Re: Postfix / Dovecot Not able to authenticate

Mon, 05 Jul 2021 13:54:32 -0700 

On 2021-07-05 at 15:25:33 UTC-0400 (Mon, 05 Jul 2021 12:25:33 -0700)
 <techli...@phpcoderusa.com>
is rumored to have said:

[...]
After I configured Postfix and Dovecot I issued the commend : telnet keiththewebguy.com 25 on my web server. It returned: 

Trying 98.191.108.149...
Connected to keiththewebguy.com.
Escape character is '^]'.
220 soho.keiththewebguy.com ESMTP Postfix

I issued  :  ehlo soho.keiththewebguy.com

250-soho.keiththewebguy.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250-DSN
250 CHUNKING

I issued : quit

221 2.0.0 Bye
Connection closed by foreign host.

---

I assume this means things are configured correctly.
It means that Postfix is answering on port 25 and offering the listed SMTP extensions.
It DOES NOT mean that anything about TLS or SASL authentication is configured correctly, only that Postfix is configured to advertise support for the STARTTLS and AUTH commands. 


I am looking at both logs:

1)  /var/log/mail.err  which contains no content.

2)  /var/log/mail.log  which is verbose.

To  /etc/dovecot/dovecot.conf  I added the following for debugging:

auth_verbose = yes
auth_verbose_passwords = no


Oops. You almost never need that. It's risky.


auth_debug = yes
auth_debug_passwords = yes


Oops. You almost never need that. It's risky


mail_debug = yes
verbose_ssl = yes
You almost never need that. It's not risky, but it is needlessly noisy and you're not having problems with the encryption layer at this point. 



I am trying to connect using Thunderbird.

Config:
IMAP port 993 / SSL/TLS / Normal Password / username : ke...@keiththewebguy.com and password that is in /etc/dovecot/dovecot-users
SMTP port 25 / STARTTLS / Normal Password / username : ke...@keiththewebguy.com and password that is in /etc/dovecot/dovecot-users
Thunderbird tests these configurations and reports them as found on the server.
When I press the done button to create the email account I get a message "Unable to log into the server. Probably wrong configuration, username, or password.". 

The output when trying to create the Thunderbird account:

/var/log/mail.log

[...]
Jul 5 18:58:35 soho dovecot: auth: Debug: client passdb out: CONT#0111#011 Jul 5 18:58:35 soho dovecot: auth: Debug: client in: CONT#0111#011AGtlaXRoQGtlaXRodGhld2ViZ3V5LmNvbQBJY2VjcmVhbS1Db25lXjIx (previous base64 data may contain sensitive data)
And indeed it does. We all know that password now, if we want to, in a SASL 'PLAIN' method token. Change it anywhere that you are using it.
Jul 5 18:58:41 soho dovecot: auth: Debug: client passdb out: CONT#0112#011VXNlcm5hbWU6 Jul 5 18:58:41 soho dovecot: auth: Debug: client in: CONT#0112#011a2VpdGhAa2VpdGh0aGV3ZWJndXkuY29t (previous base64 data may contain sensitive data) Jul 5 18:58:41 soho dovecot: auth: Debug: client passdb out: CONT#0112#011UGFzc3dvcmQ6 Jul 5 18:58:41 soho dovecot: auth: Debug: client in: CONT#0112#011SWNlY3JlYW0tQ29uZV4yMQ== (previous base64 data may contain sensitive data)
Yup, there it is again. Same password, this time all by itself in a SASL 'LOGIN' exchange. 


I see the following lines:

passwd-file /etc/dovecot/dovecot-users: Read 1 users in 0 secs
passwd-file(ke...@keiththewebguy.com,98.191.108.149,<wVJ55GTGvspiv2yV>): Performing passdb lookup
passwd-file(ke...@keiththewebguy.com,98.191.108.149,<wVJ55GTGvspiv2yV>): lookup: user=ke...@keiththewebguy.com file=/etc/dovecot/dovecot-users
file(ke...@keiththewebguy.com,98.191.108.149,<wVJ55GTGvspiv2yV>): unknown user
passwd-file(ke...@keiththewebguy.com,98.191.108.149,<wVJ55GTGvspiv2yV>): Finished passdb lookup
auth(ke...@keiththewebguy.com,98.191.108.149,<wVJ55GTGvspiv2yV>): Auth request finished 

client passdb out: FAIL#0111#011user=ke...@keiththewebguy.com

---
It seems there is an issue with the user or the configuration of /etc/dovecot/dovecot-users. 

Any thoughts are most welcome!!  Thanks in advance!!
Beyond passing AUTH commands verbatim to Dovecot and checking the results, Postfix knows nothing about any authentication details. This is Dovecot not finding 'ke...@keiththewebguy.com' in the dovecot-users file. The Dovecot community is likely to be able to help you. 

And again: RETIRE THAT PASSWORD.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Reply via email to