Default it was: "auth_mechanisms = plain login" and I added cram-md5.
After restart all work perfectly. But after I added:
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
I can't set default lines because I got error. Please tell me which lines
should be changed to resolve this issue. Should I remove "login" from
auth_mechanism ("login" was default setting and I would like to move back
to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tu...@dovecot.fi>:
> Because cram-md5 needs the user's password for calculating responses, it
> cannot work with hashed passwords (one-way encrypted). The only
> supported password schemes are PLAIN and CRAM-MD5.
>
> Aki
>
> On 01.02.2017 09:33, Poliman - Serwis wrote:
> > I always restart dovecot after change config. ;) Sure, I commented out
> > added two lines by me, restarted dovecot and here it is:
> >
> > # 2.2.9: /etc/dovecot/dovecot.conf
> > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> > auth_mechanisms = plain login cram-md5
> > listen = *,[::]
> > log_timestamp = "%Y-%m-%d %H:%M:%S "
> > mail_max_userip_connections = 100
> > mail_plugins = " quota"
> > mail_privileged_group = vmail
> > passdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > plugin {
> > quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> > sieve = /var/vmail/%d/%n/.sieve
> > sieve_max_redirects = 25
> > }
> > postmaster_address = postmas...@example.com
> > protocols = imap pop3
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > group = postfix
> > mode = 0660
> > user = postfix
> > }
> > unix_listener auth-userdb {
> > group = vmail
> > mode = 0600
> > user = vmail
> > }
> > user = root
> > }
> > service imap-login {
> > client_limit = 1000
> > process_limit = 512
> > }
> > service lmtp {
> > unix_listener /var/spool/postfix/private/dovecot-lmtp {
> > group = postfix
> > mode = 0600
> > user = postfix
> > }
> > }
> > ssl = required
> > ssl_cert = </etc/postfix/smtpd.cert
> > ssl_cipher_list =
> > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> > ssl_dh_parameters_length = 2048
> > ssl_key = </etc/postfix/smtpd.key
> > ssl_prefer_server_ciphers = yes
> > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> > userdb {
> > driver = prefetch
> > }
> > userdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > protocol imap {
> > mail_plugins = quota imap_quota
> > }
> > protocol pop3 {
> > mail_plugins = quota
> > pop3_uidl_format = %08Xu%08Xv
> > }
> > protocol lda {
> > mail_plugins = sieve quota
> > postmaster_address = webmaster@localhost
> > }
> > protocol lmtp {
> > mail_plugins = quota sieve
> > postmaster_address = webmaster@localhost
> > }
> >
> >
> > 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tu...@dovecot.fi>:
> >
> >>
> >> On 01.02.2017 08:18, Poliman - Serwis wrote:
> >>> This is debug log files in syslog:
> >>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out:
> >>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >> m5ldD4=
> >>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql(
> >>> do_not_re...@example.com,12.173.211.32): query: SELECT email as user,
> >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
> >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> >> userdb_mail,
> >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B')
> AS
> >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> >>> mail_user WHERE (login = 'do_not_re...@example.com' OR email = '
> >>> do_not_re...@example.com') AND `disablesmtp` = 'n' AND server_id = '1'
> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
> >>> do_not_re...@example.com, 12.173.211.32): Requested CRAM-MD5 scheme,
> >> but we
> >>> have only CRYPT
> >>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out:
> >>> FAIL#0112#011user=do_not_re...@example.com
> >>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> >>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication
> >>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> dD4=
> >>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD
> >>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
> >>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> >>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
> >>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
> >>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
> >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> >>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out:
> >>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >> m5ldD4=
> >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql(
> >>> do_not_re...@example.com,12.173.211.32): query: SELECT email as user,
> >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
> >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as
> >> userdb_mail,
> >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B')
> AS
> >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
> >>> mail_user WHERE (login = 'do_not_re...@example.com' OR email = '
> >>> do_not_re...@example.com') AND `disablesmtp` = 'n' AND server_id = '1'
> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
> >>> do_not_re...@example.com,12.173.211.32): Requested CRAM-MD5 scheme,
> but
> >> we
> >>> have only CRYPT
> >>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out:
> >>> FAIL#0113#011user=do_not_re...@example.com
> >>>
> >>>
> >>>
> >>> #####################
> >>> I added in dovecot.conf lines in passdb block:
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> and commented out default lines
> >>> #args = /etc/dovecot/dovecot-sql.conf
> >>> #driver = sql
> >>> When I try set again default lines I got above error
> >> Can you run doveconf -n with the configuration that causes the above
> >> error? Also it clearly does SQL lookup, so that error is happening with
> >> SQL passdb. You need to remember to restart dovecot between
> >> configuration changes.
> >>
> >> Aki
> >>
> >>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tu...@dovecot.fi>:
> >>>
> >>>> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>>>> I set up cram-md5 using this tutorial
> >>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> /etc/dovecot/dovecot.conf
> >> in
> >>>>> passdb code block:
> >>>>> listen = *,[::]
> >>>>> protocols = imap pop3
> >>>>> #auth_mechanisms = plain login cram-md5
> >>>>> auth_mechanisms = cram-md5 plain login
> >>>>> #dodana nizej linia
> >>>>> ssl = required
> >>>>> disable_plaintext_auth = yes
> >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>> mail_privileged_group = vmail
> >>>>> postmaster_address = postmas...@vps342401.ovh.net
> >>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>> ssl_cipher_list =
> >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>> ssl_prefer_server_ciphers = yes
> >>>>> ssl_dh_parameters_length = 2048
> >>>>>
> >>>>>
> >>>>> mail_max_userip_connections = 100
> >>>>> passdb {
> >>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>> # driver = sql
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> }
> >>>>> userdb {
> >>>>> driver = prefetch
> >>>>> }
> >>>>> userdb {
> >>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>> driver = sql
> >>>>> }
> >>>>> Of course I created cram-md5.pwd file. All mails go out and come
> >> nicely.
> >>>>> But after I want to do default settings by commented out these two
> >> lines:
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> and uncomment
> >>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>> # driver = sql
> >>>>> I can't send emails - I use Thunderbird - get error "logging on
> server
> >>>>> mail.example.com not work out". Error in logs:
> >>>>> dovecot: auth-worker(22698): Error: Auth worker sees different
> >>>>> passdbs/userdbs than auth server.
> >>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> >>>>>
> >>>>> Is it possible that hashed password from cram-md5.pwd file was
> written
> >> to
> >>>>> database (if yes then where - I have ISPconfig)? I wasn't change any
> >>>> userdb
> >>>>> {} block and this second userdb block has this same lines like
> default
> >>>>> settings in passdb block.
> >>>>>
> >>>> Try
> >>>>
> >>>> auth_debug=yes
> >>>> auth_verbose=yes
> >>>>
> >>>> and see if it gives any more reasonable messages.
> >>>>
> >>>> Aki
> >>>>
> >>>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*ser...@poliman.pl <ser...@poliman.pl>*
