Re: no such user but Thunderbird okeys it ?

Mon, 04 Sep 2023 00:25:54 -0700 

On 04/09/2023 08:54, Aki Tuomi via dovecot wrote:

On 04/09/2023 09:47 EEST lejeczek via dovecot <dovecot@dovecot.org> wrote:


  
Hi guys.

I'm having quite bizarre situation where Dovecot logs:
...
pam_unix(dovecot:auth): check pass; user unknown
pam_unix(dovecot:auth): authentication failure; logname=
uid=0 euid=0 tty=dovecot ruser=dupa rhost=AA.BB.CC.DD
imap-login: Login: user=<dupa>, method=PLAIN,
rip=AA.BB.CC.DD, lip=AA.BB.CC.DD, mpid=1756629, TLS,
session=<uV7OwIIEWsJdviSg>:
...

but Thunderbird allows, is okey with such user & creates an
account for it.
I must be having my setup miss-configured - I'm hoping it's
something obvious somebody could point me towards.

many thanks, L.

Enable auth_debug=yes and check logs again.

Aki
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org

Just to clarify - the user who does not exist should be 
denied, is what I want - as general idea is: deny 
non-existent users.
I wonder if this below is the culprit (I copy lots of 
configs from my very old Dovecot which laid dormant long 
time, I confess)

...
passdb {
  driver = static
  args = password=myPass
}
userdb {
  driver = static
  args = uid=vmail gid=vmail home=/home/vmail/%d/%n
}


Logs with debug:
...

auth: Debug: Loading modules from directory: 
/usr/lib64/dovecot/auth
auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
auth: Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.so
auth: Debug: Read auth token secret from 
/run/dovecot/auth-token-secret.dat

auth: Debug: auth client connected (pid=1997362)

auth: Debug: client in: AUTH  1 PLAIN service=imap  
secured=tls session=rcUXJIMELrFdviSg  lip=AA.BB.CC.DD 
rip=AA.BB.CC.DD lport=143 rport=45358 local_name=mail.lemko.xyz

auth: Debug: client passdb out: CONT  1
auth: Debug: client in: CONT<hidden>

auth: Debug: pam(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Performing passdb lookup
auth-worker(1997367): Debug: Loading modules from directory: 
/usr/lib64/dovecot/auth
auth-worker(1997367): Debug: Module loaded: 
/usr/lib64/dovecot/auth/lib20_auth_var_expand_crypt.so
auth-worker(1997367): Debug: Module loaded: 
/usr/lib64/dovecot/auth/libdriver_sqlite.so
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): Server accepted connection (fd=13)
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): Sending version handshake
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<1>: Handling PASSV request
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<1>: 
pam(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): Performing passdb 
lookup
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<1>: 
pam(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): lookup service=dovecot
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<1>: 
pam(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): #1/1 style=1 
msg=Password:

pam_unix(dovecot:auth): check pass; user unknown

pam_unix(dovecot:auth): authentication failure; logname= 
uid=0 euid=0 tty=dovecot ruser=dupa rhost=AA.BB.CC.DD
auth-worker(1997367): conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<1>: 
pam(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): pam_authenticate() 
failed: Authentication failure (Password mismatch?)
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<1>: 
pam(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): Finished passdb lookup
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<1>: Finished: 
password_mismatch
auth: Debug: pam(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Finished passdb lookup
auth: Debug: static(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Performing passdb lookup

auth: Debug: static(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): lookup

auth: Debug: static(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Finished passdb lookup
auth: Debug: auth(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): Auth 
request finished

auth: Debug: client passdb out: OK  1 user=dupa

auth: Debug: master in: REQUEST 1194328065  1997362 1 
b0439c930d76eeaced56a333d60e4964  session_pid=1997688 
request_auth_token
auth: Debug: passwd(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Performing userdb lookup
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<2>: Handling USER request
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<2>: 
passwd(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): Performing 
userdb lookup
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<2>: 
passwd(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): lookup
auth-worker(1997367): conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<2>: 
passwd(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): unknown user
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<2>: 
passwd(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): Finished userdb 
lookup
auth-worker(1997367): Debug: conn unix:auth-worker 
(pid=1997363,uid=97): auth-worker<2>: Finished: user_unknown
auth: Debug: passwd(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Finished userdb lookup
auth: Debug: static(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Performing userdb lookup
auth: Debug: static(dupa,AA.BB.CC.DD,<rcUXJIMELrFdviSg>): 
Finished userdb lookup
auth: Debug: master userdb out: USER  1194328065  dupa  
uid=2000 gid=2000  home=/home/vmail//dupa  auth_mech=PLAIN 
auth_token=3742534e57e271d27bd1306379906403a40205bf
imap-login: Login: user=<dupa>, method=PLAIN, 
rip=AA.BB.CC.DD, lip=AA.BB.CC.DD, mpid=1997688, TLS, 
session=<rcUXJIMELrFdviSg>

auth: Debug: auth client connected (pid=1998311)

auth: Debug: client in: AUTH  1 PLAIN service=imap  
secured=tls session=aMWCJIME8uNdviSg  lip=AA.BB.CC.DD 
rip=AA.BB.CC.DD lport=143 rport=58354 local_name=mail.lemko.xyz

auth: Debug: client passdb out: CONT  1
auth: Debug: client in: CONT<hidden>

_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org






















					Reply via email to