:21 >> >> 2017-02-23 9:59 GMT+01:00 Poliman - Serwis : >> >> Ok, so I added in main.cf [3] at the bottom of the file the line: >>> debug_peer_list = 127.0.0.1,93.X.X.31 >>> >>> and in master.cf [1] (set 'n' in chroot column): >>> submission inet n - n - - smtpd >>> smtps inet n - n - - smtpd >>> >>> What is next step? >>> >>> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de >>> : >>> >>> Hi, would suggest : - Try turning off chroot operation in master.cf [1] - Verbose logging for specific SMTP connections (see http://www.postfix.org/DEBUG_README.html [2]) Willi Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: > Hmm. I think that above is not working. Probably I tried sent > email too > fast after restart dovecot and new settings weren't loaded. > > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : > > By the way I did some test. I removed cram-md5 from >> > auth_mechanisms line > and I uncommented default lines in passdb block and also left >> > uncommented > two lines added by me like below: >> auth_mechanisms = plain login >> >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> I can send emails but I have no idea which setting is used - >> > these two > lines: >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> >> or these >> > driver = passwd-file >> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> >> 2017-02-23 8:17 GMT+01:00 Dominic Raferd >> > : > >> On 23 February 2017 at 07:01, Poliman - Serwis >>> >> wrote: > ... All worked fine. Then I added in dovecot.conf file: auth_mechanisms = plain login cram-md5 #added cram-md5 passdb { >
Re: dovecot cram-md5 setting break sending emails
And in main.cf I have default setting (after installation it was as below): smtpd_sasl_type = dovecot smtpd_sasl_path = private/auth Is it possible that dovecot not see these two? 2017-02-23 10:30 GMT+01:00 Poliman - Serwis : > You have right, I added 'noplaintext'. But main thing what I want to get > - no cram-md5 in dovecot and ability to send emails. All worked fine until > I set in dovecot.conf: > auth_mechanisms = plain login cram-md5 > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > Where default is: > auth_mechanisms = plain login > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > # driver = passwd-file > # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > and after I checked that sending emails worked I set again default > settings in dovecot.conf. After this change I can't send emails. > > 2017-02-23 10:24 GMT+01:00 Christian Kivalo : > >> >> >> On 2017-02-23 10:06, Poliman - Serwis wrote: >> >>> I also turned on verbose log in dovecot and below is output in >>> mail.log: >>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: >>> xsasl_dovecot_server_connect: auth reply: DONE >>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: >>> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN >>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: >>> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN >>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL >>> authentication mechanisms >>> >> From your postconf -n you disabled the use of mechanisms that use >> plaintext password >> smtpd_sasl_security_options = noanonymous,noplaintext >> smtpd_sasl_tls_security_options = noanonymous,noplaintext >> The default for both is "noanonymous" see http://www.postfix.org/postcon >> f.5.html#smtpd_sasl_security_options >> Postfix defaults to use the cyrus sasl implementation with saslauthd and >> probably the cram-md5 is module is not installed. >> You should be using the dovecot sasl implementation in postfix, from your >> postconf -n i don't see that you are using the dovecot sasl implementation. >> >> In main.cf set (from: http://www.postfix.org/SASL_RE >> ADME.html#server_sasl_enable ): >> >> smtpd_sasl_type = dovecot >> >> and if you configured the dovecot auth socket in >> /var/spool/postfix/private/auth >> >> smtpd_sasl_path = private/auth >> >> from: http://www.postfix.org/SASL_README.html#server_dovecot >> >>> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process >>> /usr/lib/postfix/smtpd pid 3640 exit status 1 >>> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: >>> /usr/lib/postfix/smtpd: bad command startup -- throttling >>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max >>> connection rate 27/60s for (submission:54.175.125.239) at Feb 23 >>> 09:58:20 >>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max >>> connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08 >>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message >>> rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37 >>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache >>> size 3 at Feb 23 09:58:21 >>> >>> 2017-02-23 9:59 GMT+01:00 Poliman - Serwis : >>> >>> Ok, so I added in main.cf [3] at the bottom of the file the line: debug_peer_list = 127.0.0.1,93.X.X.31 and in master.cf [1] (set 'n' in chroot column): submission inet n - n - - smtpd smtps inet n - n - - smtpd What is next step? 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de : Hi, > > would suggest : > - Try turning off chroot operation in master.cf [1] > - Verbose logging for specific SMTP connections > (see http://www.postfix.org/DEBUG_README.html [2]) > > > Willi > > Am 23.02.2017 um 09:21 schrieb Poliman - Serwis: > >> Hmm. I think that above is not working. Probably I tried sent >> > email too > >> fast after restart dovecot and new settings weren't loaded. >> >> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis : >> >> By the way I did some test. I removed cram-md5 from >>> >> auth_mechanisms line > >> and I uncommented default lines in passdb block and also left >>> >> uncommented > >> two lines added by me like below: >>> auth_mechanisms = plain login >>> >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> >>> I can send emails but I have no idea which setting is used - >>> >> these two > >> lines: >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> >>> or these >>> >> > driver = pas
Re: dovecot cram-md5 setting break sending emails
I wonderd about how dovecot would deside, which "args" belongs to wich "driver" line. So looked over http://wiki.dovecot.org/Authentication/MultipleDatabases. Possibly you should write something like: passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } Willi Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: > You have right, I added 'noplaintext'. But main thing what I want to get - > no cram-md5 in dovecot and ability to send emails. All worked fine until I > set in dovecot.conf: > auth_mechanisms = plain login cram-md5 > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > }
Re: dovecot cram-md5 setting break sending emails
This determine to use both - default and custom settings in passdb block but I would default setting without cram-md5 in this file. In other words I would have only below in dovecot.conf: passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } This worked before I added cram-md5 lines. After this I can't use default settings because then I can't send emails. Next thing that I only use one from above You pasted (other two lines are commented out): passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql # driver = passwd-file # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } or this passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > I wonderd about how dovecot would deside, which "args" belongs to wich > "driver" line. So looked over > http://wiki.dovecot.org/Authentication/MultipleDatabases. > > Possibly you should write something like: > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > > passdb { >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > > Willi > > > Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: > > You have right, I added 'noplaintext'. But main thing what I want to get > - > > no cram-md5 in dovecot and ability to send emails. All worked fine until > I > > set in dovecot.conf: > > auth_mechanisms = plain login cram-md5 > > passdb { > > #args = /etc/dovecot/dovecot-sql.conf > > #driver = sql > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
I setup like You pasted and in mail.log I have: Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( do_not_re...@example.com,93.179.231.31,): lookup: user= do_not_re...@example.com file=/etc/dovecot/cram-m$ Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: OK#0111#011user=do_not_re...@example.com Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57cbfada#011session_pid=5092 Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( do_not_re...@example.com,93.179.231.31,): passdb didn't return userdb entries, trying the next userdb Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir as home, CONCAT( maildir_format, ':', mail$ Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out: USER#0113625975809# 011do_not_re...@example.com#011home=/var/vmail/example.com/do_not_reply#011mail=maildir:/var/vma$ Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=< do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31, lip=193.70.38.6, mpid=5092, TLS, session= Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl): Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > I wonderd about how dovecot would deside, which "args" belongs to wich > "driver" line. So looked over > http://wiki.dovecot.org/Authentication/MultipleDatabases. > > Possibly you should write something like: > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > > passdb { >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > > Willi > > > Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: > > You have right, I added 'noplaintext'. But main thing what I want to get > - > > no cram-md5 in dovecot and ability to send emails. All worked fine until > I > > set in dovecot.conf: > > auth_mechanisms = plain login cram-md5 > > passdb { > > #args = /etc/dovecot/dovecot-sql.conf > > #driver = sql > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
Hi, now i'm rather unsure what you want to say with this? It looks something like authentification worked. But without the postfix loglines i cant see it for sure. Willi Am 23.02.2017 um 10:47 schrieb Poliman - Serwis: > I setup like You pasted and in mail.log I have: > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( > do_not_re...@example.com,93.179.231.31,): lookup: user= > do_not_re...@example.com file=/etc/dovecot/cram-m$ > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: > OK#0111#011user=do_not_re...@example.com > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: > REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57cbfada#011session_pid=5092 > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( > do_not_re...@example.com,93.179.231.31,): passdb didn't > return userdb entries, trying the next userdb > Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( > do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir as > home, CONCAT( maildir_format, ':', mail$ > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out: > USER#0113625975809# > 011do_not_re...@example.com#011home=/var/vmail/example.com/do_not_reply#011mail=maildir:/var/vma$ > Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=< > do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31, > lip=193.70.38.6, mpid=5092, TLS, session= > Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl): > Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243 > > > 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> I wonderd about how dovecot would deside, which "args" belongs to wich >> "driver" line. So looked over >> http://wiki.dovecot.org/Authentication/MultipleDatabases. >> >> Possibly you should write something like: >> >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> >> passdb { >>driver = passwd-file >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >> } >> >> >> Willi >> >> >> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: >>> You have right, I added 'noplaintext'. But main thing what I want to get >> - >>> no cram-md5 in dovecot and ability to send emails. All worked fine until >> I >>> set in dovecot.conf: >>> auth_mechanisms = plain login cram-md5 >>> passdb { >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>>driver = passwd-file >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >> >> > >
Re: dovecot cram-md5 setting break sending emails
I am not sure that all in these logs are good because there is info 'passdb didn't return userdb entries'. Authentication worked because dovecot used cram-md5 file (still custom settings in dovecot.conf about which I say all time) but dovecot can't find match in database (configured in line: args = /etc/dovecot/dovecot-sql.conf driver = sql). How can I provide postfix logs - where can I find them? I have only mail.log and mail.err files for mailing errors. :) 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > Hi, > > > now i'm rather unsure what you want to say with this? > > It looks something like authentification worked. But without the postfix > loglines i cant see it for sure. > > > > Willi > > > Am 23.02.2017 um 10:47 schrieb Poliman - Serwis: > > I setup like You pasted and in mail.log I have: > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( > > do_not_re...@example.com,93.179.231.31,): lookup: > user= > > do_not_re...@example.com file=/etc/dovecot/cram-m$ > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: > > OK#0111#011user=do_not_re...@example.com > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: > > REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c > bfada#011session_pid=5092 > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( > > do_not_re...@example.com,93.179.231.31,): passdb > didn't > > return userdb entries, trying the next userdb > > Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( > > do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir > as > > home, CONCAT( maildir_format, ':', mail$ > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out: > > USER#0113625975809# > > 011do_not_re...@example.com#011home=/var/vmail/example. > com/do_not_reply#011mail=maildir:/var/vma$ > > Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=< > > do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31, > > lip=193.70.38.6, mpid=5092, TLS, session= > > Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl): > > Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243 > > > > > > 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < > > wilfried.es...@essignetz.de>: > > > >> I wonderd about how dovecot would deside, which "args" belongs to wich > >> "driver" line. So looked over > >> http://wiki.dovecot.org/Authentication/MultipleDatabases. > >> > >> Possibly you should write something like: > >> > >> passdb { > >> args = /etc/dovecot/dovecot-sql.conf > >> driver = sql > >> } > >> > >> passdb { > >>driver = passwd-file > >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >> } > >> > >> > >> Willi > >> > >> > >> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: > >>> You have right, I added 'noplaintext'. But main thing what I want to > get > >> - > >>> no cram-md5 in dovecot and ability to send emails. All worked fine > until > >> I > >>> set in dovecot.conf: > >>> auth_mechanisms = plain login cram-md5 > >>> passdb { > >>> #args = /etc/dovecot/dovecot-sql.conf > >>> #driver = sql > >>>driver = passwd-file > >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> } > >> > >> > > > > > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
Hi, i assume your test mail got through now? Am 23.02.2017 um 11:17 schrieb Poliman - Serwis: > I am not sure that all in these logs are good because there is info 'passdb > didn't return userdb entries'. I think there is nothing to worry about. Dovecot knows about password and user databases. It is possible to have password and userdata in the same db, like the sql-db from your default entry. But the cram-md5 file didn't have userdata, which made dovecot looking in the other db it got to know. I recommend you read details in http://wiki.dovecot.org/PasswordDatabase , http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other info from dovecot wiki. > Authentication worked because dovecot used > cram-md5 file (still custom settings in dovecot.conf about which I say all > time) but dovecot can't find match in database (configured in line: > args = /etc/dovecot/dovecot-sql.conf > driver = sql). As this is the postfix list, i'd like to send you to the dovecot forum/list to ask what you concerns. > How can I provide postfix logs - where can I find them? I have only > mail.log and mail.err files for mailing errors. :) If mail got through now, there is no need for further info from postfix. As i know, postfix logs usually by means of syslog into /var/log/mail.log or /var/log/mail/mail.log. Willi > > 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Hi, >> >> >> now i'm rather unsure what you want to say with this? >> >> It looks something like authentification worked. But without the postfix >> loglines i cant see it for sure. >> >> >> >> Willi >> >> >> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis: >>> I setup like You pasted and in mail.log I have: >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( >>> do_not_re...@example.com,93.179.231.31,): lookup: >> user= >>> do_not_re...@example.com file=/etc/dovecot/cram-m$ >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: >>> OK#0111#011user=do_not_re...@example.com >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: >>> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c >> bfada#011session_pid=5092 >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( >>> do_not_re...@example.com,93.179.231.31,): passdb >> didn't >>> return userdb entries, trying the next userdb >>> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( >>> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir >> as >>> home, CONCAT( maildir_format, ':', mail$ >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out: >>> USER#0113625975809# >>> 011do_not_re...@example.com#011home=/var/vmail/example. >> com/do_not_reply#011mail=maildir:/var/vma$ >>> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=< >>> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31, >>> lip=193.70.38.6, mpid=5092, TLS, session= >>> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl): >>> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243 >>> >>> >>> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < >>> wilfried.es...@essignetz.de>: >>> I wonderd about how dovecot would deside, which "args" belongs to wich "driver" line. So looked over http://wiki.dovecot.org/Authentication/MultipleDatabases. Possibly you should write something like: passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } passdb { driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } Willi Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: > You have right, I added 'noplaintext'. But main thing what I want to >> get - > no cram-md5 in dovecot and ability to send emails. All worked fine >> until I > set in dovecot.conf: > auth_mechanisms = plain login cram-md5 > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } >>> >>> >> >> > >
Re: dovecot cram-md5 setting break sending emails
Test email go through when I have in dovecot.conf: auth_mechanisms = plain login cram-md5 #added cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } but this isn't default setting. I don't need this, need default: auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } but then sending testing email is not working. Unfortunatelly dovecot list didn't help me. One developer sends me to this group. ;) All logs from mail.log I pasted. I have mail.log and mail.err files. 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > Hi, > > > i assume your test mail got through now? > > > Am 23.02.2017 um 11:17 schrieb Poliman - Serwis: > > I am not sure that all in these logs are good because there is info > 'passdb > > didn't return userdb entries'. > I think there is nothing to worry about. > > Dovecot knows about password and user databases. It is possible to have > password and userdata in the same db, like the sql-db from your default > entry. But the cram-md5 file didn't have userdata, which made dovecot > looking in the other db it got to know. I recommend you read details in > http://wiki.dovecot.org/PasswordDatabase , > http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other > info from dovecot wiki. > > > > Authentication worked because dovecot used > > cram-md5 file (still custom settings in dovecot.conf about which I say > all > > time) but dovecot can't find match in database (configured in line: > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql). > As this is the postfix list, i'd like to send you to the dovecot > forum/list to ask what you concerns. > > > > How can I provide postfix logs - where can I find them? I have only > > mail.log and mail.err files for mailing errors. :) > If mail got through now, there is no need for further info from postfix. > As i know, postfix logs usually by means of syslog into > /var/log/mail.log or /var/log/mail/mail.log. > > > Willi > > > > > > > > > 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de < > > wilfried.es...@essignetz.de>: > > > >> Hi, > >> > >> > >> now i'm rather unsure what you want to say with this? > >> > >> It looks something like authentification worked. But without the postfix > >> loglines i cant see it for sure. > >> > >> > >> > >> Willi > >> > >> > >> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis: > >>> I setup like You pasted and in mail.log I have: > >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT > >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( > >>> do_not_re...@example.com,93.179.231.31,): lookup: > >> user= > >>> do_not_re...@example.com file=/etc/dovecot/cram-m$ > >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: > >>> OK#0111#011user=do_not_re...@example.com > >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: > >>> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c > >> bfada#011session_pid=5092 > >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( > >>> do_not_re...@example.com,93.179.231.31,): passdb > >> didn't > >>> return userdb entries, trying the next userdb > >>> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( > >>> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir > >> as > >>> home, CONCAT( maildir_format, ':', mail$ > >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out: > >>> USER#0113625975809# > >>> 011do_not_re...@example.com#011home=/var/vmail/example. > >> com/do_not_reply#011mail=maildir:/var/vma$ > >>> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=< > >>> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31, > >>> lip=193.70.38.6, mpid=5092, TLS, session= > >>> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl): > >>> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243 > >>> > >>> > >>> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < > >>> wilfried.es...@essignetz.de>: > >>> > I wonderd about how dovecot would deside, which "args" belongs to wich > "driver" line. So looked over > http://wiki.dovecot.org/Authentication/MultipleDatabases. > > Possibly you should write something like: > > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > > Willi > > > Am 23.02.2017 um 10:30 schrieb Poliman - Serwis: > > You have right, I added 'noplaintext'. But main thing what I want to > >> get > - > > no cram-md5 in dovecot and ability to send emails. All worked fine > >> until > I > > set in dovecot.conf: > > auth_mechanisms = plain login cram-md5 > > passdb { >
Re: dovecot cram-md5 setting break sending emails
Am 23.02.2017 um 13:27 schrieb Poliman - Serwis: > Test email go through when I have in dovecot.conf: > auth_mechanisms = plain login cram-md5 #added cram-md5 > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > but this isn't default setting. I don't need this, need default: > auth_mechanisms = plain login > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > > but then sending testing email is not working. Now (i think) i understand. You should look to your postfix main.cf. smtpd_sasl_security_options = noanonymous,noplaintext smtpd_sasl_tls_security_options = noanonymous,noplaintext Possibly you should remove "noplaintext" from smtpd_sasl_tls_security_options. If you remove it also from smtpd_sasl_security_options your password will traverse internet in cleartext. Details : http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options Willi > > Unfortunatelly dovecot list didn't help me. One developer sends me to this > group. ;) > > All logs from mail.log I pasted. I have mail.log and mail.err files. > > 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Hi, >> >> >> i assume your test mail got through now? >> >> >> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis: >>> I am not sure that all in these logs are good because there is info >> 'passdb >>> didn't return userdb entries'. >> I think there is nothing to worry about. >> >> Dovecot knows about password and user databases. It is possible to have >> password and userdata in the same db, like the sql-db from your default >> entry. But the cram-md5 file didn't have userdata, which made dovecot >> looking in the other db it got to know. I recommend you read details in >> http://wiki.dovecot.org/PasswordDatabase , >> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other >> info from dovecot wiki. >> >> >>> Authentication worked because dovecot used >>> cram-md5 file (still custom settings in dovecot.conf about which I say >> all >>> time) but dovecot can't find match in database (configured in line: >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql). >> As this is the postfix list, i'd like to send you to the dovecot >> forum/list to ask what you concerns. >> >> >>> How can I provide postfix logs - where can I find them? I have only >>> mail.log and mail.err files for mailing errors. :) >> If mail got through now, there is no need for further info from postfix. >> As i know, postfix logs usually by means of syslog into >> /var/log/mail.log or /var/log/mail/mail.log. >> >> >> Willi >> >> >> >> >> >>> >>> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de < >>> wilfried.es...@essignetz.de>: >>> Hi, now i'm rather unsure what you want to say with this? It looks something like authentification worked. But without the postfix loglines i cant see it for sure. Willi Am 23.02.2017 um 10:47 schrieb Poliman - Serwis: > I setup like You pasted and in mail.log I have: > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( > do_not_re...@example.com,93.179.231.31,): lookup: user= > do_not_re...@example.com file=/etc/dovecot/cram-m$ > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: > OK#0111#011user=do_not_re...@example.com > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: > REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c bfada#011session_pid=5092 > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( > do_not_re...@example.com,93.179.231.31,): passdb didn't > return userdb entries, trying the next userdb > Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( > do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir as > home, CONCAT( maildir_format, ':', mail$ > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out: > USER#0113625975809# > 011do_not_re...@example.com#011home=/var/vmail/example. com/do_not_reply#011mail=maildir:/var/vma$ > Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=< > do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31, > lip=193.70.38.6, mpid=5092, TLS, session= > Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl): > Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243 > > > 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> I wonderd about how dovecot would deside, which "args" belongs to wich >> "driver" line. So looked over >> http://wiki.dovecot.org/Authentication/MultipleDatabases. >> >> Possibly you should write something like: >> >>
Re: dovecot cram-md5 setting break sending emails
Still nothing. If I removed "noplaintext" from these lines, sending email still working when I have: auth_mechanisms = plain login cram-md5 #added cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } but with this: auth_mechanisms = plain login passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } I still can't send. So sending (or not sending) depends (I think) from above configurations from dovecot.conf. 2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > Am 23.02.2017 um 13:27 schrieb Poliman - Serwis: > > Test email go through when I have in dovecot.conf: > > auth_mechanisms = plain login cram-md5 #added cram-md5 > > passdb { > > #args = /etc/dovecot/dovecot-sql.conf > > #driver = sql > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > but this isn't default setting. I don't need this, need default: > > auth_mechanisms = plain login > > passdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > > > but then sending testing email is not working. > > Now (i think) i understand. You should look to your postfix main.cf. > > smtpd_sasl_security_options = noanonymous,noplaintext > smtpd_sasl_tls_security_options = noanonymous,noplaintext > > Possibly you should remove "noplaintext" from > smtpd_sasl_tls_security_options. > > If you remove it also from smtpd_sasl_security_options your password > will traverse internet in cleartext. > > Details : > http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options > > > Willi > > > > > > Unfortunatelly dovecot list didn't help me. One developer sends me to > this > > group. ;) > > > > All logs from mail.log I pasted. I have mail.log and mail.err files. > > > > 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de < > > wilfried.es...@essignetz.de>: > > > >> Hi, > >> > >> > >> i assume your test mail got through now? > >> > >> > >> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis: > >>> I am not sure that all in these logs are good because there is info > >> 'passdb > >>> didn't return userdb entries'. > >> I think there is nothing to worry about. > >> > >> Dovecot knows about password and user databases. It is possible to have > >> password and userdata in the same db, like the sql-db from your default > >> entry. But the cram-md5 file didn't have userdata, which made dovecot > >> looking in the other db it got to know. I recommend you read details in > >> http://wiki.dovecot.org/PasswordDatabase , > >> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe > other > >> info from dovecot wiki. > >> > >> > >>> Authentication worked because dovecot used > >>> cram-md5 file (still custom settings in dovecot.conf about which I say > >> all > >>> time) but dovecot can't find match in database (configured in line: > >>> args = /etc/dovecot/dovecot-sql.conf > >>> driver = sql). > >> As this is the postfix list, i'd like to send you to the dovecot > >> forum/list to ask what you concerns. > >> > >> > >>> How can I provide postfix logs - where can I find them? I have only > >>> mail.log and mail.err files for mailing errors. :) > >> If mail got through now, there is no need for further info from postfix. > >> As i know, postfix logs usually by means of syslog into > >> /var/log/mail.log or /var/log/mail/mail.log. > >> > >> > >> Willi > >> > >> > >> > >> > >> > >>> > >>> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de < > >>> wilfried.es...@essignetz.de>: > >>> > Hi, > > > now i'm rather unsure what you want to say with this? > > It looks something like authentification worked. But without the > postfix > loglines i cant see it for sure. > > > > Willi > > > Am 23.02.2017 um 10:47 schrieb Poliman - Serwis: > > I setup like You pasted and in mail.log I have: > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: > CONT > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file( > > do_not_re...@example.com,93.179.231.31,): lookup: > user= > > do_not_re...@example.com file=/etc/dovecot/cram-m$ > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out: > > OK#0111#011user=do_not_re...@example.com > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in: > > REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c > bfada#011session_pid=5092 > > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch( > > do_not_re...@example.com,93.179.231.31,): passdb > didn't > > return userdb entries, trying the next userdb > > Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql( > > do_not_re...@example.com,93.179.231.31): SELECT email as user, > maildir > as > > home, CONCAT( maildir_format, ':', mail$ > > Feb 23 10:41:58 vps342401 dovecot: a
Re: dovecot cram-md5 setting break sending emails
Now i understand, that you want to add cram-md5 to the mechs, but to authenticate still against the sql-db? On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find under "Non-plaintext authentication mechanisms": "The problem with non-plaintext auth mechanisms is that the password must be stored either in plaintext, or using a mechanism-specific scheme that's incompatible with all other non-plaintext mechanisms. In addition, the mechanism-specific schemes often offer very little protection. This isn't a limitation of Dovecot, it's a requirement for the algorithms to even work. For example if you're going to use CRAM-MD5 authentication, the password needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in plaintext. " Does that possibly point out your problem? Otherwise please provide - dovecot logs for the mentioned two cases? - contnet of /etc/dovecot/dovecot-sql.conf? - maybe a link to the mentioned dovecot threat. Did you find your postfix logs? Which system do you use? Willi Am 23.02.2017 um 13:56 schrieb Poliman - Serwis: > Still nothing. If I removed "noplaintext" from these lines, sending email > still working when I have: > auth_mechanisms = plain login cram-md5 #added cram-md5 > passdb { > #args = /etc/dovecot/dovecot-sql.conf > #driver = sql >driver = passwd-file >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > but with this: > auth_mechanisms = plain login > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > > I still can't send. So sending (or not sending) depends (I think) from > above configurations from dovecot.conf. > > 2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Am 23.02.2017 um 13:27 schrieb Poliman - Serwis: >>> Test email go through when I have in dovecot.conf: >>> auth_mechanisms = plain login cram-md5 #added cram-md5 >>> passdb { >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>>driver = passwd-file >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> >>> but this isn't default setting. I don't need this, need default: >>> auth_mechanisms = plain login >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> >>> but then sending testing email is not working. >> >> Now (i think) i understand. You should look to your postfix main.cf. >> >> smtpd_sasl_security_options = noanonymous,noplaintext >> smtpd_sasl_tls_security_options = noanonymous,noplaintext >> >> Possibly you should remove "noplaintext" from >> smtpd_sasl_tls_security_options. >> >> If you remove it also from smtpd_sasl_security_options your password >> will traverse internet in cleartext. >> >> Details : >> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options >> >> >> Willi >> >> >>> >>> Unfortunatelly dovecot list didn't help me. One developer sends me to >> this >>> group. ;) >>> >>> All logs from mail.log I pasted. I have mail.log and mail.err files. >>> >>> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de < >>> wilfried.es...@essignetz.de>: >>> Hi, i assume your test mail got through now? Am 23.02.2017 um 11:17 schrieb Poliman - Serwis: > I am not sure that all in these logs are good because there is info 'passdb > didn't return userdb entries'. I think there is nothing to worry about. Dovecot knows about password and user databases. It is possible to have password and userdata in the same db, like the sql-db from your default entry. But the cram-md5 file didn't have userdata, which made dovecot looking in the other db it got to know. I recommend you read details in http://wiki.dovecot.org/PasswordDatabase , http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe >> other info from dovecot wiki. > Authentication worked because dovecot used > cram-md5 file (still custom settings in dovecot.conf about which I say all > time) but dovecot can't find match in database (configured in line: > args = /etc/dovecot/dovecot-sql.conf > driver = sql). As this is the postfix list, i'd like to send you to the dovecot forum/list to ask what you concerns. > How can I provide postfix logs - where can I find them? I have only > mail.log and mail.err files for mailing errors. :) If mail got through now, there is no need for further info from postfix. As i know, postfix logs usually by means of syslog into /var/log/mail.log or /var/log/mail/mail.log. Willi > > 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Hi, >> >> >> now i'm rather unsure what you want to say with this? >> >> It looks something like authentification worked. But without the >> postfix >>>
Re: dovecot cram-md5 setting break sending emails
"Now i understand, that you want to add cram-md5 to the mechs, but to authenticate still against the sql-db?" Hehe no. I have cram-md5 and when I try sql-db I can't send emails. I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that Postfix logs go to mail.log and mail.err files. "dovecot logs for the mentioned two cases?" - which two cases? :) dovecot-sql.conf output in attachement. "maybe a link to the mentioned dovecot threat" - do You mean tutorial based on I setup cram-md5 in dovecot? 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > Now i understand, that you want to add cram-md5 to the mechs, but to > authenticate still against the sql-db? > > > On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find > under "Non-plaintext authentication mechanisms": > "The problem with non-plaintext auth mechanisms is that the password > must be stored either in plaintext, or using a mechanism-specific scheme > that's incompatible with all other non-plaintext mechanisms. In > addition, the mechanism-specific schemes often offer very little > protection. This isn't a limitation of Dovecot, it's a requirement for > the algorithms to even work. > > For example if you're going to use CRAM-MD5 authentication, the password > needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to > allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in > plaintext. " > > Does that possibly point out your problem? > > > Otherwise please provide > - dovecot logs for the mentioned two cases? > - contnet of /etc/dovecot/dovecot-sql.conf? > - maybe a link to the mentioned dovecot threat. > > Did you find your postfix logs? Which system do you use? > > > Willi > > > Am 23.02.2017 um 13:56 schrieb Poliman - Serwis: > > Still nothing. If I removed "noplaintext" from these lines, sending email > > still working when I have: > > auth_mechanisms = plain login cram-md5 #added cram-md5 > > passdb { > > #args = /etc/dovecot/dovecot-sql.conf > > #driver = sql > >driver = passwd-file > >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > but with this: > > auth_mechanisms = plain login > > passdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > > > I still can't send. So sending (or not sending) depends (I think) from > > above configurations from dovecot.conf. > > > > 2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de < > > wilfried.es...@essignetz.de>: > > > >> Am 23.02.2017 um 13:27 schrieb Poliman - Serwis: > >>> Test email go through when I have in dovecot.conf: > >>> auth_mechanisms = plain login cram-md5 #added cram-md5 > >>> passdb { > >>> #args = /etc/dovecot/dovecot-sql.conf > >>> #driver = sql > >>>driver = passwd-file > >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> } > >>> > >>> but this isn't default setting. I don't need this, need default: > >>> auth_mechanisms = plain login > >>> passdb { > >>> args = /etc/dovecot/dovecot-sql.conf > >>> driver = sql > >>> } > >>> > >>> but then sending testing email is not working. > >> > >> Now (i think) i understand. You should look to your postfix main.cf. > >> > >> smtpd_sasl_security_options = noanonymous,noplaintext > >> smtpd_sasl_tls_security_options = noanonymous,noplaintext > >> > >> Possibly you should remove "noplaintext" from > >> smtpd_sasl_tls_security_options. > >> > >> If you remove it also from smtpd_sasl_security_options your password > >> will traverse internet in cleartext. > >> > >> Details : > >> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options > >> > >> > >> Willi > >> > >> > >>> > >>> Unfortunatelly dovecot list didn't help me. One developer sends me to > >> this > >>> group. ;) > >>> > >>> All logs from mail.log I pasted. I have mail.log and mail.err files. > >>> > >>> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de < > >>> wilfried.es...@essignetz.de>: > >>> > Hi, > > > i assume your test mail got through now? > > > Am 23.02.2017 um 11:17 schrieb Poliman - Serwis: > > I am not sure that all in these logs are good because there is info > 'passdb > > didn't return userdb entries'. > I think there is nothing to worry about. > > Dovecot knows about password and user databases. It is possible to > have > password and userdata in the same db, like the sql-db from your > default > entry. But the cram-md5 file didn't have userdata, which made dovecot > looking in the other db it got to know. I recommend you read details > in > http://wiki.dovecot.org/PasswordDatabase , > http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe > >> other > info from dovecot wiki. > > > > Authentication worked because dovecot used > > cram-md5 file (still custom settings in dovecot.conf about which I > say > all > > time) but dovecot can't find match in database (configured in lin
Re: dovecot cram-md5 setting break sending emails
--- Maybe you should change your DB-Password: You sent it to the list inside the atteched file: password=06549...3acd port=3306 --- Your problem with cram-md5 is, that you have "default_pass_scheme = CRYPT" in /etc/dovecot/dovecot-sql.conf. As mentioned in this text from my last mail, you need to change the schema your passwords are stored in: >>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find >>> under "Non-plaintext authentication mechanisms": >>> "The problem with non-plaintext auth mechanisms is that the password >>> must be stored either in plaintext, or using a mechanism-specific scheme >>> that's incompatible with all other non-plaintext mechanisms. In >>> addition, the mechanism-specific schemes often offer very little >>> protection. This isn't a limitation of Dovecot, it's a requirement for >>> the algorithms to even work. >>> >>> For example if you're going to use CRAM-MD5 authentication, the password >>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to >>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in >>> plaintext. " You'll have to set an other default scheme in your /etc/dovecot/dovecot-sql.conf and recreate your passwords in the db. Read more in above mentioned URL. Or you can prefix every password with its scheme, but i don't remember details. Willi Am 23.02.2017 um 15:35 schrieb Poliman - Serwis: > "Now i understand, that you want to add cram-md5 to the mechs, but to > authenticate still against the sql-db?" Hehe no. I have cram-md5 and when I > try sql-db I can't send emails. > I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that Postfix > logs go to mail.log and mail.err files. > "dovecot logs for the mentioned two cases?" - which two cases? :) > dovecot-sql.conf output in attachement. > "maybe a link to the mentioned dovecot threat" - do You mean tutorial based > on I setup cram-md5 in dovecot? > > 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de < > wilfried.es...@essignetz.de>: > >> Now i understand, that you want to add cram-md5 to the mechs, but to >> authenticate still against the sql-db? >> >> >> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find >> under "Non-plaintext authentication mechanisms": >> "The problem with non-plaintext auth mechanisms is that the password >> must be stored either in plaintext, or using a mechanism-specific scheme >> that's incompatible with all other non-plaintext mechanisms. In >> addition, the mechanism-specific schemes often offer very little >> protection. This isn't a limitation of Dovecot, it's a requirement for >> the algorithms to even work. >> >> For example if you're going to use CRAM-MD5 authentication, the password >> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to >> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in >> plaintext. " >> >> Does that possibly point out your problem? >> >> >> Otherwise please provide >> - dovecot logs for the mentioned two cases? >> - contnet of /etc/dovecot/dovecot-sql.conf? >> - maybe a link to the mentioned dovecot threat. >> >> Did you find your postfix logs? Which system do you use? >> >> >> Willi >> >>
Re: dovecot cram-md5 setting break sending emails
On Thu, Feb 23, 2017 at 04:08:21PM +0100, wilfried.es...@essignetz.de wrote: > Your problem with cram-md5 is, that you have > > "default_pass_scheme = CRYPT" > > in /etc/dovecot/dovecot-sql.conf. > > > As mentioned in this text from my last mail, you need to change > the schema your passwords are stored in: > >>> On http://wiki.dovecot.org/Authentication/PasswordSchemes > >>> you'll find under "Non-plaintext authentication mechanisms": > >>> "The problem with non-plaintext auth mechanisms is that the > >>> password must be stored either in plaintext, or using a > >>> mechanism-specific scheme that's incompatible with all other > >>> non-plaintext mechanisms. In addition, the mechanism-specific > >>> schemes often offer very little protection. This isn't a > >>> limitation of Dovecot, it's a requirement for the algorithms > >>> to even work. The most common choice for mail is to require TLS for AUTH (smtpd_tls_auth_only) and then only offer PLAIN mechanism. This works well with encrypted password storage. > >>> For example if you're going to use CRAM-MD5 authentication, the > >>> password needs to be stored in either PLAIN or CRAM-MD5 scheme. > >>> If you want to allow both CRAM-MD5 and DIGEST-MD5, the password > >>> must be stored in plaintext. " > > You'll have to set an other default scheme in your > /etc/dovecot/dovecot-sql.conf and recreate your passwords in the > db. Read more in above mentioned URL. Indeed, the Dovecot wiki has the answers to all the common Dovecot questions, and the Dovecot list is the more appropriate place to ask those questions. On the Postfix side there really wasn't much going on; Dovecot was failing to present a list of SASL mechanisms to smtpd -- both smtps and port 25; apparently no submission service was configured. Submission (port 587) should be configured in favor of the now- deprecated smtps, and ideally, there would be no SASL AUTH offered on port 25. The advice to use verbose logging was wrong. Verbose logging in most cases only serves to further confuse the issue. > Or you can prefix every password with its scheme, but i don't > remember details. {PLAIN}thisIsMyPassword -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
Recipient address rejected: User unknown in local recipient table
Failing to receive mail in iqbala-sysad...@example.net Feb 23 18:40:02 mail postfix/smtpd[16962]: NOQUEUE: reject: RCPT from remote.example.net[192.168.18.193]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient table; from=< r...@remote.example.net> to= proto=ESMTP helo=< remote.example.net> I am using postfix 2.6.6 on CentOS 6.7. My recipient_delimiter is `+' I just migrated from qmail to postfix. Any suggestion is appreciated. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: Recipient address rejected: User unknown in local recipient table
> On Feb 23, 2017, at 6:49 PM, Asif Iqbal wrote: > > Failing to receive mail in iqbala-sysad...@example.net This looks like email to the user "iqbala" with an extension of "sysadmin" using qmail's "-" as a delimiter. > > Feb 23 18:40:02 mail postfix/smtpd[16962]: NOQUEUE: reject: RCPT from > remote.example.net[192.168.18.193]: 550 5.1.1 : > Recipient address rejected: User unknown in local recipient table; > from= to= proto=ESMTP > helo= > > I am using postfix 2.6.6 on CentOS 6.7. My recipient_delimiter is `+' > > I just migrated from qmail to postfix. > > Any suggestion is appreciated. If you've migrated from qmail, you should probably keep "-" as your recipient delimiter to maintain as much backwards-compatible behaviour as possible. Otherwise you'll need an explicit alias for each actively used "-" address extension. -- Viktor.
Re: Recipient address rejected: User unknown in local recipient table
On Thu, Feb 23, 2017 at 6:54 PM, Viktor Dukhovni wrote: > If you've migrated from qmail, you should probably keep "-" as your > recipient delimiter to maintain as much backwards-compatible behaviour > as possible. > > Otherwise you'll need an explicit alias for each actively used "-" > address extension. > I eventually want to change the default `+' to `-'. But I will need to find out if there is any dependency on postfix side that might break? I am using mailman which has `-' in the list name. In the meantime, If I understand you correctly, just use an alias entry like below as a quick workaround? iqbala-sysadmin: iqbala I do not have too many of those, so that would work now without breaking anything. -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing?
Re: dovecot cram-md5 setting break sending emails
Sounds like you have a problem in /etc/dovecot/dovecot-sql.conf Did you ever post it? For virtual users, mine is: driver = mysql # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT. default_pass_scheme = PLAIN # Database options connect = host=/var/lib/mysql/mysql.sock dbname=sys_mail user=sys_mail password=hunter2 password_query = SELECT LOWER(CONCAT_WS('@',`User`,`Domain`)) AS `user` \ , IF(`Password_Crypt` IS NOT NULL, CONCAT('{crypt}',`Password_Crypt`),`Password_Cleartext`) AS `password` \ FROM `Virtual_User` \ WHERE LOWER(`User`) = LOWER('%n') \ AND LOWER(`Domain`) = LOWER('%d') \ AND `Retrieve_Mail` = 'Yes' # vmail = 399 user_query = SELECT CONCAT_WS('/','/home/vmail/domains',LOWER(`Domain`),LOWER(`User`)) AS `home` \ , 'maildir:~/Maildir' AS `mail` \ , 399 AS `uid` \ , 399 AS `gid` \ FROM `Virtual_User` \ WHERE LOWER(`User`) = LOWER('%n') \ AND LOWER(`Domain`) = LOWER('%d') \ AND `Retrieve_Mail` = 'Yes' The table: MySQL (root@localhost) [sys_mail]> show columns from Virtual_User; ++--+--+-+-++ | Field | Type | Null | Key | Default | Extra | ++--+--+-+-++ | vu_id | int(11) unsigned | NO | PRI | NULL| auto_increment | | Name | varchar(50) | NO | | NULL| | | Domain | varchar(128) | NO | MUL | NULL| | | User | varchar(32) | NO | MUL | NULL| | | Password_Cleartext | varchar(128) | NO | | NULL| | | Password_Crypt | varchar(128) | YES | | NULL| | | Retrieve_Mail | enum('No','Yes') | NO | | Yes | | | Receive_Mail | enum('No','Yes') | NO | | Yes | | | Accept_SMTP| enum('No','Yes') | NO | | Yes | | | uid| int(11) unsigned | NO | | 399 | | | gid| int(11) unsigned | NO | | 399 | | | homedir| varchar(75) | NO | | NULL| | | Maildir| varchar(32) | NO | | Maildir | | | quota | tinytext | NO | | NULL| | | imap | enum('Y','N')| NO | | N | | | virus_check| enum('Y','N')| NO | | Y | | | spam_check | enum('Y','N')| NO | | Y | | ++--+--+-+-++ Dovecot can be made to log the MySQL transaction. I did that a long long time ago but don't remember how. Virtual user db: # -- # --- MySQL # -- first_valid_uid = 399 passdb { driver = sql args = /etc/dovecot/dovecot-mysql.conf } userdb { driver = sql args = /etc/dovecot/dovecot-mysql.conf } Hope this helps, Bill
Re: dovecot cram-md5 setting break sending emails
My dovecot-sql.conf file is default: users WHERE userid = '%u' driver = mysql connect = host=localhost dbname=dbispconfig user=ispconfig password=06549e2a867ee50a107098f424073acd port=3306 default_pass_scheme = CRYPT password_query = SELECT email as user, password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '1' user_query = SELECT email as user, maildir as home, CONCAT( maildir_format, ':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format)) as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule, CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND server_id = '1' iterate_query = SELECT email as user FROM mail_user WHERE server_id = '1' ~~ How did You create this nice mysql table in console? Btw - in dovecot.conf - is this line properly configured: ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 2017-02-24 4:07 GMT+01:00 Bill Shirley : > Sounds like you have a problem in /etc/dovecot/dovecot-sql.conf > > Did you ever post it? For virtual users, mine is: > driver = mysql > > # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and > CRYPT. > default_pass_scheme = PLAIN > > # Database options > connect = host=/var/lib/mysql/mysql.sock dbname=sys_mail user=sys_mail > password=hunter2 > > password_query = SELECT LOWER(CONCAT_WS('@',`User`,`Domain`)) AS `user` \ > , IF(`Password_Crypt` IS NOT NULL, > CONCAT('{crypt}',`Password_Crypt`),`Password_Cleartext`) > AS `password` \ > FROM `Virtual_User` \ > WHERE LOWER(`User`) = LOWER('%n') \ > AND LOWER(`Domain`) = LOWER('%d') \ > AND `Retrieve_Mail` = 'Yes' > > > # vmail = 399 > user_query = SELECT > CONCAT_WS('/','/home/vmail/domains',LOWER(`Domain`),LOWER(`User`)) > AS `home` \ > , 'maildir:~/Maildir' AS `mail` \ > , 399 AS `uid` \ > , 399 AS `gid` \ > FROM `Virtual_User` \ > WHERE LOWER(`User`) = LOWER('%n') \ > AND LOWER(`Domain`) = LOWER('%d') \ > AND `Retrieve_Mail` = 'Yes' > > The table: > MySQL (root@localhost) [sys_mail]> show columns from Virtual_User; > ++--+--+-+-- > ---++ > | Field | Type | Null | Key | Default | > Extra | > ++--+--+-+-- > ---++ > | vu_id | int(11) unsigned | NO | PRI | NULL| > auto_increment | > | Name | varchar(50) | NO | | NULL > || > | Domain | varchar(128) | NO | MUL | NULL > || > | User | varchar(32) | NO | MUL | NULL > || > | Password_Cleartext | varchar(128) | NO | | NULL > || > | Password_Crypt | varchar(128) | YES | | NULL > || > | Retrieve_Mail | enum('No','Yes') | NO | | Yes > || > | Receive_Mail | enum('No','Yes') | NO | | Yes > || > | Accept_SMTP| enum('No','Yes') | NO | | Yes > || > | uid| int(11) unsigned | NO | | 399 > || > | gid| int(11) unsigned | NO | | 399 > || > | homedir| varchar(75) | NO | | NULL > || > | Maildir| varchar(32) | NO | | Maildir > || > | quota | tinytext | NO | | NULL > || > | imap | enum('Y','N')| NO | | N > || > | virus_check| enum('Y','N')| NO | | Y > || > | spam_check | enum('Y','N')| NO | | Y > || > ++--+--+-+-- > ---++ > > > Dovecot can be made to log the MySQL transaction. I did that a long long > time ago but don't remember how. > > Virtual user db: > # > -- > # --- MySQL -- > -- > # > -- > first_valid_uid = 399 > passdb { > driver = sql > args = /etc/dovecot/dovecot-mysql.conf > } > > userdb { > driver = sql > args = /etc/dovecot/dovecot-mysql.conf > } > > Hope this helps, > Bill > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: dovecot cram-md5 setting break sending emails
Where can I change this db password? Maybe this is good point. ;) but I don't get it how change passdb auth from db to file could impact on rows in db. I would like to get this work on default settings. I have copy of dovecot.conf file but with default settings I can't send emails. Let's forget about cram-md5. I don't need this anymore. In dovecot-sql.conf I have: driver = mysql connect = host=localhost dbname=dbispconfig user=ispconfig password=06549e2a867ee50a107098f424073acd port=3306 default_pass_scheme = CRYPT and would be lovely to leave it as it is, because I only changed (and I don't need this cram-md5 as auth type) in dovecot.conf: auth_mechanisms = plain login cram-md5 #added cram-md5 passdb { #args = /etc/dovecot/dovecot-sql.conf #driver = sql #added below two lines and commented out above two default lines using tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 driver = passwd-file args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd } after removed cram-md5 from auth_mechanisms and set default lines in passdb block from unknown reason I can't send emails. This is insane. 2017-02-23 16:08 GMT+01:00 wilfried.es...@essignetz.de < wilfried.es...@essignetz.de>: > --- > Maybe you should change your DB-Password: You sent it to the list inside > the atteched file: > password=06549...3acd port=3306 > --- > > > Your problem with cram-md5 is, that you have > > "default_pass_scheme = CRYPT" > > in /etc/dovecot/dovecot-sql.conf. > > > As mentioned in this text from my last mail, you need to change the > schema your passwords are stored in: > >>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find > >>> under "Non-plaintext authentication mechanisms": > >>> "The problem with non-plaintext auth mechanisms is that the password > >>> must be stored either in plaintext, or using a mechanism-specific > scheme > >>> that's incompatible with all other non-plaintext mechanisms. In > >>> addition, the mechanism-specific schemes often offer very little > >>> protection. This isn't a limitation of Dovecot, it's a requirement for > >>> the algorithms to even work. > >>> > >>> For example if you're going to use CRAM-MD5 authentication, the > password > >>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to > >>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in > >>> plaintext. " > > You'll have to set an other default scheme in your > /etc/dovecot/dovecot-sql.conf and recreate your passwords in the db. > Read more in above mentioned URL. > > Or you can prefix every password with its scheme, but i don't remember > details. > > > Willi > > > > Am 23.02.2017 um 15:35 schrieb Poliman - Serwis: > > "Now i understand, that you want to add cram-md5 to the mechs, but to > > authenticate still against the sql-db?" Hehe no. I have cram-md5 and > when I > > try sql-db I can't send emails. > > I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that > Postfix > > logs go to mail.log and mail.err files. > > "dovecot logs for the mentioned two cases?" - which two cases? :) > > dovecot-sql.conf output in attachement. > > "maybe a link to the mentioned dovecot threat" - do You mean tutorial > based > > on I setup cram-md5 in dovecot? > > > > 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de < > > wilfried.es...@essignetz.de>: > > > >> Now i understand, that you want to add cram-md5 to the mechs, but to > >> authenticate still against the sql-db? > >> > >> > >> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find > >> under "Non-plaintext authentication mechanisms": > >> "The problem with non-plaintext auth mechanisms is that the password > >> must be stored either in plaintext, or using a mechanism-specific scheme > >> that's incompatible with all other non-plaintext mechanisms. In > >> addition, the mechanism-specific schemes often offer very little > >> protection. This isn't a limitation of Dovecot, it's a requirement for > >> the algorithms to even work. > >> > >> For example if you're going to use CRAM-MD5 authentication, the password > >> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to > >> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in > >> plaintext. " > >> > >> Does that possibly point out your problem? > >> > >> > >> Otherwise please provide > >> - dovecot logs for the mentioned two cases? > >> - contnet of /etc/dovecot/dovecot-sql.conf? > >> - maybe a link to the mentioned dovecot threat. > >> > >> Did you find your postfix logs? Which system do you use? > >> > >> > >> Willi > >> > >> > > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *