I always restart dovecot after change config. ;) Sure, I commented out
added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login cram-md5
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmas...@example.com
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = </etc/postfix/smtpd.cert
ssl_cipher_list =
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key = </etc/postfix/smtpd.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota
}
protocol pop3 {
mail_plugins = quota
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
mail_plugins = sieve quota
postmaster_address = webmaster@localhost
}
protocol lmtp {
mail_plugins = quota sieve
postmaster_address = webmaster@localhost
}
2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tu...@dovecot.fi>:
>
>
> On 01.02.2017 08:18, Poliman - Serwis wrote:
> > This is debug log files in syslog:
> > Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out:
> > CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> m5ldD4=
> > Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
> > Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql(
> > do_not_re...@example.com,12.173.211.32): query: SELECT email as user,
> > password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
> > '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> userdb_mail,
> > uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS
> > userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> > mail_user WHERE (login = 'do_not_re...@example.com' OR email = '
> > do_not_re...@example.com') AND `disablesmtp` = 'n' AND server_id = '1'
> > Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
> > do_not_re...@example.com, 12.173.211.32): Requested CRAM-MD5 scheme,
> but we
> > have only CRYPT
> > Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out:
> > FAIL#0112#011user=do_not_re...@example.com
> > Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> > host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication
> > failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4=
> > Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD
> > (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
> > `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> > Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
> > (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
> > `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> > AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out:
> > CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> m5ldD4=
> > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
> > Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql(
> > do_not_re...@example.com,12.173.211.32): query: SELECT email as user,
> > password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
> > '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> userdb_mail,
> > uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS
> > userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> > mail_user WHERE (login = 'do_not_re...@example.com' OR email = '
> > do_not_re...@example.com') AND `disablesmtp` = 'n' AND server_id = '1'
> > Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
> > do_not_re...@example.com,12.173.211.32): Requested CRAM-MD5 scheme, but
> we
> > have only CRYPT
> > Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out:
> > FAIL#0113#011user=do_not_re...@example.com
> >
> >
> >
> > #####################
> > I added in dovecot.conf lines in passdb block:
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > and commented out default lines
> > #args = /etc/dovecot/dovecot-sql.conf
> > #driver = sql
> > When I try set again default lines I got above error
>
> Can you run doveconf -n with the configuration that causes the above
> error? Also it clearly does SQL lookup, so that error is happening with
> SQL passdb. You need to remember to restart dovecot between
> configuration changes.
>
> Aki
>
> >
> > 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tu...@dovecot.fi>:
> >
> >>
> >> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>> I set up cram-md5 using this tutorial
> >>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf
> in
> >>> passdb code block:
> >>> listen = *,[::]
> >>> protocols = imap pop3
> >>> #auth_mechanisms = plain login cram-md5
> >>> auth_mechanisms = cram-md5 plain login
> >>> #dodana nizej linia
> >>> ssl = required
> >>> disable_plaintext_auth = yes
> >>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>> mail_privileged_group = vmail
> >>> postmaster_address = postmas...@vps342401.ovh.net
> >>> ssl_cert = </etc/postfix/smtpd.cert
> >>> ssl_key = </etc/postfix/smtpd.key
> >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>> ssl_cipher_list =
> >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>> ssl_prefer_server_ciphers = yes
> >>> ssl_dh_parameters_length = 2048
> >>>
> >>>
> >>> mail_max_userip_connections = 100
> >>> passdb {
> >>> # args = /etc/dovecot/dovecot-sql.conf
> >>> # driver = sql
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>> userdb {
> >>> driver = prefetch
> >>> }
> >>> userdb {
> >>> args = /etc/dovecot/dovecot-sql.conf
> >>> driver = sql
> >>> }
> >>> Of course I created cram-md5.pwd file. All mails go out and come
> nicely.
> >>> But after I want to do default settings by commented out these two
> lines:
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> and uncomment
> >>> # args = /etc/dovecot/dovecot-sql.conf
> >>> # driver = sql
> >>> I can't send emails - I use Thunderbird - get error "logging on server
> >>> mail.example.com not work out". Error in logs:
> >>> dovecot: auth-worker(22698): Error: Auth worker sees different
> >>> passdbs/userdbs than auth server.
> >>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> >>>
> >>> Is it possible that hashed password from cram-md5.pwd file was written
> to
> >>> database (if yes then where - I have ISPconfig)? I wasn't change any
> >> userdb
> >>> {} block and this second userdb block has this same lines like default
> >>> settings in passdb block.
> >>>
> >> Try
> >>
> >> auth_debug=yes
> >> auth_verbose=yes
> >>
> >> and see if it gives any more reasonable messages.
> >>
> >> Aki
> >>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*ser...@poliman.pl <ser...@poliman.pl>*
