I’ve installed and configured Apple’s calendar server. It seems to be working
just fine.
However it keeps trying to speak to my IMAP server — don’t know why — and the
authentication attempts fail every 30 seconds or so.
Here’s what’s in the calendar server logs:
2016-01-07 22:42:38+0000 [-] [caldav-1] [IMAP4DownloadProtocol
(TLSMemoryBIOProtocol),client]
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error]
IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:08+0000 [-] [caldav-1] [IMAP4DownloadProtocol
(TLSMemoryBIOProtocol),client]
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error]
IMAP login failed for com.apple.calendarserver
2016-01-07 22:43:39+0000 [-] [caldav-1] [IMAP4DownloadProtocol
(TLSMemoryBIOProtocol),client]
[txdav.caldav.datastore.scheduling.imip.inbound.IMAP4DownloadProtocol#error]
IMAP login failed for com.apple.calendarserver
And in dovecot’s logs I see:
Jan 7 22:47:43 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2
attempts in 4 secs): user=<com.apple.calendarserver>, method=PLAIN,
rip=195.54.233.70, lip=195.54.233.70, TLS, session=<wkMAQsYoVADDNulG>
Jan 7 22:48:10 hutch dovecot[63067]: auth-worker(65378): Error:
pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission
denied
Jan 7 22:48:14 --- last message repeated 1 time ---
Jan 7 22:48:14 hutch dovecot[63067]: imap-login: Disconnected (auth failed, 2
attempts in 4 secs): user=<com.apple.calendarserver>, method=PLAIN,
rip=195.54.233.70, lip=195.54.233.70, TLS, session=<dSvTQ8YoXQDDNulG>
Jan 7 22:48:40 hutch dovecot[63067]: auth-worker(65378): Error:
pam(com.apple.calendarserver,195.54.233.70): pam_acct_mgmt() failed: permission
denied
Jan 7 22:48:44 --- last message repeated 1 time —
I tweaked dovecot to use AUTH PLAIN as well as CRAM-MD5. [The MD5 stuff has
always worked fine for SMTP and IMAP over TLS.] I think /etc/pam.d/dovecot is
OK too:
% cat /etc/pam.d/dovecot
#
# as documented on Dovecot wiki
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
Here’s my dovecot.conf:
# 2.2.5: dovecot.conf
# OS: Darwin 12.5.0 x86_64
auth_mechanisms = plain login cram-md5
base_dir = /var/run/dovecot/
listen = *, [::]
mail_debug = yes
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
hidden = yes
inbox = yes
list = no
location = mbox:~/mail:INBOX=/var/mail/%u
prefix = "#mbox/"
separator = /
type = private
}
namespace {
inbox = no
list = yes
location = maildir:/var/imap/%u:LAYOUT=fs
prefix =
separator = /
type = private
}
passdb {
driver = pam
args = failure_show_msg=yes
}
passdb {
args = /usr/local/etc/dovecot-md5
driver = passwd-file
}
protocols = imap
service auth {
executable = /usr/local/libexec/dovecot/auth
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
user = root
}
service imap-login {
client_limit = 32
executable = /usr/local/libexec/dovecot/imap-login
inet_listener imap {
port = 0
}
process_limit = 128
process_min_avail = 3
service_count = 1
vsz_limit = 64 M
}
service imap {
executable = /usr/local/libexec/dovecot/imap
process_limit = 32
}
service pop3-login {
client_limit = 32
process_limit = 128
process_min_avail = 3
service_count = 1
vsz_limit = 64 M
}
service pop3 {
process_limit = 32
}
ssl_cert = </usr/local/etc/ssl/certs/dovecot.pem
ssl_cipher_list = ALL:!LOW:!SSLv2
ssl_key = </usr/local/etc/ssl/private/dovecot.pem
syslog_facility = local4
userdb {
driver = passwd
}
protocol imap {
mail_max_userip_connections = 10
mail_plugin_dir = /usr/local/lib/dovecot/imap
}
protocol lda {
postmaster_address = postmas...@example.com
}
Can someone please explain what’s going on and how to fix/troubleshoot it?
Thanks.
The endless error messages in the log don’t seem to be causing any problems to
either the mail setup or the calendaer server. Famous last words… However they
are a bit annoying and probably point to an underlying problem or
misconfiguration that really should be fixed. By the way, the password used by
the calendar server is for my MacOSX login (which should be getting picked up
via PAM, right?) while a different one is used for the SMTP/IMAP MD5
challenge-response.
I hope someone can clear up my confusion.
