dovecot - Nov 2014 - failed login message

thanks for your reply

i intentionaly put the wrong password and checked the dovecot log and the
message i got was

# tail -f /var/log/dovecot.log | grep "xxx at yyy.com"
Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in 2
secs): user=<xxx at yyy.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1,
secured, session=<xObTWqYIwgB/AAAB>

but in the squirrelmail login page instead of the message "unknown user or
password incorrect" i get the message

ERROR: Connection dropped by IMAP server.
Query: LOGOUT


in my old server where it is working correctly dovecot logs shows the error

Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts):
user=<"xxx at yyy.com">, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured

and squirrelmail gives the error : "unknown user or password
incorrect" which is correct.

is there any other place i need to check or some other config file (either
squirrelmail or dovecot) that i need to modify

could you kindly guide me

rajesh

----- Original Message -----
From: Robert Schetterer [mailto:rs at sys4.de]
To: dovecot at dovecot.org
Sent: Sun, 23 Nov 2014 17:21:29 +0100
Subject: Re: failed login message

Am 23.11.2014 um 17:14 schrieb Rajesh M.:
> hi
> 
> i am using dovecot for pop3 and imap along with qmail toaster
> 
> i had recently changed over from a 32 bit system to a 64 bit system.
> 
> i use squirrelmail.
> 
> the issue i face is that when the user inserts an invalid password then the
message he gets is connection dropped by imap server  (instead of invalid userid
or password)
> 
> such a message confuses the user.
> 
> my earlier 32 bit version used to give the correct message
> 
> i am posting this issue here because i am not sure if this is squirrelmail
issue or a dovecot issue.
> 
> can somebody please let me know the reason for this ?
> 
> rajesh
> 
yes , you may ask some magic bubble, or post your configs and related logs


Best Regards
MfG Robert Schetterer

-- 
[*] sys4 AG

http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstra?e 15, 81669 M?nchen

Sitz der Gesellschaft: M?nchen, Amtsgericht M?nchen: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein

On 11/25/2014 04:49 AM, 24x7server at 24x7server.net
wrote:
> thanks for your reply
>
> i intentionaly put the wrong password and checked the dovecot log and the
message i got was
>
> # tail -f /var/log/dovecot.log | grep "xxx at yyy.com"
> Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in
2 secs): user=<xxx at yyy.com>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1,
> secured, session=<xObTWqYIwgB/AAAB>
>
> but in the squirrelmail login page instead of the message "unknown
user or password incorrect" i get the message
>
> ERROR: Connection dropped by IMAP server.
> Query: LOGOUT
>
>
> in my old server where it is working correctly dovecot logs shows the error
>
> Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts):
user=<"xxx at yyy.com">, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
>
> and squirrelmail gives the error : "unknown user or password
incorrect" which is correct.
>
> is there any other place i need to check or some other config file (either
squirrelmail or dovecot) that i need to modify
>
> could you kindly guide me
>
1. Please carefully read http://dovecot.org/mailinglists.html
2. Please carefully follow the instructions at 
http://dovecot.org/mailinglists.html. In your case, post full details 
for both servers.
3. Try to manually log in to both servers using e.g. telnet in order to 
see any differences in the way they respond.
Something like

$ telnet 192.168.9.11 143
Trying 192.168.9.11...
Connected to 192.168.9.11.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE STARTTLS LOGINDISABLED] Dovecot ready.
1 login gedalya 1234
* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but 
your client did it anyway. If anyone was listening, the password was 
exposed.
1 NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure 
(SSL/TLS) connections.
2 logout
* BYE Logging out
2 OK Logout completed.
Connection closed by foreign host.

(that's how it responds in my specific case as I disallow plaintext login)

Or if you need TLS (like me):

$ openssl s_client -starttls imap -quiet -connect 192.168.9.11:143
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate 
Signing, CN = StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
. OK Pre-login capabilities listed, post-login capabilities have more.
1 login gedalya 1234
1 NO [AUTHENTICATIONFAILED] Authentication failed.
2 logout
* BYE Logging out
2 OK Logout completed.