Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Where can I change this db password? Maybe this is good point. ;) but I
don't get it how change passdb auth from db to file could impact on rows in
db. I would like to get this work on default settings. I have copy of
dovecot.conf file but with default settings I can't send emails. Let's
forget about cram-md5. I don't need this anymore. In dovecot-sql.conf I
have:
driver = mysql
connect = host=localhost dbname=dbispconfig user=ispconfig
password=06549e2a867ee50a107098f424073acd port=3306
default_pass_scheme = CRYPT

and would be lovely to leave it as it is, because I only changed (and I
don't need this cram-md5 as auth type) in dovecot.conf:
auth_mechanisms = plain login cram-md5 #added cram-md5

passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
  #added below two lines and commented out above two default lines using
tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

after removed cram-md5 from auth_mechanisms and set default lines in passdb
block from unknown reason I can't send emails. This is insane.


2017-02-23 16:08 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> ---
> Maybe you should change your DB-Password: You sent it to the list inside
> the atteched file:
> password=06549...3acd port=3306
> ---
>
>
> Your problem with cram-md5 is, that you have
>
> "default_pass_scheme = CRYPT"
>
> in /etc/dovecot/dovecot-sql.conf.
>
>
> As mentioned in this text from my last mail, you need to change the
> schema your passwords are stored in:
> >>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
> >>> under "Non-plaintext authentication mechanisms":
> >>> "The problem with non-plaintext auth mechanisms is that the password
> >>> must be stored either in plaintext, or using a mechanism-specific
> scheme
> >>> that's incompatible with all other non-plaintext mechanisms. In
> >>> addition, the mechanism-specific schemes often offer very little
> >>> protection. This isn't a limitation of Dovecot, it's a requirement for
> >>> the algorithms to even work.
> >>>
> >>> For example if you're going to use CRAM-MD5 authentication, the
> password
> >>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
> >>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
> >>> plaintext. "
>
> You'll have to set an other default scheme in your
> /etc/dovecot/dovecot-sql.conf and recreate your passwords in the db.
> Read more in above mentioned URL.
>
> Or you can prefix every password with its scheme, but i don't remember
> details.
>
>
> Willi
>
>
>
> Am 23.02.2017 um 15:35 schrieb Poliman - Serwis:
> > "Now i understand, that you want to add cram-md5 to the mechs, but to
> > authenticate still against the sql-db?" Hehe no. I have cram-md5 and
> when I
> > try sql-db I can't send emails.
> > I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that
> Postfix
> > logs go to mail.log and mail.err files.
> > "dovecot logs for the mentioned two cases?" - which two cases? :)
> > dovecot-sql.conf output in attachement.
> > "maybe a link to the mentioned dovecot threat" - do You mean tutorial
> based
> > on I setup cram-md5 in dovecot?
> >
> > 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de <
> > wilfried.es...@essignetz.de>:
> >
> >> Now i understand, that you want to add cram-md5 to the mechs, but to
> >> authenticate still against the sql-db?
> >>
> >>
> >> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
> >> under "Non-plaintext authentication mechanisms":
> >> "The problem with non-plaintext auth mechanisms is that the password
> >> must be stored either in plaintext, or using a mechanism-specific scheme
> >> that's incompatible with all other non-plaintext mechanisms. In
> >> addition, the mechanism-specific schemes often offer very little
> >> protection. This isn't a limitation of Dovecot, it's a requirement for
> >> the algorithms to even work.
> >>
> >> For example if you're going to use CRAM-MD5 authentication, the password
> >> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
> >> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
> >> plaintext. "
> >>
> >> Does that possibly point out your problem?
> >>
> >>
> >> Otherwise please provide
> >> - dovecot logs for the mentioned two cases?
> >> - contnet of /etc/dovecot/dovecot-sql.conf?
> >> - maybe a link to the mentioned dovecot threat.
> >>
> >> Did you find your postfix logs? Which system do you use?
> >>
> >>
> >> Willi
> >>
> >>
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

My dovecot-sql.conf file is default:
users WHERE userid = '%u'

driver = mysql
connect = host=localhost dbname=dbispconfig user=ispconfig
password=06549e2a867ee50a107098f424073acd port=3306
default_pass_scheme = CRYPT

password_query = SELECT email as user, password, maildir as userdb_home,
CONCAT( maildir_format, ':', maildir, '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as userdb_mail, uid
as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS
userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
mail_user WHERE (login = '%u' OR email = '%u') AND `disable%Ls` = 'n' AND
server_id = '1'
user_query = SELECT email as user, maildir as home, CONCAT( maildir_format,
':', maildir, '/', IF(maildir_format='maildir','Maildir',maildir_format))
as mail, uid, gid, CONCAT('*:storage=', quota, 'B') AS quota_rule,
CONCAT(maildir, '/.sieve') as sieve FROM mail_user WHERE (login = '%u' OR
email = '%u') AND `disable%Ls` = 'n' AND server_id = '1'

iterate_query = SELECT email as user FROM mail_user WHERE server_id = '1'
~~
How did You create this nice mysql table in console?



Btw - in dovecot.conf - is this line properly configured:
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1

2017-02-24 4:07 GMT+01:00 Bill Shirley :

> Sounds like you have a problem in /etc/dovecot/dovecot-sql.conf
>
> Did you ever post it?  For virtual users, mine is:
> driver = mysql
>
> # Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and
> CRYPT.
> default_pass_scheme = PLAIN
>
> # Database options
> connect = host=/var/lib/mysql/mysql.sock dbname=sys_mail user=sys_mail
> password=hunter2
>
> password_query = SELECT LOWER(CONCAT_WS('@',`User`,`Domain`)) AS `user` \
> , IF(`Password_Crypt` IS NOT NULL, 
> CONCAT('{crypt}',`Password_Crypt`),`Password_Cleartext`)
> AS `password` \
> FROM `Virtual_User` \
> WHERE LOWER(`User`) = LOWER('%n') \
> AND LOWER(`Domain`) = LOWER('%d') \
> AND `Retrieve_Mail` = 'Yes'
>
>
> # vmail = 399
> user_query = SELECT 
> CONCAT_WS('/','/home/vmail/domains',LOWER(`Domain`),LOWER(`User`))
> AS `home` \
> , 'maildir:~/Maildir' AS `mail` \
> , 399 AS `uid` \
> , 399 AS `gid` \
> FROM `Virtual_User` \
> WHERE LOWER(`User`) = LOWER('%n') \
> AND LOWER(`Domain`) = LOWER('%d') \
> AND `Retrieve_Mail` = 'Yes'
>
> The table:
> MySQL (root@localhost) [sys_mail]> show columns from Virtual_User;
> ++--+--+-+--
> ---++
> | Field  | Type | Null | Key | Default |
> Extra  |
> ++--+--+-+--
> ---++
> | vu_id  | int(11) unsigned | NO   | PRI | NULL|
> auto_increment |
> | Name   | varchar(50)  | NO   | | NULL
> ||
> | Domain | varchar(128) | NO   | MUL | NULL
> ||
> | User   | varchar(32)  | NO   | MUL | NULL
> ||
> | Password_Cleartext | varchar(128) | NO   | | NULL
> ||
> | Password_Crypt | varchar(128) | YES  | | NULL
> ||
> | Retrieve_Mail  | enum('No','Yes') | NO   | | Yes
> ||
> | Receive_Mail   | enum('No','Yes') | NO   | | Yes
> ||
> | Accept_SMTP| enum('No','Yes') | NO   | | Yes
> ||
> | uid| int(11) unsigned | NO   | | 399
> ||
> | gid| int(11) unsigned | NO   | | 399
> ||
> | homedir| varchar(75)  | NO   | | NULL
> ||
> | Maildir| varchar(32)  | NO   | | Maildir
> ||
> | quota  | tinytext | NO   | | NULL
> ||
> | imap   | enum('Y','N')| NO   | | N
> ||
> | virus_check| enum('Y','N')| NO   | | Y
> ||
> | spam_check | enum('Y','N')| NO   | | Y
> ||
> ++--+--+-+--
> ---++
>
>
> Dovecot can be made to log the MySQL transaction.  I did that a long long
> time ago but don't remember how.
>
> Virtual user db:
> # 
> --
> # --- MySQL --
> --
> # 
> --
> first_valid_uid = 399
> passdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-mysql.conf
> }
>
> userdb {
>   driver = sql
>   args = /etc/dovecot/dovecot-mysql.conf
> }
>
> Hope this helps,
> Bill
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

Re: dovecot cram-md5 setting break sending emails

[Bill Shirley]

Sounds like you have a problem in /etc/dovecot/dovecot-sql.conf

Did you ever post it?  For virtual users, mine is:
driver = mysql

# Currently supported schemes include PLAIN, PLAIN-MD5, DIGEST-MD5, and CRYPT.
default_pass_scheme = PLAIN

# Database options
connect = host=/var/lib/mysql/mysql.sock dbname=sys_mail user=sys_mail 
password=hunter2

password_query = SELECT LOWER(CONCAT_WS('@',`User`,`Domain`)) AS `user` \
, IF(`Password_Crypt` IS NOT NULL, 
CONCAT('{crypt}',`Password_Crypt`),`Password_Cleartext`) AS `password` \
FROM `Virtual_User` \
WHERE LOWER(`User`) = LOWER('%n') \
AND LOWER(`Domain`) = LOWER('%d') \
AND `Retrieve_Mail` = 'Yes'


# vmail = 399
user_query = SELECT 
CONCAT_WS('/','/home/vmail/domains',LOWER(`Domain`),LOWER(`User`)) AS `home` \
, 'maildir:~/Maildir' AS `mail` \
, 399 AS `uid` \
, 399 AS `gid` \
FROM `Virtual_User` \
WHERE LOWER(`User`) = LOWER('%n') \
AND LOWER(`Domain`) = LOWER('%d') \
AND `Retrieve_Mail` = 'Yes'

The table:
MySQL (root@localhost) [sys_mail]> show columns from Virtual_User;
++--+--+-+-++
| Field  | Type | Null | Key | Default | Extra  
|
++--+--+-+-++
| vu_id  | int(11) unsigned | NO   | PRI | NULL| auto_increment 
|
| Name   | varchar(50)  | NO   | | NULL|
|
| Domain | varchar(128) | NO   | MUL | NULL|
|
| User   | varchar(32)  | NO   | MUL | NULL|
|
| Password_Cleartext | varchar(128) | NO   | | NULL|
|
| Password_Crypt | varchar(128) | YES  | | NULL|
|
| Retrieve_Mail  | enum('No','Yes') | NO   | | Yes |
|
| Receive_Mail   | enum('No','Yes') | NO   | | Yes |
|
| Accept_SMTP| enum('No','Yes') | NO   | | Yes |
|
| uid| int(11) unsigned | NO   | | 399 |
|
| gid| int(11) unsigned | NO   | | 399 |
|
| homedir| varchar(75)  | NO   | | NULL|
|
| Maildir| varchar(32)  | NO   | | Maildir |
|
| quota  | tinytext | NO   | | NULL|
|
| imap   | enum('Y','N')| NO   | | N   |
|
| virus_check| enum('Y','N')| NO   | | Y   |
|
| spam_check | enum('Y','N')| NO   | | Y   |
|
++--+--+-+-++


Dovecot can be made to log the MySQL transaction.  I did that a long long time 
ago but don't remember how.

Virtual user db:
# --
# --- MySQL 
# --
first_valid_uid = 399
passdb {
  driver = sql
  args = /etc/dovecot/dovecot-mysql.conf
}

userdb {
  driver = sql
  args = /etc/dovecot/dovecot-mysql.conf
}

Hope this helps,
Bill

Re: dovecot cram-md5 setting break sending emails

[/dev/rob0]

On Thu, Feb 23, 2017 at 04:08:21PM +0100,
   wilfried.es...@essignetz.de wrote:
> Your problem with cram-md5 is, that you have
> 
> "default_pass_scheme = CRYPT"
> 
> in /etc/dovecot/dovecot-sql.conf.
> 
> 
> As mentioned in this text from my last mail, you need to change
> the schema your passwords are stored in:
> >>> On http://wiki.dovecot.org/Authentication/PasswordSchemes 
> >>> you'll find under "Non-plaintext authentication mechanisms":
> >>> "The problem with non-plaintext auth mechanisms is that the 
> >>> password must be stored either in plaintext, or using a 
> >>> mechanism-specific scheme that's incompatible with all other 
> >>> non-plaintext mechanisms. In addition, the mechanism-specific 
> >>> schemes often offer very little protection. This isn't a 
> >>> limitation of Dovecot, it's a requirement for the algorithms
> >>> to even work.

The most common choice for mail is to require TLS for AUTH 
(smtpd_tls_auth_only) and then only offer PLAIN mechanism.  This 
works well with encrypted password storage.

> >>> For example if you're going to use CRAM-MD5 authentication, the 
> >>> password needs to be stored in either PLAIN or CRAM-MD5 scheme. 
> >>> If you want to allow both CRAM-MD5 and DIGEST-MD5, the password 
> >>> must be stored in plaintext. "
> 
> You'll have to set an other default scheme in your
> /etc/dovecot/dovecot-sql.conf and recreate your passwords in the
> db. Read more in above mentioned URL.

Indeed, the Dovecot wiki has the answers to all the common Dovecot 
questions, and the Dovecot list is the more appropriate place to ask 
those questions.

On the Postfix side there really wasn't much going on; Dovecot was 
failing to present a list of SASL mechanisms to smtpd -- both smtps 
and port 25; apparently no submission service was configured.  
Submission (port 587) should be configured in favor of the now-
deprecated smtps, and ideally, there would be no SASL AUTH offered on 
port 25.

The advice to use verbose logging was wrong.  Verbose logging in most 
cases only serves to further confuse the issue.

> Or you can prefix every password with its scheme, but i don't
> remember details.

{PLAIN}thisIsMyPassword
-- 
  http://rob0.nodns4.us/
  Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

---
Maybe you should change your DB-Password: You sent it to the list inside
the atteched file:
password=06549...3acd port=3306
---


Your problem with cram-md5 is, that you have

"default_pass_scheme = CRYPT"

in /etc/dovecot/dovecot-sql.conf.


As mentioned in this text from my last mail, you need to change the
schema your passwords are stored in:
>>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
>>> under "Non-plaintext authentication mechanisms":
>>> "The problem with non-plaintext auth mechanisms is that the password
>>> must be stored either in plaintext, or using a mechanism-specific scheme
>>> that's incompatible with all other non-plaintext mechanisms. In
>>> addition, the mechanism-specific schemes often offer very little
>>> protection. This isn't a limitation of Dovecot, it's a requirement for
>>> the algorithms to even work.
>>>
>>> For example if you're going to use CRAM-MD5 authentication, the password
>>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
>>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
>>> plaintext. "

You'll have to set an other default scheme in your
/etc/dovecot/dovecot-sql.conf and recreate your passwords in the db.
Read more in above mentioned URL.

Or you can prefix every password with its scheme, but i don't remember
details.


Willi



Am 23.02.2017 um 15:35 schrieb Poliman - Serwis:
> "Now i understand, that you want to add cram-md5 to the mechs, but to
> authenticate still against the sql-db?" Hehe no. I have cram-md5 and when I
> try sql-db I can't send emails.
> I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that Postfix
> logs go to mail.log and mail.err files.
> "dovecot logs for the mentioned two cases?" - which two cases? :)
> dovecot-sql.conf output in attachement.
> "maybe a link to the mentioned dovecot threat" - do You mean tutorial based
> on I setup cram-md5 in dovecot?
> 
> 2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Now i understand, that you want to add cram-md5 to the mechs, but to
>> authenticate still against the sql-db?
>>
>>
>> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
>> under "Non-plaintext authentication mechanisms":
>> "The problem with non-plaintext auth mechanisms is that the password
>> must be stored either in plaintext, or using a mechanism-specific scheme
>> that's incompatible with all other non-plaintext mechanisms. In
>> addition, the mechanism-specific schemes often offer very little
>> protection. This isn't a limitation of Dovecot, it's a requirement for
>> the algorithms to even work.
>>
>> For example if you're going to use CRAM-MD5 authentication, the password
>> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
>> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
>> plaintext. "
>>
>> Does that possibly point out your problem?
>>
>>
>> Otherwise please provide
>> - dovecot logs for the mentioned two cases?
>> - contnet of /etc/dovecot/dovecot-sql.conf?
>> - maybe a link to the mentioned dovecot threat.
>>
>> Did you find your postfix logs? Which system do you use?
>>
>>
>> Willi
>>
>>

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

"Now i understand, that you want to add cram-md5 to the mechs, but to
authenticate still against the sql-db?" Hehe no. I have cram-md5 and when I
try sql-db I can't send emails.
I use ubuntu server 14.04.5 lts with 16.04 kernel. I found out that Postfix
logs go to mail.log and mail.err files.
"dovecot logs for the mentioned two cases?" - which two cases? :)
dovecot-sql.conf output in attachement.
"maybe a link to the mentioned dovecot threat" - do You mean tutorial based
on I setup cram-md5 in dovecot?

2017-02-23 15:26 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> Now i understand, that you want to add cram-md5 to the mechs, but to
> authenticate still against the sql-db?
>
>
> On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
> under "Non-plaintext authentication mechanisms":
> "The problem with non-plaintext auth mechanisms is that the password
> must be stored either in plaintext, or using a mechanism-specific scheme
> that's incompatible with all other non-plaintext mechanisms. In
> addition, the mechanism-specific schemes often offer very little
> protection. This isn't a limitation of Dovecot, it's a requirement for
> the algorithms to even work.
>
> For example if you're going to use CRAM-MD5 authentication, the password
> needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
> allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
> plaintext. "
>
> Does that possibly point out your problem?
>
>
> Otherwise please provide
> - dovecot logs for the mentioned two cases?
> - contnet of /etc/dovecot/dovecot-sql.conf?
> - maybe a link to the mentioned dovecot threat.
>
> Did you find your postfix logs? Which system do you use?
>
>
> Willi
>
>
> Am 23.02.2017 um 13:56 schrieb Poliman - Serwis:
> > Still nothing. If I removed "noplaintext" from these lines, sending email
> > still working when I have:
> > auth_mechanisms = plain login cram-md5 #added cram-md5
> > passdb {
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > but with this:
> > auth_mechanisms = plain login
> > passdb {
> >   args = /etc/dovecot/dovecot-sql.conf
> >   driver = sql
> > }
> >
> > I still can't send. So sending (or not sending) depends (I think) from
> > above configurations from dovecot.conf.
> >
> > 2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de <
> > wilfried.es...@essignetz.de>:
> >
> >> Am 23.02.2017 um 13:27 schrieb Poliman - Serwis:
> >>> Test email go through when I have in dovecot.conf:
> >>> auth_mechanisms = plain login cram-md5 #added cram-md5
> >>> passdb {
> >>>   #args = /etc/dovecot/dovecot-sql.conf
> >>>   #driver = sql
> >>>driver = passwd-file
> >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> but this isn't default setting. I don't need this, need default:
> >>> auth_mechanisms = plain login
> >>> passdb {
> >>>   args = /etc/dovecot/dovecot-sql.conf
> >>>   driver = sql
> >>> }
> >>>
> >>> but then sending testing email is not working.
> >>
> >> Now (i think) i understand. You should look to your postfix main.cf.
> >>
> >> smtpd_sasl_security_options = noanonymous,noplaintext
> >> smtpd_sasl_tls_security_options = noanonymous,noplaintext
> >>
> >> Possibly you should remove "noplaintext" from
> >> smtpd_sasl_tls_security_options.
> >>
> >> If you remove it also from smtpd_sasl_security_options your password
> >> will traverse internet in cleartext.
> >>
> >> Details :
> >> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options
> >>
> >>
> >> Willi
> >>
> >>
> >>>
> >>> Unfortunatelly dovecot list didn't help me. One developer sends me to
> >> this
> >>> group. ;)
> >>>
> >>> All logs from mail.log I pasted. I have mail.log and mail.err files.
> >>>
> >>> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de <
> >>> wilfried.es...@essignetz.de>:
> >>>
>  Hi,
> 
> 
>  i assume your test mail got through now?
> 
> 
>  Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
> > I am not sure that all in these logs are good because there is info
>  'passdb
> > didn't return userdb entries'.
>  I think there is nothing to worry about.
> 
>  Dovecot knows about password and user databases. It is possible to
> have
>  password and userdata in the same db, like the sql-db from your
> default
>  entry. But the cram-md5 file didn't have userdata, which made dovecot
>  looking in the other db it got to know. I recommend you read details
> in
>  http://wiki.dovecot.org/PasswordDatabase ,
>  http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe
> >> other
>  info from dovecot wiki.
> 
> 
> > Authentication worked because dovecot used
> > cram-md5 file (still custom settings in dovecot.conf about which I
> say
>  all
> > time) but dovecot can't find match in database (configured in 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Now i understand, that you want to add cram-md5 to the mechs, but to
authenticate still against the sql-db?


On http://wiki.dovecot.org/Authentication/PasswordSchemes you'll find
under "Non-plaintext authentication mechanisms":
"The problem with non-plaintext auth mechanisms is that the password
must be stored either in plaintext, or using a mechanism-specific scheme
that's incompatible with all other non-plaintext mechanisms. In
addition, the mechanism-specific schemes often offer very little
protection. This isn't a limitation of Dovecot, it's a requirement for
the algorithms to even work.

For example if you're going to use CRAM-MD5 authentication, the password
needs to be stored in either PLAIN or CRAM-MD5 scheme. If you want to
allow both CRAM-MD5 and DIGEST-MD5, the password must be stored in
plaintext. "

Does that possibly point out your problem?


Otherwise please provide
- dovecot logs for the mentioned two cases?
- contnet of /etc/dovecot/dovecot-sql.conf?
- maybe a link to the mentioned dovecot threat.

Did you find your postfix logs? Which system do you use?


Willi


Am 23.02.2017 um 13:56 schrieb Poliman - Serwis:
> Still nothing. If I removed "noplaintext" from these lines, sending email
> still working when I have:
> auth_mechanisms = plain login cram-md5 #added cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
> 
> but with this:
> auth_mechanisms = plain login
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> 
> I still can't send. So sending (or not sending) depends (I think) from
> above configurations from dovecot.conf.
> 
> 2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Am 23.02.2017 um 13:27 schrieb Poliman - Serwis:
>>> Test email go through when I have in dovecot.conf:
>>> auth_mechanisms = plain login cram-md5 #added cram-md5
>>> passdb {
>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>   #driver = sql
>>>driver = passwd-file
>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>>
>>> but this isn't default setting. I don't need this, need default:
>>> auth_mechanisms = plain login
>>> passdb {
>>>   args = /etc/dovecot/dovecot-sql.conf
>>>   driver = sql
>>> }
>>>
>>> but then sending testing email is not working.
>>
>> Now (i think) i understand. You should look to your postfix main.cf.
>>
>> smtpd_sasl_security_options = noanonymous,noplaintext
>> smtpd_sasl_tls_security_options = noanonymous,noplaintext
>>
>> Possibly you should remove "noplaintext" from
>> smtpd_sasl_tls_security_options.
>>
>> If you remove it also from smtpd_sasl_security_options your password
>> will traverse internet in cleartext.
>>
>> Details :
>> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options
>>
>>
>> Willi
>>
>>
>>>
>>> Unfortunatelly dovecot list didn't help me. One developer sends me to
>> this
>>> group. ;)
>>>
>>> All logs from mail.log I pasted. I have mail.log and mail.err files.
>>>
>>> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de <
>>> wilfried.es...@essignetz.de>:
>>>
 Hi,


 i assume your test mail got through now?


 Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
> I am not sure that all in these logs are good because there is info
 'passdb
> didn't return userdb entries'.
 I think there is nothing to worry about.

 Dovecot knows about password and user databases. It is possible to have
 password and userdata in the same db, like the sql-db from your default
 entry. But the cram-md5 file didn't have userdata, which made dovecot
 looking in the other db it got to know. I recommend you read details in
 http://wiki.dovecot.org/PasswordDatabase ,
 http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe
>> other
 info from dovecot wiki.


> Authentication worked because dovecot used
> cram-md5 file (still custom settings in dovecot.conf about which I say
 all
> time) but dovecot can't find match in database (configured in line:
>  args = /etc/dovecot/dovecot-sql.conf
>  driver = sql).
 As this is the postfix list, i'd like to send you to the dovecot
 forum/list to ask what you concerns.


>  How can I provide postfix logs - where can I find them? I have only
> mail.log and mail.err files for mailing errors. :)
 If mail got through now, there is no need for further info from postfix.
 As i know, postfix logs usually by means of syslog into
 /var/log/mail.log or /var/log/mail/mail.log.


 Willi





>
> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
>
>> Hi,
>>
>>
>> now i'm rather unsure what you want to say with this?
>>
>> It looks something like authentification worked. But without the
>> postfix

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Still nothing. If I removed "noplaintext" from these lines, sending email
still working when I have:
auth_mechanisms = plain login cram-md5 #added cram-md5
passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

but with this:
auth_mechanisms = plain login
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}

I still can't send. So sending (or not sending) depends (I think) from
above configurations from dovecot.conf.

2017-02-23 13:39 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> Am 23.02.2017 um 13:27 schrieb Poliman - Serwis:
> > Test email go through when I have in dovecot.conf:
> > auth_mechanisms = plain login cram-md5 #added cram-md5
> > passdb {
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > but this isn't default setting. I don't need this, need default:
> > auth_mechanisms = plain login
> > passdb {
> >   args = /etc/dovecot/dovecot-sql.conf
> >   driver = sql
> > }
> >
> > but then sending testing email is not working.
>
> Now (i think) i understand. You should look to your postfix main.cf.
>
> smtpd_sasl_security_options = noanonymous,noplaintext
> smtpd_sasl_tls_security_options = noanonymous,noplaintext
>
> Possibly you should remove "noplaintext" from
> smtpd_sasl_tls_security_options.
>
> If you remove it also from smtpd_sasl_security_options your password
> will traverse internet in cleartext.
>
> Details :
> http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options
>
>
> Willi
>
>
> >
> > Unfortunatelly dovecot list didn't help me. One developer sends me to
> this
> > group. ;)
> >
> > All logs from mail.log I pasted. I have mail.log and mail.err files.
> >
> > 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de <
> > wilfried.es...@essignetz.de>:
> >
> >> Hi,
> >>
> >>
> >> i assume your test mail got through now?
> >>
> >>
> >> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
> >>> I am not sure that all in these logs are good because there is info
> >> 'passdb
> >>> didn't return userdb entries'.
> >> I think there is nothing to worry about.
> >>
> >> Dovecot knows about password and user databases. It is possible to have
> >> password and userdata in the same db, like the sql-db from your default
> >> entry. But the cram-md5 file didn't have userdata, which made dovecot
> >> looking in the other db it got to know. I recommend you read details in
> >> http://wiki.dovecot.org/PasswordDatabase ,
> >> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe
> other
> >> info from dovecot wiki.
> >>
> >>
> >>> Authentication worked because dovecot used
> >>> cram-md5 file (still custom settings in dovecot.conf about which I say
> >> all
> >>> time) but dovecot can't find match in database (configured in line:
> >>>  args = /etc/dovecot/dovecot-sql.conf
> >>>  driver = sql).
> >> As this is the postfix list, i'd like to send you to the dovecot
> >> forum/list to ask what you concerns.
> >>
> >>
> >>>  How can I provide postfix logs - where can I find them? I have only
> >>> mail.log and mail.err files for mailing errors. :)
> >> If mail got through now, there is no need for further info from postfix.
> >> As i know, postfix logs usually by means of syslog into
> >> /var/log/mail.log or /var/log/mail/mail.log.
> >>
> >>
> >> Willi
> >>
> >>
> >>
> >>
> >>
> >>>
> >>> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
> >>> wilfried.es...@essignetz.de>:
> >>>
>  Hi,
> 
> 
>  now i'm rather unsure what you want to say with this?
> 
>  It looks something like authentification worked. But without the
> postfix
>  loglines i cant see it for sure.
> 
> 
> 
>  Willi
> 
> 
>  Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
> > I setup like You pasted and in mail.log I have:
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in:
> CONT
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
> > do_not_re...@example.com,93.179.231.31,): lookup:
>  user=
> > do_not_re...@example.com file=/etc/dovecot/cram-m$
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
> > OK#0111#011user=do_not_re...@example.com
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
> > REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c
>  bfada#011session_pid=5092
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
> > do_not_re...@example.com,93.179.231.31,): passdb
>  didn't
> > return userdb entries, trying the next userdb
> > Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
> > do_not_re...@example.com,93.179.231.31): SELECT email as user,
> maildir
>  as
> > home, CONCAT( maildir_format, ':', mail$
> > 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Am 23.02.2017 um 13:27 schrieb Poliman - Serwis:
> Test email go through when I have in dovecot.conf:
> auth_mechanisms = plain login cram-md5 #added cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
> 
> but this isn't default setting. I don't need this, need default:
> auth_mechanisms = plain login
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> 
> but then sending testing email is not working.

Now (i think) i understand. You should look to your postfix main.cf.

smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_tls_security_options = noanonymous,noplaintext

Possibly you should remove "noplaintext" from
smtpd_sasl_tls_security_options.

If you remove it also from smtpd_sasl_security_options your password
will traverse internet in cleartext.

Details :
http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options


Willi


> 
> Unfortunatelly dovecot list didn't help me. One developer sends me to this
> group. ;)
> 
> All logs from mail.log I pasted. I have mail.log and mail.err files.
> 
> 2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Hi,
>>
>>
>> i assume your test mail got through now?
>>
>>
>> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
>>> I am not sure that all in these logs are good because there is info
>> 'passdb
>>> didn't return userdb entries'.
>> I think there is nothing to worry about.
>>
>> Dovecot knows about password and user databases. It is possible to have
>> password and userdata in the same db, like the sql-db from your default
>> entry. But the cram-md5 file didn't have userdata, which made dovecot
>> looking in the other db it got to know. I recommend you read details in
>> http://wiki.dovecot.org/PasswordDatabase ,
>> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other
>> info from dovecot wiki.
>>
>>
>>> Authentication worked because dovecot used
>>> cram-md5 file (still custom settings in dovecot.conf about which I say
>> all
>>> time) but dovecot can't find match in database (configured in line:
>>>  args = /etc/dovecot/dovecot-sql.conf
>>>  driver = sql).
>> As this is the postfix list, i'd like to send you to the dovecot
>> forum/list to ask what you concerns.
>>
>>
>>>  How can I provide postfix logs - where can I find them? I have only
>>> mail.log and mail.err files for mailing errors. :)
>> If mail got through now, there is no need for further info from postfix.
>> As i know, postfix logs usually by means of syslog into
>> /var/log/mail.log or /var/log/mail/mail.log.
>>
>>
>> Willi
>>
>>
>>
>>
>>
>>>
>>> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
>>> wilfried.es...@essignetz.de>:
>>>
 Hi,


 now i'm rather unsure what you want to say with this?

 It looks something like authentification worked. But without the postfix
 loglines i cant see it for sure.



 Willi


 Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
> I setup like You pasted and in mail.log I have:
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
> do_not_re...@example.com,93.179.231.31,): lookup:
 user=
> do_not_re...@example.com file=/etc/dovecot/cram-m$
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
> OK#0111#011user=do_not_re...@example.com
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c
 bfada#011session_pid=5092
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
> do_not_re...@example.com,93.179.231.31,): passdb
 didn't
> return userdb entries, trying the next userdb
> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir
 as
> home, CONCAT( maildir_format, ':', mail$
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
> USER#0113625975809#
> 011do_not_re...@example.com#011home=/var/vmail/example.
 com/do_not_reply#011mail=maildir:/var/vma$
> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
> lip=193.70.38.6, mpid=5092, TLS, session=
> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243
>
>
> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
>
>> I wonderd about how dovecot would deside, which "args" belongs to wich
>> "driver" line. So looked over
>> http://wiki.dovecot.org/Authentication/MultipleDatabases.
>>
>> 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Test email go through when I have in dovecot.conf:
auth_mechanisms = plain login cram-md5 #added cram-md5
passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

but this isn't default setting. I don't need this, need default:
auth_mechanisms = plain login
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}

but then sending testing email is not working.

Unfortunatelly dovecot list didn't help me. One developer sends me to this
group. ;)

All logs from mail.log I pasted. I have mail.log and mail.err files.

2017-02-23 13:08 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> Hi,
>
>
> i assume your test mail got through now?
>
>
> Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
> > I am not sure that all in these logs are good because there is info
> 'passdb
> > didn't return userdb entries'.
> I think there is nothing to worry about.
>
> Dovecot knows about password and user databases. It is possible to have
> password and userdata in the same db, like the sql-db from your default
> entry. But the cram-md5 file didn't have userdata, which made dovecot
> looking in the other db it got to know. I recommend you read details in
> http://wiki.dovecot.org/PasswordDatabase ,
> http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other
> info from dovecot wiki.
>
>
> > Authentication worked because dovecot used
> > cram-md5 file (still custom settings in dovecot.conf about which I say
> all
> > time) but dovecot can't find match in database (configured in line:
> >  args = /etc/dovecot/dovecot-sql.conf
> >  driver = sql).
> As this is the postfix list, i'd like to send you to the dovecot
> forum/list to ask what you concerns.
>
>
> >  How can I provide postfix logs - where can I find them? I have only
> > mail.log and mail.err files for mailing errors. :)
> If mail got through now, there is no need for further info from postfix.
> As i know, postfix logs usually by means of syslog into
> /var/log/mail.log or /var/log/mail/mail.log.
>
>
> Willi
>
>
>
>
>
> >
> > 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
> > wilfried.es...@essignetz.de>:
> >
> >> Hi,
> >>
> >>
> >> now i'm rather unsure what you want to say with this?
> >>
> >> It looks something like authentification worked. But without the postfix
> >> loglines i cant see it for sure.
> >>
> >>
> >>
> >> Willi
> >>
> >>
> >> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
> >>> I setup like You pasted and in mail.log I have:
> >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
> >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
> >>> do_not_re...@example.com,93.179.231.31,): lookup:
> >> user=
> >>> do_not_re...@example.com file=/etc/dovecot/cram-m$
> >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
> >>> OK#0111#011user=do_not_re...@example.com
> >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
> >>> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c
> >> bfada#011session_pid=5092
> >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
> >>> do_not_re...@example.com,93.179.231.31,): passdb
> >> didn't
> >>> return userdb entries, trying the next userdb
> >>> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
> >>> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir
> >> as
> >>> home, CONCAT( maildir_format, ':', mail$
> >>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
> >>> USER#0113625975809#
> >>> 011do_not_re...@example.com#011home=/var/vmail/example.
> >> com/do_not_reply#011mail=maildir:/var/vma$
> >>> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
> >>> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
> >>> lip=193.70.38.6, mpid=5092, TLS, session=
> >>> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
> >>> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243
> >>>
> >>>
> >>> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
> >>> wilfried.es...@essignetz.de>:
> >>>
>  I wonderd about how dovecot would deside, which "args" belongs to wich
>  "driver" line. So looked over
>  http://wiki.dovecot.org/Authentication/MultipleDatabases.
> 
>  Possibly you should write something like:
> 
>  passdb {
>    args = /etc/dovecot/dovecot-sql.conf
>    driver = sql
>  }
> 
>  passdb {
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>  }
> 
> 
>  Willi
> 
> 
>  Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
> > You have right, I added 'noplaintext'. But main thing what I want to
> >> get
>  -
> > no cram-md5 in dovecot and ability to send emails. All worked fine
> >> until
>  I
> > set in dovecot.conf:
> > 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Hi,


i assume your test mail got through now?


Am 23.02.2017 um 11:17 schrieb Poliman - Serwis:
> I am not sure that all in these logs are good because there is info 'passdb
> didn't return userdb entries'. 
I think there is nothing to worry about.

Dovecot knows about password and user databases. It is possible to have
password and userdata in the same db, like the sql-db from your default
entry. But the cram-md5 file didn't have userdata, which made dovecot
looking in the other db it got to know. I recommend you read details in
http://wiki.dovecot.org/PasswordDatabase ,
http://wiki.dovecot.org/Authentication/MultipleDatabases and maybe other
info from dovecot wiki.


> Authentication worked because dovecot used
> cram-md5 file (still custom settings in dovecot.conf about which I say all
> time) but dovecot can't find match in database (configured in line:
>  args = /etc/dovecot/dovecot-sql.conf
>  driver = sql).
As this is the postfix list, i'd like to send you to the dovecot
forum/list to ask what you concerns.


>  How can I provide postfix logs - where can I find them? I have only
> mail.log and mail.err files for mailing errors. :)
If mail got through now, there is no need for further info from postfix.
As i know, postfix logs usually by means of syslog into
/var/log/mail.log or /var/log/mail/mail.log.


Willi





> 
> 2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Hi,
>>
>>
>> now i'm rather unsure what you want to say with this?
>>
>> It looks something like authentification worked. But without the postfix
>> loglines i cant see it for sure.
>>
>>
>>
>> Willi
>>
>>
>> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
>>> I setup like You pasted and in mail.log I have:
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
>>> do_not_re...@example.com,93.179.231.31,): lookup:
>> user=
>>> do_not_re...@example.com file=/etc/dovecot/cram-m$
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
>>> OK#0111#011user=do_not_re...@example.com
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
>>> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c
>> bfada#011session_pid=5092
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
>>> do_not_re...@example.com,93.179.231.31,): passdb
>> didn't
>>> return userdb entries, trying the next userdb
>>> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
>>> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir
>> as
>>> home, CONCAT( maildir_format, ':', mail$
>>> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
>>> USER#0113625975809#
>>> 011do_not_re...@example.com#011home=/var/vmail/example.
>> com/do_not_reply#011mail=maildir:/var/vma$
>>> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
>>> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
>>> lip=193.70.38.6, mpid=5092, TLS, session=
>>> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
>>> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243
>>>
>>>
>>> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
>>> wilfried.es...@essignetz.de>:
>>>
 I wonderd about how dovecot would deside, which "args" belongs to wich
 "driver" line. So looked over
 http://wiki.dovecot.org/Authentication/MultipleDatabases.

 Possibly you should write something like:

 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
 }

 passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
 }


 Willi


 Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
> You have right, I added 'noplaintext'. But main thing what I want to
>> get
 -
> no cram-md5 in dovecot and ability to send emails. All worked fine
>> until
 I
> set in dovecot.conf:
> auth_mechanisms = plain login cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }


>>>
>>>
>>
>>
> 
> 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

I am not sure that all in these logs are good because there is info 'passdb
didn't return userdb entries'. Authentication worked because dovecot used
cram-md5 file (still custom settings in dovecot.conf about which I say all
time) but dovecot can't find match in database (configured in line:
 args = /etc/dovecot/dovecot-sql.conf
 driver = sql).
 How can I provide postfix logs - where can I find them? I have only
mail.log and mail.err files for mailing errors. :)

2017-02-23 11:11 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> Hi,
>
>
> now i'm rather unsure what you want to say with this?
>
> It looks something like authentification worked. But without the postfix
> loglines i cant see it for sure.
>
>
>
> Willi
>
>
> Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
> > I setup like You pasted and in mail.log I have:
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
> > do_not_re...@example.com,93.179.231.31,): lookup:
> user=
> > do_not_re...@example.com file=/etc/dovecot/cram-m$
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
> > OK#0111#011user=do_not_re...@example.com
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
> > REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57c
> bfada#011session_pid=5092
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
> > do_not_re...@example.com,93.179.231.31,): passdb
> didn't
> > return userdb entries, trying the next userdb
> > Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
> > do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir
> as
> > home, CONCAT( maildir_format, ':', mail$
> > Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
> > USER#0113625975809#
> > 011do_not_re...@example.com#011home=/var/vmail/example.
> com/do_not_reply#011mail=maildir:/var/vma$
> > Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
> > do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
> > lip=193.70.38.6, mpid=5092, TLS, session=
> > Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
> > Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243
> >
> >
> > 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
> > wilfried.es...@essignetz.de>:
> >
> >> I wonderd about how dovecot would deside, which "args" belongs to wich
> >> "driver" line. So looked over
> >> http://wiki.dovecot.org/Authentication/MultipleDatabases.
> >>
> >> Possibly you should write something like:
> >>
> >> passdb {
> >>   args = /etc/dovecot/dovecot-sql.conf
> >>   driver = sql
> >> }
> >>
> >> passdb {
> >>driver = passwd-file
> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >> }
> >>
> >>
> >> Willi
> >>
> >>
> >> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
> >>> You have right, I added 'noplaintext'. But main thing what I want to
> get
> >> -
> >>> no cram-md5 in dovecot and ability to send emails. All worked fine
> until
> >> I
> >>> set in dovecot.conf:
> >>> auth_mechanisms = plain login cram-md5
> >>> passdb {
> >>>   #args = /etc/dovecot/dovecot-sql.conf
> >>>   #driver = sql
> >>>driver = passwd-file
> >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>
> >>
> >
> >
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Hi,


now i'm rather unsure what you want to say with this?

It looks something like authentification worked. But without the postfix
loglines i cant see it for sure.



Willi


Am 23.02.2017 um 10:47 schrieb Poliman - Serwis:
> I setup like You pasted and in mail.log I have:
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
> do_not_re...@example.com,93.179.231.31,): lookup: user=
> do_not_re...@example.com file=/etc/dovecot/cram-m$
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
> OK#0111#011user=do_not_re...@example.com
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
> REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57cbfada#011session_pid=5092
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
> do_not_re...@example.com,93.179.231.31,): passdb didn't
> return userdb entries, trying the next userdb
> Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
> do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir as
> home, CONCAT( maildir_format, ':', mail$
> Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
> USER#0113625975809#
> 011do_not_re...@example.com#011home=/var/vmail/example.com/do_not_reply#011mail=maildir:/var/vma$
> Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
> do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
> lip=193.70.38.6, mpid=5092, TLS, session=
> Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
> Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243
> 
> 
> 2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> I wonderd about how dovecot would deside, which "args" belongs to wich
>> "driver" line. So looked over
>> http://wiki.dovecot.org/Authentication/MultipleDatabases.
>>
>> Possibly you should write something like:
>>
>> passdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>> }
>>
>> passdb {
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> }
>>
>>
>> Willi
>>
>>
>> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
>>> You have right, I added 'noplaintext'. But main thing what I want to get
>> -
>>> no cram-md5 in dovecot and ability to send emails. All worked fine until
>> I
>>> set in dovecot.conf:
>>> auth_mechanisms = plain login cram-md5
>>> passdb {
>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>   #driver = sql
>>>driver = passwd-file
>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>
>>
> 
> 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

I setup like You pasted and in mail.log I have:
Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client in: CONT
Feb 23 10:41:58 vps342401 dovecot: auth: Debug: passwd-file(
do_not_re...@example.com,93.179.231.31,): lookup: user=
do_not_re...@example.com file=/etc/dovecot/cram-m$
Feb 23 10:41:58 vps342401 dovecot: auth: Debug: client passdb out:
OK#0111#011user=do_not_re...@example.com
Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master in:
REQUEST#0113625975809#0115088#0111#0115fa408b8c444a03b751b990e57cbfada#011session_pid=5092
Feb 23 10:41:58 vps342401 dovecot: auth: Debug: prefetch(
do_not_re...@example.com,93.179.231.31,): passdb didn't
return userdb entries, trying the next userdb
Feb 23 10:41:58 vps342401 dovecot: auth-worker(5090): Debug: sql(
do_not_re...@example.com,93.179.231.31): SELECT email as user, maildir as
home, CONCAT( maildir_format, ':', mail$
Feb 23 10:41:58 vps342401 dovecot: auth: Debug: master userdb out:
USER#0113625975809#
011do_not_re...@example.com#011home=/var/vmail/example.com/do_not_reply#011mail=maildir:/var/vma$
Feb 23 10:41:58 vps342401 dovecot: pop3-login: Login: user=<
do_not_re...@example.com>, method=PLAIN, rip=93.179.231.31,
lip=193.70.38.6, mpid=5092, TLS, session=
Feb 23 10:41:58 vps342401 dovecot: pop3(do_not_re...@serwispepsi.pl):
Disconnected: Logged out top=0/0, retr=0/0, del=1/2, size=179243


2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> I wonderd about how dovecot would deside, which "args" belongs to wich
> "driver" line. So looked over
> http://wiki.dovecot.org/Authentication/MultipleDatabases.
>
> Possibly you should write something like:
>
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
>
> passdb {
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
>
> Willi
>
>
> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
> > You have right, I added 'noplaintext'. But main thing what I want to get
> -
> > no cram-md5 in dovecot and ability to send emails. All worked fine until
> I
> > set in dovecot.conf:
> > auth_mechanisms = plain login cram-md5
> > passdb {
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

This determine to use both - default and custom settings in passdb block
but I would default setting without cram-md5 in this file. In other words I
would have only below in dovecot.conf:
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}

This worked before I added cram-md5 lines. After this I can't use default
settings because then I can't send emails. Next thing that I only use one
from above You pasted (other two lines are commented out):
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
  # driver = passwd-file
  # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

or this
passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

2017-02-23 10:36 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> I wonderd about how dovecot would deside, which "args" belongs to wich
> "driver" line. So looked over
> http://wiki.dovecot.org/Authentication/MultipleDatabases.
>
> Possibly you should write something like:
>
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
>
> passdb {
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
>
> Willi
>
>
> Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
> > You have right, I added 'noplaintext'. But main thing what I want to get
> -
> > no cram-md5 in dovecot and ability to send emails. All worked fine until
> I
> > set in dovecot.conf:
> > auth_mechanisms = plain login cram-md5
> > passdb {
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

I wonderd about how dovecot would deside, which "args" belongs to wich
"driver" line. So looked over
http://wiki.dovecot.org/Authentication/MultipleDatabases.

Possibly you should write something like:

passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}

passdb {
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}


Willi


Am 23.02.2017 um 10:30 schrieb Poliman - Serwis:
> You have right, I added 'noplaintext'. But main thing what I want to get -
> no cram-md5 in dovecot and ability to send emails. All worked fine until I
> set in dovecot.conf:
> auth_mechanisms = plain login cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

And in main.cf I have default setting (after installation it was as below):
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

Is it possible that dovecot not see these two?

2017-02-23 10:30 GMT+01:00 Poliman - Serwis :

> You have right, I added 'noplaintext'. But main thing what I want to get
> - no cram-md5 in dovecot and ability to send emails. All worked fine until
> I set in dovecot.conf:
> auth_mechanisms = plain login cram-md5
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> Where default is:
> auth_mechanisms = plain login
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
>   # driver = passwd-file
>   # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> and after I checked that sending emails worked I set again default
> settings in dovecot.conf. After this change I can't send emails.
>
> 2017-02-23 10:24 GMT+01:00 Christian Kivalo :
>
>>
>>
>> On 2017-02-23 10:06, Poliman - Serwis wrote:
>>
>>> I also turned on verbose log in dovecot and below is output in
>>> mail.log:
>>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
>>> xsasl_dovecot_server_connect: auth reply: DONE
>>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
>>> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
>>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
>>> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
>>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
>>> authentication mechanisms
>>>
>> From your postconf -n you disabled the use of mechanisms that use
>> plaintext password
>> smtpd_sasl_security_options = noanonymous,noplaintext
>> smtpd_sasl_tls_security_options = noanonymous,noplaintext
>> The default for both is "noanonymous" see http://www.postfix.org/postcon
>> f.5.html#smtpd_sasl_security_options
>> Postfix defaults to use the cyrus sasl implementation with saslauthd and
>> probably the cram-md5 is module is not installed.
>> You should be using the dovecot sasl implementation in postfix, from your
>> postconf -n i don't see that you are using the dovecot sasl implementation.
>>
>> In main.cf set (from: http://www.postfix.org/SASL_RE
>> ADME.html#server_sasl_enable ):
>>
>> smtpd_sasl_type = dovecot
>>
>> and if you configured the dovecot auth socket in
>> /var/spool/postfix/private/auth
>>
>> smtpd_sasl_path = private/auth
>>
>> from: http://www.postfix.org/SASL_README.html#server_dovecot
>>
>>> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
>>> /usr/lib/postfix/smtpd pid 3640 exit status 1
>>> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
>>> /usr/lib/postfix/smtpd: bad command startup -- throttling
>>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
>>> connection rate 27/60s for (submission:54.175.125.239) at Feb 23
>>> 09:58:20
>>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
>>> connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
>>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message
>>> rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
>>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache
>>> size 3 at Feb 23 09:58:21
>>>
>>> 2017-02-23 9:59 GMT+01:00 Poliman - Serwis :
>>>
>>> Ok, so I added in main.cf [3] at the bottom of the file the line:
 debug_peer_list = 127.0.0.1,93.X.X.31

 and in master.cf [1] (set 'n' in chroot column):
 submission inet n   -   n   -   -   smtpd
 smtps inet  n   -   n   -   -   smtpd

 What is next step?

 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de
 :

 Hi,
>
> would suggest :
> - Try turning off chroot operation in master.cf [1]
> - Verbose logging for specific SMTP connections
> (see http://www.postfix.org/DEBUG_README.html [2])
>
>
> Willi
>
> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
>
>> Hmm. I think that above is not working. Probably I tried sent
>>
> email too
>
>> fast after restart dovecot and new settings weren't loaded.
>>
>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
>>
>> By the way I did some test. I removed cram-md5 from
>>>
>> auth_mechanisms line
>
>> and I uncommented default lines in passdb block and also left
>>>
>> uncommented
>
>> two lines added by me like below:
>>> auth_mechanisms = plain login
>>>
>>> passdb {
>>> args = /etc/dovecot/dovecot-sql.conf
>>> driver = sql
>>> driver = passwd-file
>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>>
>>> I can send emails but I have no idea which setting is used -
>>>
>> these two
>
>> lines:
>>> 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

You have right, I added 'noplaintext'. But main thing what I want to get -
no cram-md5 in dovecot and ability to send emails. All worked fine until I
set in dovecot.conf:
auth_mechanisms = plain login cram-md5
passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

Where default is:
auth_mechanisms = plain login
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
  # driver = passwd-file
  # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

and after I checked that sending emails worked I set again default settings
in dovecot.conf. After this change I can't send emails.

2017-02-23 10:24 GMT+01:00 Christian Kivalo :

>
>
> On 2017-02-23 10:06, Poliman - Serwis wrote:
>
>> I also turned on verbose log in dovecot and below is output in
>> mail.log:
>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
>> xsasl_dovecot_server_connect: auth reply: DONE
>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
>> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
>> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
>> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
>> authentication mechanisms
>>
> From your postconf -n you disabled the use of mechanisms that use
> plaintext password
> smtpd_sasl_security_options = noanonymous,noplaintext
> smtpd_sasl_tls_security_options = noanonymous,noplaintext
> The default for both is "noanonymous" see http://www.postfix.org/postcon
> f.5.html#smtpd_sasl_security_options
> Postfix defaults to use the cyrus sasl implementation with saslauthd and
> probably the cram-md5 is module is not installed.
> You should be using the dovecot sasl implementation in postfix, from your
> postconf -n i don't see that you are using the dovecot sasl implementation.
>
> In main.cf set (from: http://www.postfix.org/SASL_RE
> ADME.html#server_sasl_enable ):
>
> smtpd_sasl_type = dovecot
>
> and if you configured the dovecot auth socket in
> /var/spool/postfix/private/auth
>
> smtpd_sasl_path = private/auth
>
> from: http://www.postfix.org/SASL_README.html#server_dovecot
>
>> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
>> /usr/lib/postfix/smtpd pid 3640 exit status 1
>> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
>> /usr/lib/postfix/smtpd: bad command startup -- throttling
>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
>> connection rate 27/60s for (submission:54.175.125.239) at Feb 23
>> 09:58:20
>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
>> connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message
>> rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
>> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache
>> size 3 at Feb 23 09:58:21
>>
>> 2017-02-23 9:59 GMT+01:00 Poliman - Serwis :
>>
>> Ok, so I added in main.cf [3] at the bottom of the file the line:
>>> debug_peer_list = 127.0.0.1,93.X.X.31
>>>
>>> and in master.cf [1] (set 'n' in chroot column):
>>> submission inet n   -   n   -   -   smtpd
>>> smtps inet  n   -   n   -   -   smtpd
>>>
>>> What is next step?
>>>
>>> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de
>>> :
>>>
>>> Hi,

 would suggest :
 - Try turning off chroot operation in master.cf [1]
 - Verbose logging for specific SMTP connections
 (see http://www.postfix.org/DEBUG_README.html [2])


 Willi

 Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:

> Hmm. I think that above is not working. Probably I tried sent
>
 email too

> fast after restart dovecot and new settings weren't loaded.
>
> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
>
> By the way I did some test. I removed cram-md5 from
>>
> auth_mechanisms line

> and I uncommented default lines in passdb block and also left
>>
> uncommented

> two lines added by me like below:
>> auth_mechanisms = plain login
>>
>> passdb {
>> args = /etc/dovecot/dovecot-sql.conf
>> driver = sql
>> driver = passwd-file
>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> }
>>
>> I can send emails but I have no idea which setting is used -
>>
> these two

> lines:
>> args = /etc/dovecot/dovecot-sql.conf
>> driver = sql
>>
>> or these
>>
>
 driver = passwd-file
>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>
>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd
>>
> :

>
>> On 23 February 2017 at 07:01, Poliman - Serwis
>>>
>>  wrote:

> ...
 All 

Re: dovecot cram-md5 setting break sending emails

[Christian Kivalo]

On 2017-02-23 10:06, Poliman - Serwis wrote:

I also turned on verbose log in dovecot and below is output in
mail.log:
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_connect: auth reply: DONE
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
authentication mechanisms
From your postconf -n you disabled the use of mechanisms that use 
plaintext password

smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_tls_security_options = noanonymous,noplaintext
The default for both is "noanonymous" see 
http://www.postfix.org/postconf.5.html#smtpd_sasl_security_options
Postfix defaults to use the cyrus sasl implementation with saslauthd and 
probably the cram-md5 is module is not installed.
You should be using the dovecot sasl implementation in postfix, from 
your postconf -n i don't see that you are using the dovecot sasl 
implementation.


In main.cf set (from: 
http://www.postfix.org/SASL_README.html#server_sasl_enable ):


smtpd_sasl_type = dovecot

and if you configured the dovecot auth socket in 
/var/spool/postfix/private/auth


smtpd_sasl_path = private/auth

from: http://www.postfix.org/SASL_README.html#server_dovecot

Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
/usr/lib/postfix/smtpd pid 3640 exit status 1
Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
connection rate 27/60s for (submission:54.175.125.239) at Feb 23
09:58:20
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
connection count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message
rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache
size 3 at Feb 23 09:58:21

2017-02-23 9:59 GMT+01:00 Poliman - Serwis :


Ok, so I added in main.cf [3] at the bottom of the file the line:
debug_peer_list = 127.0.0.1,93.X.X.31

and in master.cf [1] (set 'n' in chroot column):
submission inet n   -   n   -   -   smtpd
smtps inet  n   -   n   -   -   smtpd

What is next step?

2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de
:


Hi,

would suggest :
- Try turning off chroot operation in master.cf [1]
- Verbose logging for specific SMTP connections
(see http://www.postfix.org/DEBUG_README.html [2])

Willi

Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:

Hmm. I think that above is not working. Probably I tried sent

email too

fast after restart dovecot and new settings weren't loaded.

2017-02-23 9:18 GMT+01:00 Poliman - Serwis :


By the way I did some test. I removed cram-md5 from

auth_mechanisms line

and I uncommented default lines in passdb block and also left

uncommented

two lines added by me like below:
auth_mechanisms = plain login

passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

I can send emails but I have no idea which setting is used -

these two

lines:
args = /etc/dovecot/dovecot-sql.conf
driver = sql

or these



driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd

2017-02-23 8:17 GMT+01:00 Dominic Raferd

:



On 23 February 2017 at 07:01, Poliman - Serwis

 wrote:

...
All worked fine. Then I added in dovecot.conf file:
auth_mechanisms = plain login cram-md5 #added cram-md5

passdb {
#args = /etc/dovecot/dovecot-sql.conf
#driver = sql
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

In passdb block commented out default lines and add two (I

can put whole

dovecot config). All things still worked fine. Then - in

dovecot.conf

file I

changed back setting to default. After this I can't send

emails. In log

I

have:
Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no

SASL

authentication mechanisms
Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no

SASL

authentication mechanisms


I suspect it is not permitted to have # comments in dovecot

conf files

except on a line of their own, though I admit I can't find

this

documented. Try removing '#added cram-md5' or putting it on a

line of

its own.





--

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *







--

Pozdrawiam / Best Regards
_Piotr Bracha_

tel. 534 555 877
ser...@poliman.pl


--

Pozdrawiam / Best Regards
_Piotr Bracha_

tel. 534 555 877
ser...@poliman.pl


Links:
--
[1] http://master.cf
[2] http://www.postfix.org/DEBUG_README.html
[3] 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Yes, You have right. These logs show when I setup default lines in
dovecot.conf:
auth_mechanisms = plain login
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
  # driver = passwd-file
  # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

I can send emails (and then no errors/warnings on logs) when I have (these
are custom settings from tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5)
auth_mechanisms = plain login cram-md5
passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

Yes, I reloaded postfix like author said in documentation to which You put
link. Dovecot/postfix log lines are in main.log and mail.err files on
ubuntu. I paste all what I have there.

2017-02-23 10:17 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

>
>
> Am 23.02.2017 um 10:06 schrieb Poliman - Serwis:
> > I also turned on verbose log in dovecot and below is output in mail.log:
> > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> > xsasl_dovecot_server_connect: auth reply: DONE
> > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> > xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
> > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> > xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
> > Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
> > authentication mechanisms
> I'm no dovecot brain - but there is cram-md5 missing.
>
>
> Seems to less loglines for debug_peer_list active. Did you reload postfix?
>
> Can you also add the postfix loglines according to the sending client?
>
>
> Willi
>
>
> > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
> > /usr/lib/postfix/smtpd pid 3640 exit status 1
> > Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
> > /usr/lib/postfix/smtpd: bad command startup -- throttling
> > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> > rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20
> > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> > count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
> > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message
> rate
> > 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
> > Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache
> size 3
> > at Feb 23 09:58:21
> >
> >
> > 2017-02-23 9:59 GMT+01:00 Poliman - Serwis :
> >
> >> Ok, so I added in main.cf at the bottom of the file the line:
> >> debug_peer_list = 127.0.0.1,93.X.X.31
> >>
> >> and in master.cf (set 'n' in chroot column):
> >> submission inet n   -   n   -   -   smtpd
> >> smtps inet  n   -   n   -   -   smtpd
> >>
> >> What is next step?
> >>
> >> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
> >> wilfried.es...@essignetz.de>:
> >>
> >>> Hi,
> >>>
> >>>
> >>> would suggest :
> >>> - Try turning off chroot operation in master.cf
> >>> - Verbose logging for specific SMTP connections
> >>> (see http://www.postfix.org/DEBUG_README.html)
> >>>
> >>>
> >>> Willi
> >>>
> >>>
> >>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
>  Hmm. I think that above is not working. Probably I tried sent email
> too
>  fast after restart dovecot and new settings weren't loaded.
> 
>  2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
> 
> > By the way I did some test. I removed cram-md5 from auth_mechanisms
> >>> line
> > and I uncommented default lines in passdb block and also left
> >>> uncommented
> > two lines added by me like below:
> > auth_mechanisms = plain login
> >
> > passdb {
> >   args = /etc/dovecot/dovecot-sql.conf
> >   driver = sql
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > I can send emails but I have no idea which setting is used - these
> two
> > lines:
> >   args = /etc/dovecot/dovecot-sql.conf
> >   driver = sql
> >
> > or these
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >
> > 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
> >
> >> On 23 February 2017 at 07:01, Poliman - Serwis 
> >>> wrote:
> >>> ...
> >>> All worked fine. Then I added in dovecot.conf file:
> >>> auth_mechanisms = plain login cram-md5 #added cram-md5
> >>>
> >>> passdb {
> >>>   #args = /etc/dovecot/dovecot-sql.conf
> >>>   #driver = sql
> >>>driver = passwd-file
> >>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> In passdb block commented out default lines and add two (I can put
> >>> whole
> >>> dovecot config). All things still worked fine. Then - in
> dovecot.conf
> >> file I
> >>> changed back setting to default. 

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Am 23.02.2017 um 10:06 schrieb Poliman - Serwis:
> I also turned on verbose log in dovecot and below is output in mail.log:
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_connect: auth reply: DONE
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
> authentication mechanisms
I'm no dovecot brain - but there is cram-md5 missing.


Seems to less loglines for debug_peer_list active. Did you reload postfix?

Can you also add the postfix loglines according to the sending client?


Willi


> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
> /usr/lib/postfix/smtpd pid 3640 exit status 1
> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
> /usr/lib/postfix/smtpd: bad command startup -- throttling
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message rate
> 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size 3
> at Feb 23 09:58:21
> 
> 
> 2017-02-23 9:59 GMT+01:00 Poliman - Serwis :
> 
>> Ok, so I added in main.cf at the bottom of the file the line:
>> debug_peer_list = 127.0.0.1,93.X.X.31
>>
>> and in master.cf (set 'n' in chroot column):
>> submission inet n   -   n   -   -   smtpd
>> smtps inet  n   -   n   -   -   smtpd
>>
>> What is next step?
>>
>> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
>> wilfried.es...@essignetz.de>:
>>
>>> Hi,
>>>
>>>
>>> would suggest :
>>> - Try turning off chroot operation in master.cf
>>> - Verbose logging for specific SMTP connections
>>> (see http://www.postfix.org/DEBUG_README.html)
>>>
>>>
>>> Willi
>>>
>>>
>>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
 Hmm. I think that above is not working. Probably I tried sent email too
 fast after restart dovecot and new settings weren't loaded.

 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :

> By the way I did some test. I removed cram-md5 from auth_mechanisms
>>> line
> and I uncommented default lines in passdb block and also left
>>> uncommented
> two lines added by me like below:
> auth_mechanisms = plain login
>
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> I can send emails but I have no idea which setting is used - these two
> lines:
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
>
> or these
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>
> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
>
>> On 23 February 2017 at 07:01, Poliman - Serwis 
>>> wrote:
>>> ...
>>> All worked fine. Then I added in dovecot.conf file:
>>> auth_mechanisms = plain login cram-md5 #added cram-md5
>>>
>>> passdb {
>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>   #driver = sql
>>>driver = passwd-file
>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>>
>>> In passdb block commented out default lines and add two (I can put
>>> whole
>>> dovecot config). All things still worked fine. Then - in dovecot.conf
>> file I
>>> changed back setting to default. After this I can't send emails. In
>>> log
>> I
>>> have:
>>> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>>> authentication mechanisms
>>> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>>> authentication mechanisms
>>
>> I suspect it is not permitted to have # comments in dovecot conf files
>> except on a line of their own, though I admit I can't find this
>> documented. Try removing '#added cram-md5' or putting it on a line of
>> its own.
>>
>
>
>
> --
>
> *Pozdrawiam / Best Regards*
> *Piotr Bracha*
>
>
>
>
> *tel. 534 555 877*
>
> *ser...@poliman.pl *
>



>>>
>>>
>>
>>
>> --
>>
>> *Pozdrawiam / Best Regards*
>> *Piotr Bracha*
>>
>>
>>
>>
>> *tel. 534 555 877*
>>
>> *ser...@poliman.pl *
>>
> 
> 
> 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Strange thing, I can't send emails when I do in dovecot.conf file (which is
default settings):
auth_mechanisms = plain login
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
  # driver = passwd-file
  # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

I can send emails when I set in dovecot.conf file:

auth_mechanisms = plain login cram-md5

passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

Besides in dovecot.conf file I added:
auth_debug=yes
auth_verbose=yes

I attach file with dovecot -a output.

2017-02-23 10:11 GMT+01:00 Dominic Raferd :

> On 23/02/2017 09:06, Poliman - Serwis wrote:
>
> I also turned on verbose log in dovecot and below is output in mail.log:
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_connect: auth reply: DONE
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
> xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
> Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
> authentication mechanisms
> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
> /usr/lib/postfix/smtpd pid 3640 exit status 1
> Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
> /usr/lib/postfix/smtpd: bad command startup -- throttling
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
> count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message
> rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
> Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size
> 3 at Feb 23 09:58:21
>
>
> These seem to be from postfix, not from dovecot. You can get more info
> from dovecot by enabling debug_log_path = path/to/debug/log and by ensuring
> that the changes you've made to the configuration are actually seen by
> dovecot. The easiest way to verify what dovecot is actually using at
> runtime is the doveconf command, dovecot -a will show you these values. Are
> you using fail2ban? (suggestions cribbed from http://serverfault.com/
> questions/588391/how-to-get-doveconf-to-reload-its-config-
> or-read-from-etc-dovecot)
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 4.4.0-62-generic x86_64 Ubuntu 14.04.5 LTS
# NOTE: Send doveconf -n output instead when asking for help.
auth_anonymous_username = anonymous
auth_cache_negative_ttl = 1 hours
auth_cache_size = 0
auth_cache_ttl = 1 hours
auth_debug = yes
auth_debug_passwords = no
auth_default_realm =
auth_failure_delay = 2 secs
auth_gssapi_hostname =
auth_krb5_keytab =
auth_master_user_separator =
auth_mechanisms = plain login cram-md5
auth_proxy_self =
auth_realms =
auth_socket_path = auth-userdb
auth_ssl_require_client_cert = no
auth_ssl_username_from_cert = no
auth_use_winbind = no
auth_username_chars = 
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
auth_username_format = %Lu
auth_username_translation =
auth_verbose = yes
auth_verbose_passwords = no
auth_winbind_helper_path = /usr/bin/ntlm_auth
auth_worker_max_count = 30
base_dir = /var/run/dovecot
config_cache_size = 1 M
debug_log_path =
default_client_limit = 1000
default_idle_kill = 1 mins
default_internal_user = dovecot
default_login_user = dovenull
default_process_limit = 100
default_vsz_limit = 256 M
deliver_log_format = msgid=%m: %$
dict_db_config =
director_doveadm_port = 0
director_mail_servers =
director_servers =
director_user_expire = 15 mins
director_username_hash = %Lu
disable_plaintext_auth = yes
dotlock_use_excl = yes
doveadm_allowed_commands =
doveadm_password =
doveadm_port = 0
doveadm_socket_path = doveadm-server
doveadm_worker_count = 0
dsync_alt_char = _
dsync_remote_cmd = ssh -l%{login} %{host} doveadm dsync-server -u%u -U
first_valid_gid = 1
first_valid_uid = 500
hostname =
imap_capability =
imap_client_workarounds =
imap_id_log =
imap_id_send = name *
imap_idle_notify_interval = 2 mins
imap_logout_format = in=%i out=%o
imap_max_line_length = 64 k
imap_metadata = no
imap_urlauth_host =
imap_urlauth_logout_format = in=%i out=%o
imap_urlauth_port = 143
imapc_features =
imapc_host =
imapc_list_prefix =
imapc_master_user =
imapc_max_idle_time = 29 mins
imapc_password =
imapc_port = 143
imapc_rawlog_dir =
imapc_ssl = no
imapc_ssl_verify = yes
imapc_user =
import_environment = TZ DEBUG_OUTOFMEM
info_log_path =
instance_name = dovecot
last_valid_gid = 0
last_valid_uid = 0
lda_mailbox_autocreate = no
lda_mailbox_autosubscribe = no
lda_original_recipient_header =
libexec_dir = /usr/lib/dovecot
listen = 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Hehe I didn't put there X, only here for public place. ;) I sent emails but
it not working when I do in dovecot.conf file (which is default settings):
auth_mechanisms = plain login
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
  # driver = passwd-file
  # args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

I can send emails when I set in dovecot.conf file:
auth_mechanisms = plain login cram-md5

passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}



2017-02-23 10:08 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> Am 23.02.2017 um 09:59 schrieb Poliman - Serwis:
> > Ok, so I added in main.cf at the bottom of the file the line:
> > debug_peer_list = 127.0.0.1,93.X.X.31
>
> Only for shure: you didn't really wrote "X" in main.cf?
>
> > and in master.cf (set 'n' in chroot column):
> > submission inet n   -   n   -   -   smtpd
> > smtps inet  n   -   n   -   -   smtpd
> >
> > What is next step?
>
> Next steps :
> - try sending mails
> - looking up the logs (for finding error or to make shure you didn't
> open your system up completely)
>
>
> Willi
>
> >
> > 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
> > wilfried.es...@essignetz.de>:
> >
> >> Hi,
> >>
> >>
> >> would suggest :
> >> - Try turning off chroot operation in master.cf
> >> - Verbose logging for specific SMTP connections
> >> (see http://www.postfix.org/DEBUG_README.html)
> >>
> >>
> >> Willi
> >>
> >>
> >> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
> >>> Hmm. I think that above is not working. Probably I tried sent email too
> >>> fast after restart dovecot and new settings weren't loaded.
> >>>
> >>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
> >>>
>  By the way I did some test. I removed cram-md5 from auth_mechanisms
> line
>  and I uncommented default lines in passdb block and also left
> >> uncommented
>  two lines added by me like below:
>  auth_mechanisms = plain login
> 
>  passdb {
>    args = /etc/dovecot/dovecot-sql.conf
>    driver = sql
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>  }
> 
>  I can send emails but I have no idea which setting is used - these two
>  lines:
>    args = /etc/dovecot/dovecot-sql.conf
>    driver = sql
> 
>  or these
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> 
>  2017-02-23 8:17 GMT+01:00 Dominic Raferd :
> 
> > On 23 February 2017 at 07:01, Poliman - Serwis 
> >> wrote:
> >> ...
> >> All worked fine. Then I added in dovecot.conf file:
> >> auth_mechanisms = plain login cram-md5 #added cram-md5
> >>
> >> passdb {
> >>   #args = /etc/dovecot/dovecot-sql.conf
> >>   #driver = sql
> >>driver = passwd-file
> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >> }
> >>
> >> In passdb block commented out default lines and add two (I can put
> >> whole
> >> dovecot config). All things still worked fine. Then - in
> dovecot.conf
> > file I
> >> changed back setting to default. After this I can't send emails. In
> >> log
> > I
> >> have:
> >> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
> >> authentication mechanisms
> >> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
> >> authentication mechanisms
> >
> > I suspect it is not permitted to have # comments in dovecot conf
> files
> > except on a line of their own, though I admit I can't find this
> > documented. Try removing '#added cram-md5' or putting it on a line of
> > its own.
> >
> 
> 
> 
>  --
> 
>  *Pozdrawiam / Best Regards*
>  *Piotr Bracha*
> 
> 
> 
> 
>  *tel. 534 555 877*
> 
>  *ser...@poliman.pl *
> 
> >>>
> >>>
> >>>
> >>
> >>
> >
> >
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Dominic Raferd]

  
  
On 23/02/2017 09:06, Poliman - Serwis wrote:

  I also turned on verbose log in dovecot and below
is output in mail.log:
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_connect: auth reply: DONE
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no
SASL authentication mechanisms
Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
process /usr/lib/postfix/smtpd pid 3640 exit status 1
Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
connection rate 27/60s for (submission:54.175.125.239) at Feb 23
09:58:20
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
connection count 1 for (submission:54.175.125.239) at Feb 23
09:58:08
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
message rate 1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max
cache size 3 at Feb 23 09:58:21
  


These seem to be from postfix, not from dovecot. You
  can get more info from dovecot by enabling debug_log_path =
  path/to/debug/log and by ensuring that the changes you've made to
  the configuration are actually seen by dovecot. The easiest way to
  verify what dovecot is actually using at runtime is the doveconf
  command, dovecot -a will show you these values. Are you using
  fail2ban? (suggestions cribbed from
http://serverfault.com/questions/588391/how-to-get-doveconf-to-reload-its-config-or-read-from-etc-dovecot)
  

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Am 23.02.2017 um 09:59 schrieb Poliman - Serwis:
> Ok, so I added in main.cf at the bottom of the file the line:
> debug_peer_list = 127.0.0.1,93.X.X.31

Only for shure: you didn't really wrote "X" in main.cf?

> and in master.cf (set 'n' in chroot column):
> submission inet n   -   n   -   -   smtpd
> smtps inet  n   -   n   -   -   smtpd
> 
> What is next step?

Next steps :
- try sending mails
- looking up the logs (for finding error or to make shure you didn't
open your system up completely)


Willi

> 
> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
> 
>> Hi,
>>
>>
>> would suggest :
>> - Try turning off chroot operation in master.cf
>> - Verbose logging for specific SMTP connections
>> (see http://www.postfix.org/DEBUG_README.html)
>>
>>
>> Willi
>>
>>
>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
>>> Hmm. I think that above is not working. Probably I tried sent email too
>>> fast after restart dovecot and new settings weren't loaded.
>>>
>>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
>>>
 By the way I did some test. I removed cram-md5 from auth_mechanisms line
 and I uncommented default lines in passdb block and also left
>> uncommented
 two lines added by me like below:
 auth_mechanisms = plain login

 passdb {
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
 }

 I can send emails but I have no idea which setting is used - these two
 lines:
   args = /etc/dovecot/dovecot-sql.conf
   driver = sql

 or these
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd

 2017-02-23 8:17 GMT+01:00 Dominic Raferd :

> On 23 February 2017 at 07:01, Poliman - Serwis 
>> wrote:
>> ...
>> All worked fine. Then I added in dovecot.conf file:
>> auth_mechanisms = plain login cram-md5 #added cram-md5
>>
>> passdb {
>>   #args = /etc/dovecot/dovecot-sql.conf
>>   #driver = sql
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> }
>>
>> In passdb block commented out default lines and add two (I can put
>> whole
>> dovecot config). All things still worked fine. Then - in dovecot.conf
> file I
>> changed back setting to default. After this I can't send emails. In
>> log
> I
>> have:
>> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>> authentication mechanisms
>> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>> authentication mechanisms
>
> I suspect it is not permitted to have # comments in dovecot conf files
> except on a line of their own, though I admit I can't find this
> documented. Try removing '#added cram-md5' or putting it on a line of
> its own.
>



 --

 *Pozdrawiam / Best Regards*
 *Piotr Bracha*




 *tel. 534 555 877*

 *ser...@poliman.pl *

>>>
>>>
>>>
>>
>>
> 
> 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

I also turned on verbose log in dovecot and below is output in mail.log:
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_connect: auth reply: DONE
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_mech_filter: skip mechanism: PLAIN
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]:
xsasl_dovecot_server_mech_filter: skip mechanism: LOGIN
Feb 23 10:03:51 vps342401 postfix/smtps/smtpd[3640]: fatal: no SASL
authentication mechanisms
Feb 23 10:03:52 vps342401 postfix/master[25124]: warning: process
/usr/lib/postfix/smtpd pid 3640 exit status 1
Feb 23 10:03:52 vps342401 postfix/master[25124]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
rate 27/60s for (submission:54.175.125.239) at Feb 23 09:58:20
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max connection
count 1 for (submission:54.175.125.239) at Feb 23 09:58:08
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max message rate
1/60s for (smtps:93.X.X.31) at Feb 23 10:00:37
Feb 23 10:04:12 vps342401 postfix/anvil[3328]: statistics: max cache size 3
at Feb 23 09:58:21


2017-02-23 9:59 GMT+01:00 Poliman - Serwis :

> Ok, so I added in main.cf at the bottom of the file the line:
> debug_peer_list = 127.0.0.1,93.X.X.31
>
> and in master.cf (set 'n' in chroot column):
> submission inet n   -   n   -   -   smtpd
> smtps inet  n   -   n   -   -   smtpd
>
> What is next step?
>
> 2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
> wilfried.es...@essignetz.de>:
>
>> Hi,
>>
>>
>> would suggest :
>> - Try turning off chroot operation in master.cf
>> - Verbose logging for specific SMTP connections
>> (see http://www.postfix.org/DEBUG_README.html)
>>
>>
>> Willi
>>
>>
>> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
>> > Hmm. I think that above is not working. Probably I tried sent email too
>> > fast after restart dovecot and new settings weren't loaded.
>> >
>> > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
>> >
>> >> By the way I did some test. I removed cram-md5 from auth_mechanisms
>> line
>> >> and I uncommented default lines in passdb block and also left
>> uncommented
>> >> two lines added by me like below:
>> >> auth_mechanisms = plain login
>> >>
>> >> passdb {
>> >>   args = /etc/dovecot/dovecot-sql.conf
>> >>   driver = sql
>> >>driver = passwd-file
>> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> >> }
>> >>
>> >> I can send emails but I have no idea which setting is used - these two
>> >> lines:
>> >>   args = /etc/dovecot/dovecot-sql.conf
>> >>   driver = sql
>> >>
>> >> or these
>> >>driver = passwd-file
>> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> >>
>> >> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
>> >>
>> >>> On 23 February 2017 at 07:01, Poliman - Serwis 
>> wrote:
>>  ...
>>  All worked fine. Then I added in dovecot.conf file:
>>  auth_mechanisms = plain login cram-md5 #added cram-md5
>> 
>>  passdb {
>>    #args = /etc/dovecot/dovecot-sql.conf
>>    #driver = sql
>> driver = passwd-file
>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>  }
>> 
>>  In passdb block commented out default lines and add two (I can put
>> whole
>>  dovecot config). All things still worked fine. Then - in dovecot.conf
>> >>> file I
>>  changed back setting to default. After this I can't send emails. In
>> log
>> >>> I
>>  have:
>>  Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>>  authentication mechanisms
>>  Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>>  authentication mechanisms
>> >>>
>> >>> I suspect it is not permitted to have # comments in dovecot conf files
>> >>> except on a line of their own, though I admit I can't find this
>> >>> documented. Try removing '#added cram-md5' or putting it on a line of
>> >>> its own.
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >>
>> >> *Pozdrawiam / Best Regards*
>> >> *Piotr Bracha*
>> >>
>> >>
>> >>
>> >>
>> >> *tel. 534 555 877*
>> >>
>> >> *ser...@poliman.pl *
>> >>
>> >
>> >
>> >
>>
>>
>
>
> --
>
> *Pozdrawiam / Best Regards*
> *Piotr Bracha*
>
>
>
>
> *tel. 534 555 877*
>
> *ser...@poliman.pl *
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Ok, so I added in main.cf at the bottom of the file the line:
debug_peer_list = 127.0.0.1,93.X.X.31

and in master.cf (set 'n' in chroot column):
submission inet n   -   n   -   -   smtpd
smtps inet  n   -   n   -   -   smtpd

What is next step?

2017-02-23 9:42 GMT+01:00 wilfried.es...@essignetz.de <
wilfried.es...@essignetz.de>:

> Hi,
>
>
> would suggest :
> - Try turning off chroot operation in master.cf
> - Verbose logging for specific SMTP connections
> (see http://www.postfix.org/DEBUG_README.html)
>
>
> Willi
>
>
> Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
> > Hmm. I think that above is not working. Probably I tried sent email too
> > fast after restart dovecot and new settings weren't loaded.
> >
> > 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
> >
> >> By the way I did some test. I removed cram-md5 from auth_mechanisms line
> >> and I uncommented default lines in passdb block and also left
> uncommented
> >> two lines added by me like below:
> >> auth_mechanisms = plain login
> >>
> >> passdb {
> >>   args = /etc/dovecot/dovecot-sql.conf
> >>   driver = sql
> >>driver = passwd-file
> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >> }
> >>
> >> I can send emails but I have no idea which setting is used - these two
> >> lines:
> >>   args = /etc/dovecot/dovecot-sql.conf
> >>   driver = sql
> >>
> >> or these
> >>driver = passwd-file
> >>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>
> >> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
> >>
> >>> On 23 February 2017 at 07:01, Poliman - Serwis 
> wrote:
>  ...
>  All worked fine. Then I added in dovecot.conf file:
>  auth_mechanisms = plain login cram-md5 #added cram-md5
> 
>  passdb {
>    #args = /etc/dovecot/dovecot-sql.conf
>    #driver = sql
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>  }
> 
>  In passdb block commented out default lines and add two (I can put
> whole
>  dovecot config). All things still worked fine. Then - in dovecot.conf
> >>> file I
>  changed back setting to default. After this I can't send emails. In
> log
> >>> I
>  have:
>  Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>  authentication mechanisms
>  Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>  authentication mechanisms
> >>>
> >>> I suspect it is not permitted to have # comments in dovecot conf files
> >>> except on a line of their own, though I admit I can't find this
> >>> documented. Try removing '#added cram-md5' or putting it on a line of
> >>> its own.
> >>>
> >>
> >>
> >>
> >> --
> >>
> >> *Pozdrawiam / Best Regards*
> >> *Piotr Bracha*
> >>
> >>
> >>
> >>
> >> *tel. 534 555 877*
> >>
> >> *ser...@poliman.pl *
> >>
> >
> >
> >
>
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[wilfried.es...@essignetz.de]

Hi,


would suggest :
- Try turning off chroot operation in master.cf
- Verbose logging for specific SMTP connections
(see http://www.postfix.org/DEBUG_README.html)


Willi


Am 23.02.2017 um 09:21 schrieb Poliman - Serwis:
> Hmm. I think that above is not working. Probably I tried sent email too
> fast after restart dovecot and new settings weren't loaded.
> 
> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
> 
>> By the way I did some test. I removed cram-md5 from auth_mechanisms line
>> and I uncommented default lines in passdb block and also left uncommented
>> two lines added by me like below:
>> auth_mechanisms = plain login
>>
>> passdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> }
>>
>> I can send emails but I have no idea which setting is used - these two
>> lines:
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>>
>> or these
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>
>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
>>
>>> On 23 February 2017 at 07:01, Poliman - Serwis  wrote:
 ...
 All worked fine. Then I added in dovecot.conf file:
 auth_mechanisms = plain login cram-md5 #added cram-md5

 passdb {
   #args = /etc/dovecot/dovecot-sql.conf
   #driver = sql
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
 }

 In passdb block commented out default lines and add two (I can put whole
 dovecot config). All things still worked fine. Then - in dovecot.conf
>>> file I
 changed back setting to default. After this I can't send emails. In log
>>> I
 have:
 Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
 authentication mechanisms
 Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
 authentication mechanisms
>>>
>>> I suspect it is not permitted to have # comments in dovecot conf files
>>> except on a line of their own, though I admit I can't find this
>>> documented. Try removing '#added cram-md5' or putting it on a line of
>>> its own.
>>>
>>
>>
>>
>> --
>>
>> *Pozdrawiam / Best Regards*
>> *Piotr Bracha*
>>
>>
>>
>>
>> *tel. 534 555 877*
>>
>> *ser...@poliman.pl *
>>
> 
> 
> 

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

In log I have also these lines:
Feb 23 09:12:55 vps342401 dovecot: auth: Error: read(anvil-auth-penalty)
failed: EOF
Feb 23 09:18:40 vps342401 postfix/smtpd[30395]: fatal: no SASL
authentication mechanisms
Feb 23 09:19:04 vps342401 postfix/smtps/smtpd[30426]: fatal: no SASL
authentication mechanisms
Feb 23 09:20:02 vps342401 postfix/smtpd[30519]: fatal: no SASL
authentication mechanisms
Feb 23 09:20:05 vps342401 postfix/smtps/smtpd[30525]: fatal: no SASL
authentication mechanisms


2017-02-23 9:26 GMT+01:00 Poliman - Serwis :

> When I setup config:
> auth_mechanisms = plain login cram-md5
>
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> Then mails can be send. Without 'cram-md5' in auth_mechanisms I can't send
> emails when passdb block looks like above pasted.
>
> 2017-02-23 9:21 GMT+01:00 Poliman - Serwis :
>
>> Hmm. I think that above is not working. Probably I tried sent email too
>> fast after restart dovecot and new settings weren't loaded.
>>
>> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
>>
>>> By the way I did some test. I removed cram-md5 from auth_mechanisms line
>>> and I uncommented default lines in passdb block and also left uncommented
>>> two lines added by me like below:
>>> auth_mechanisms = plain login
>>>
>>> passdb {
>>>   args = /etc/dovecot/dovecot-sql.conf
>>>   driver = sql
>>>driver = passwd-file
>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>>
>>> I can send emails but I have no idea which setting is used - these two
>>> lines:
>>>   args = /etc/dovecot/dovecot-sql.conf
>>>   driver = sql
>>>
>>> or these
>>>driver = passwd-file
>>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>
>>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
>>>
 On 23 February 2017 at 07:01, Poliman - Serwis 
 wrote:
 > ...
 > All worked fine. Then I added in dovecot.conf file:
 > auth_mechanisms = plain login cram-md5 #added cram-md5
 >
 > passdb {
 >   #args = /etc/dovecot/dovecot-sql.conf
 >   #driver = sql
 >driver = passwd-file
 >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
 > }
 >
 > In passdb block commented out default lines and add two (I can put
 whole
 > dovecot config). All things still worked fine. Then - in dovecot.conf
 file I
 > changed back setting to default. After this I can't send emails. In
 log I
 > have:
 > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
 > authentication mechanisms
 > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
 > authentication mechanisms

 I suspect it is not permitted to have # comments in dovecot conf files
 except on a line of their own, though I admit I can't find this
 documented. Try removing '#added cram-md5' or putting it on a line of
 its own.

>>>
>>>
>>>
>>> --
>>>
>>> *Pozdrawiam / Best Regards*
>>> *Piotr Bracha*
>>>
>>>
>>>
>>>
>>> *tel. 534 555 877*
>>>
>>> *ser...@poliman.pl *
>>>
>>
>>
>>
>> --
>>
>> *Pozdrawiam / Best Regards*
>> *Piotr Bracha*
>>
>>
>>
>>
>> *tel. 534 555 877*
>>
>> *ser...@poliman.pl *
>>
>
>
>
> --
>
> *Pozdrawiam / Best Regards*
> *Piotr Bracha*
>
>
>
>
> *tel. 534 555 877*
>
> *ser...@poliman.pl *
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

When I setup config:
auth_mechanisms = plain login cram-md5

passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

Then mails can be send. Without 'cram-md5' in auth_mechanisms I can't send
emails when passdb block looks like above pasted.

2017-02-23 9:21 GMT+01:00 Poliman - Serwis :

> Hmm. I think that above is not working. Probably I tried sent email too
> fast after restart dovecot and new settings weren't loaded.
>
> 2017-02-23 9:18 GMT+01:00 Poliman - Serwis :
>
>> By the way I did some test. I removed cram-md5 from auth_mechanisms line
>> and I uncommented default lines in passdb block and also left uncommented
>> two lines added by me like below:
>> auth_mechanisms = plain login
>>
>> passdb {
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> }
>>
>> I can send emails but I have no idea which setting is used - these two
>> lines:
>>   args = /etc/dovecot/dovecot-sql.conf
>>   driver = sql
>>
>> or these
>>driver = passwd-file
>>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>
>> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
>>
>>> On 23 February 2017 at 07:01, Poliman - Serwis 
>>> wrote:
>>> > ...
>>> > All worked fine. Then I added in dovecot.conf file:
>>> > auth_mechanisms = plain login cram-md5 #added cram-md5
>>> >
>>> > passdb {
>>> >   #args = /etc/dovecot/dovecot-sql.conf
>>> >   #driver = sql
>>> >driver = passwd-file
>>> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> > }
>>> >
>>> > In passdb block commented out default lines and add two (I can put
>>> whole
>>> > dovecot config). All things still worked fine. Then - in dovecot.conf
>>> file I
>>> > changed back setting to default. After this I can't send emails. In
>>> log I
>>> > have:
>>> > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>>> > authentication mechanisms
>>> > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>>> > authentication mechanisms
>>>
>>> I suspect it is not permitted to have # comments in dovecot conf files
>>> except on a line of their own, though I admit I can't find this
>>> documented. Try removing '#added cram-md5' or putting it on a line of
>>> its own.
>>>
>>
>>
>>
>> --
>>
>> *Pozdrawiam / Best Regards*
>> *Piotr Bracha*
>>
>>
>>
>>
>> *tel. 534 555 877*
>>
>> *ser...@poliman.pl *
>>
>
>
>
> --
>
> *Pozdrawiam / Best Regards*
> *Piotr Bracha*
>
>
>
>
> *tel. 534 555 877*
>
> *ser...@poliman.pl *
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Hmm. I think that above is not working. Probably I tried sent email too
fast after restart dovecot and new settings weren't loaded.

2017-02-23 9:18 GMT+01:00 Poliman - Serwis :

> By the way I did some test. I removed cram-md5 from auth_mechanisms line
> and I uncommented default lines in passdb block and also left uncommented
> two lines added by me like below:
> auth_mechanisms = plain login
>
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> I can send emails but I have no idea which setting is used - these two
> lines:
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
>
> or these
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>
> 2017-02-23 8:17 GMT+01:00 Dominic Raferd :
>
>> On 23 February 2017 at 07:01, Poliman - Serwis  wrote:
>> > ...
>> > All worked fine. Then I added in dovecot.conf file:
>> > auth_mechanisms = plain login cram-md5 #added cram-md5
>> >
>> > passdb {
>> >   #args = /etc/dovecot/dovecot-sql.conf
>> >   #driver = sql
>> >driver = passwd-file
>> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>> > }
>> >
>> > In passdb block commented out default lines and add two (I can put whole
>> > dovecot config). All things still worked fine. Then - in dovecot.conf
>> file I
>> > changed back setting to default. After this I can't send emails. In log
>> I
>> > have:
>> > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
>> > authentication mechanisms
>> > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
>> > authentication mechanisms
>>
>> I suspect it is not permitted to have # comments in dovecot conf files
>> except on a line of their own, though I admit I can't find this
>> documented. Try removing '#added cram-md5' or putting it on a line of
>> its own.
>>
>
>
>
> --
>
> *Pozdrawiam / Best Regards*
> *Piotr Bracha*
>
>
>
>
> *tel. 534 555 877*
>
> *ser...@poliman.pl *
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

By the way I did some test. I removed cram-md5 from auth_mechanisms line
and I uncommented default lines in passdb block and also left uncommented
two lines added by me like below:
auth_mechanisms = plain login

passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

I can send emails but I have no idea which setting is used - these two
lines:
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql

or these
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd

2017-02-23 8:17 GMT+01:00 Dominic Raferd :

> On 23 February 2017 at 07:01, Poliman - Serwis  wrote:
> > ...
> > All worked fine. Then I added in dovecot.conf file:
> > auth_mechanisms = plain login cram-md5 #added cram-md5
> >
> > passdb {
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > In passdb block commented out default lines and add two (I can put whole
> > dovecot config). All things still worked fine. Then - in dovecot.conf
> file I
> > changed back setting to default. After this I can't send emails. In log I
> > have:
> > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
> > authentication mechanisms
> > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
> > authentication mechanisms
>
> I suspect it is not permitted to have # comments in dovecot conf files
> except on a line of their own, though I admit I can't find this
> documented. Try removing '#added cram-md5' or putting it on a line of
> its own.
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

I removed all comments which I added. It didn't help. Maybe should I put
some config files dovecot or postfix or something?

2017-02-23 8:17 GMT+01:00 Dominic Raferd :

> On 23 February 2017 at 07:01, Poliman - Serwis  wrote:
> > ...
> > All worked fine. Then I added in dovecot.conf file:
> > auth_mechanisms = plain login cram-md5 #added cram-md5
> >
> > passdb {
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >driver = passwd-file
> >args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > In passdb block commented out default lines and add two (I can put whole
> > dovecot config). All things still worked fine. Then - in dovecot.conf
> file I
> > changed back setting to default. After this I can't send emails. In log I
> > have:
> > Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
> > authentication mechanisms
> > Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
> > authentication mechanisms
>
> I suspect it is not permitted to have # comments in dovecot conf files
> except on a line of their own, though I admit I can't find this
> documented. Try removing '#added cram-md5' or putting it on a line of
> its own.
>



-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*ser...@poliman.pl *

Re: dovecot cram-md5 setting break sending emails

[Dominic Raferd]

On 23 February 2017 at 07:01, Poliman - Serwis  wrote:
> ...
> All worked fine. Then I added in dovecot.conf file:
> auth_mechanisms = plain login cram-md5 #added cram-md5
>
> passdb {
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>driver = passwd-file
>args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> In passdb block commented out default lines and add two (I can put whole
> dovecot config). All things still worked fine. Then - in dovecot.conf file I
> changed back setting to default. After this I can't send emails. In log I
> have:
> Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
> authentication mechanisms
> Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL
> authentication mechanisms

I suspect it is not permitted to have # comments in dovecot conf files
except on a line of their own, though I admit I can't find this
documented. Try removing '#added cram-md5' or putting it on a line of
its own.

dovecot cram-md5 setting break sending emails

[Poliman - Serwis]

Hi everyone. My postfix configuration (postconf -n):
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
append_dot_mydomain = no
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
dovecot_destination_recipient_limit = 1
greylisting = check_policy_service inet:127.0.0.1:10023
header_checks = regexp:/etc/postfix/header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
inet_protocols = all
mailbox_size_limit = 0
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
message_size_limit = 0
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = vps342401.ovh.net, localhost, localhost.localdomain
myhostname = vps342401.ovh.net
mynetworks = 127.0.0.0/8 [::1]/128
myorigin = /etc/mailname
nested_header_checks = regexp:/etc/postfix/nested_header_checks
owner_request_special = no
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps
$virtual_alias_domains $sender_bcc_maps $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canonical_maps
$relocated_maps $transport_maps $mynetworks $smtpd_sender_login_maps
readme_directory = /usr/share/doc/postfix
receive_override_options = no_address_mappings
recipient_delimiter = +
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps = mysql:/etc/postfix/
mysql-virtual_relayrecipientmaps.cf
relayhost =
sender_bcc_maps = proxy:mysql:/etc/postfix/mysql-virtual_outgoing_bcc.cf
smtp_tls_exclude_ciphers = RC4, aNULL
smtp_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
smtpd_client_message_rate_limit = 100
smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
mysql-virtual_client.cf
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_sasl_authenticated, permit_mynetworks,
check_helo_access regexp:/etc/postfix/helo_access, reject_invalid_hostname,
reject_non_fqdn_hostname, check_helo_access
regexp:/etc/postfix/blacklist_helo
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
check_recipient_access mysql:/etc/postfix/mysql-virtual_recipient.cf,
reject_rbl_client zen.spamhaus.org
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated
defer_unauth_destination
smtpd_restriction_classes = greylisting
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous,noplaintext
smtpd_sasl_tls_security_options = noanonymous,noplaintext
smtpd_sasl_type = dovecot
smtpd_sender_login_maps = proxy:mysql:/etc/postfix/
mysql-virtual_sender_login_maps.cf
smtpd_sender_restrictions = check_sender_access regexp:/etc/postfix/
tag_as_originating.re , permit_mynetworks, permit_sasl_authenticated,
check_sender_access mysql:/etc/postfix/mysql-virtual_sender.cf,
check_sender_access regexp:/etc/postfix/tag_as_foreign.re
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_exclude_ciphers = RC4, aNULL
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_use_tls = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman,
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
virtual_alias_domains =
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman,
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = mysql:/etc/postfix/mysql-virtual_gids.cf
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = mysql:/etc/postfix/mysql-virtual_uids.cf

All worked fine. Then I added in dovecot.conf file:
auth_mechanisms = plain login cram-md5 #added cram-md5

passdb {
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql
   driver = passwd-file
   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

In passdb block commented out default lines and add two (I can put whole
dovecot config). All things still worked fine. Then - in dovecot.conf file
I changed back setting to default. After this I can't send emails. In log I
have:
Feb 23 06:46:49 vps301 postfix/smtps/smtpd[24919]: fatal: no SASL
authentication mechanisms
Feb 23 06:47:50 vps301 postfix/smtps/smtpd[24942]: fatal: no SASL