dovecot - Feb 2017 - Dovecot auth-worker error after cram-md5 auth

When I used backup copy of the dovecot.conf file I have this same error. So
I think that maybe something was written to database? I really would point
out that I only added
passdb {
  driver = passwd-file
  args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}

and comment out from above block default lines
  #args = /etc/dovecot/dovecot-sql.conf
  #driver = sql

And in auth_mechanisms add line cram-md5. Nothing more in any other file.

I don't want to use cram-md5. I need move back to default settings.
Cram-md5 was only for testing purposes. :) But I supposed that I can move
back to default by commenting out added lines. But unfortunately it isn't
that simple.

2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> Are you still trying to authenticate using cram-md5?
>
> Aki
>
>
> On 01.02.2017 09:51, Poliman - Serwis wrote:
> > It still use:
> > passdb {
> >   driver = passwd-file
> >   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > When I delete above and delete "cram-md5" in auth_mechanisms
it still not
> > working.
> >
> > 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >> You are probably wanting to do
> >> passdb {
> >>   driver = passwd-file
> >>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >> }
> >>
> >> passdb {
> >>   driver = sql
> >>   args = /etc/dovecot/dovecot-sql.conf
> >> }
> >>
> >> Why you want to use cram-md5 is beyond me, because using SSL is
much
> >> more safer.
> >>
> >> Aki
> >>
> >> On 01.02.2017 09:41, Poliman - Serwis wrote:
> >>> Default it was: "auth_mechanisms = plain login"  and
I added cram-md5.
> >>> After restart all work perfectly. But after I added:
> >>>    driver = passwd-file
> >>>    args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> I can't set default lines because I got error. Please tell
me which
> lines
> >>> should be changed to resolve this issue. Should I remove
"login" from
> >>> auth_mechanism ("login" was default setting and I
would like to move
> back
> >>> to default settings)?
> >>>
> >>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>
> >>>> Because cram-md5 needs the user's password for
calculating responses,
> it
> >>>> cannot work with hashed passwords (one-way encrypted). The
only
> >>>> supported password schemes are PLAIN and CRAM-MD5.
> >>>>
> >>>> Aki
> >>>>
> >>>> On 01.02.2017 09:33, Poliman - Serwis wrote:
> >>>>> I always restart dovecot after change config. ;) Sure,
I commented
> out
> >>>>> added two lines by me, restarted dovecot and here it
is:
> >>>>>
> >>>>> # 2.2.9: /etc/dovecot/dovecot.conf
> >>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5
LTS
> >>>>> auth_mechanisms = plain login cram-md5
> >>>>> listen = *,[::]
> >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>> mail_max_userip_connections = 100
> >>>>> mail_plugins = " quota"
> >>>>> mail_privileged_group = vmail
> >>>>> passdb {
> >>>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>>>   driver = sql
> >>>>> }
> >>>>> plugin {
> >>>>>   quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> >>>>>   sieve = /var/vmail/%d/%n/.sieve
> >>>>>   sieve_max_redirects = 25
> >>>>> }
> >>>>> postmaster_address = postmaster at example.com
> >>>>> protocols = imap pop3
> >>>>> service auth {
> >>>>>   unix_listener /var/spool/postfix/private/auth {
> >>>>>     group = postfix
> >>>>>     mode = 0660
> >>>>>     user = postfix
> >>>>>   }
> >>>>>   unix_listener auth-userdb {
> >>>>>     group = vmail
> >>>>>     mode = 0600
> >>>>>     user = vmail
> >>>>>   }
> >>>>>   user = root
> >>>>> }
> >>>>> service imap-login {
> >>>>>   client_limit = 1000
> >>>>>   process_limit = 512
> >>>>> }
> >>>>> service lmtp {
> >>>>>   unix_listener
/var/spool/postfix/private/dovecot-lmtp {
> >>>>>     group = postfix
> >>>>>     mode = 0600
> >>>>>     user = postfix
> >>>>>   }
> >>>>> }
> >>>>> ssl = required
> >>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>> ssl_cipher_list > >>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> >>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> >>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> >>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> >>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> >>>>
AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> >>>>
RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> >>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> >>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> >>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> >>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> >>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> >>>>> ssl_dh_parameters_length = 2048
> >>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>> ssl_prefer_server_ciphers = yes
> >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>> userdb {
> >>>>>   driver = prefetch
> >>>>> }
> >>>>> userdb {
> >>>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>>>   driver = sql
> >>>>> }
> >>>>> protocol imap {
> >>>>>   mail_plugins = quota imap_quota
> >>>>> }
> >>>>> protocol pop3 {
> >>>>>   mail_plugins = quota
> >>>>>   pop3_uidl_format = %08Xu%08Xv
> >>>>> }
> >>>>> protocol lda {
> >>>>>   mail_plugins = sieve quota
> >>>>>   postmaster_address = webmaster at localhost
> >>>>> }
> >>>>> protocol lmtp {
> >>>>>   mail_plugins = quota sieve
> >>>>>   postmaster_address = webmaster at localhost
> >>>>> }
> >>>>>
> >>>>>
> >>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>>>
> >>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote:
> >>>>>>> This is debug log files in syslog:
> >>>>>>> Feb  1 07:10:25 vps342401 dovecot: auth:
Debug: client passdb out:
> >>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
> >> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >>>>>> m5ldD4> >>>>>>> Feb  1
07:10:26 vps342401 dovecot: auth: Debug: client in:
> >> CONT<hidden>
> >>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): Debug: sql(
> >>>>>>> do_not_reply at example.com,12.173.211.32):
query: SELECT email as
> >> user,
> >>>>>>> password, maildir as userdb_home, CONCAT(
maildir_format, ':',
> >> maildir,
> >>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>> userdb_mail,
> >>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> >> 'B')
> >>>> AS
> >>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve FROM
> >>>>>>> mail_user WHERE (login = 'do_not_reply at
example.com' OR email = '
> >>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND server_id > >> '1'
> >>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): password(
> >>>>>>> do_not_reply at example.com, 12.173.211.32):
Requested CRAM-MD5
> scheme,
> >>>>>> but we
> >>>>>>> have only CRYPT
> >>>>>>> Feb  1 07:10:28 vps342401 dovecot: auth:
Debug: client passdb out:
> >>>>>>> FAIL#0112#011user=do_not_reply at example.com
> >>>>>>> Feb  1 07:10:28 vps342401
postfix/smtps/smtpd[27067]: warning:
> >>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL
CRAM-MD5
> >> authentication
> >>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT
> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> >>>> dD4> >>>>>>> Feb  1 07:11:02
vps342401 CRON[27074]: (root) CMD
> >>>>>>> (/usr/local/ispconfig/server/server.sh
2>&1 | while read line; do
> >> echo
> >>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>>>> Feb  1 07:11:02 vps342401 CRON[27075]: (root)
CMD
> >>>>>>> (/usr/local/ispconfig/server/cron.sh
2>&1 | while read line; do
> echo
> >>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>>>> Feb  1 07:11:11 vps342401 dovecot: auth:
Debug: client in:
> >>>>>>>
AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>>>>>> Feb  1 07:11:11 vps342401 dovecot: auth:
Debug: client passdb out:
> >>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
> >> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >>>>>> m5ldD4> >>>>>>> Feb  1
07:11:11 vps342401 dovecot: auth: Debug: client in:
> >> CONT<hidden>
> >>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): Debug: sql(
> >>>>>>> do_not_reply at example.com,12.173.211.32):
query: SELECT email as
> >> user,
> >>>>>>> password, maildir as userdb_home, CONCAT(
maildir_format, ':',
> >> maildir,
> >>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>> userdb_mail,
> >>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> >> 'B')
> >>>> AS
> >>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve FROM
> >>>>>>> mail_user WHERE (login = 'do_not_reply at
example.com' OR email = '
> >>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND server_id > >> '1'
> >>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): password(
> >>>>>>> do_not_reply at example.com,12.173.211.32):
Requested CRAM-MD5
> scheme,
> >>>> but
> >>>>>> we
> >>>>>>> have only CRYPT
> >>>>>>> Feb  1 07:11:13 vps342401 dovecot: auth:
Debug: client passdb out:
> >>>>>>> FAIL#0113#011user=do_not_reply at example.com
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> #####################
> >>>>>>> I added in dovecot.conf lines in passdb block:
> >>>>>>>    driver = passwd-file
> >>>>>>>    args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>> and commented out default lines
> >>>>>>>   #args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>   #driver = sql
> >>>>>>> When I try set again default lines I got above
error
> >>>>>> Can you run doveconf -n with the configuration
that causes the above
> >>>>>> error? Also it clearly does SQL lookup, so that
error is happening
> >> with
> >>>>>> SQL passdb. You need to remember to restart
dovecot between
> >>>>>> configuration changes.
> >>>>>>
> >>>>>> Aki
> >>>>>>
> >>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
> >>>>>>>
> >>>>>>>> On 31.01.2017 09:06, Poliman - Serwis
wrote:
> >>>>>>>>> I set up cram-md5 using this tutorial
> >>>>>>>>>
https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> >>>> /etc/dovecot/dovecot.conf
> >>>>>> in
> >>>>>>>>> passdb code block:
> >>>>>>>>> listen = *,[::]
> >>>>>>>>> protocols = imap pop3
> >>>>>>>>> #auth_mechanisms = plain login
cram-md5
> >>>>>>>>> auth_mechanisms = cram-md5 plain login
> >>>>>>>>> #dodana nizej linia
> >>>>>>>>> ssl = required
> >>>>>>>>> disable_plaintext_auth = yes
> >>>>>>>>> log_timestamp = "%Y-%m-%d
%H:%M:%S "
> >>>>>>>>> mail_privileged_group = vmail
> >>>>>>>>> postmaster_address = postmaster at
vps342401.ovh.net
> >>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1
!TLSv1.1
> >>>>>>>>> ssl_cipher_list >
>>>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image:
:D]HE-DSS-AES$
> >>>>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> mail_max_userip_connections = 100
> >>>>>>>>> passdb {
> >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>> # driver = sql
> >>>>>>>>> driver = passwd-file
> >>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>> }
> >>>>>>>>> userdb {
> >>>>>>>>> driver = prefetch
> >>>>>>>>> }
> >>>>>>>>> userdb {
> >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>> driver = sql
> >>>>>>>>> }
> >>>>>>>>> Of course I created cram-md5.pwd file.
All mails go out and come
> >>>>>> nicely.
> >>>>>>>>> But after I want to do default
settings by commented out these
> two
> >>>>>> lines:
> >>>>>>>>> driver = passwd-file
> >>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>> and uncomment
> >>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>> # driver = sql
> >>>>>>>>> I can't send emails - I use
Thunderbird - get error "logging on
> >>>> server
> >>>>>>>>> mail.example.com not work out".
Error in logs:
> >>>>>>>>> dovecot: auth-worker(22698): Error:
Auth worker sees different
> >>>>>>>>> passdbs/userdbs than auth server.
> >>>>>>>>> dovecot: auth: Error:
read(anvil-auth-penalty) failed: EOF
> >>>>>>>>>
> >>>>>>>>> Is it possible that hashed password
from cram-md5.pwd file was
> >>>> written
> >>>>>> to
> >>>>>>>>> database (if yes then where - I have
ISPconfig)? I wasn't change
> >> any
> >>>>>>>> userdb
> >>>>>>>>> {} block and this second userdb block
has this same lines like
> >>>> default
> >>>>>>>>> settings in passdb block.
> >>>>>>>>>
> >>>>>>>> Try
> >>>>>>>>
> >>>>>>>> auth_debug=yes
> >>>>>>>> auth_verbose=yes
> >>>>>>>>
> >>>>>>>> and see if it gives any more reasonable
messages.
> >>>>>>>>
> >>>>>>>> Aki
> >>>>>>>>
> >>>
> >
> >
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*serwis at poliman.pl <serwis at poliman.pl>*

Can you check your logs?

Aki


On 01.02.2017 10:02, Poliman - Serwis wrote:
> When I used backup copy of the dovecot.conf file I have this same error. So
> I think that maybe something was written to database? I really would point
> out that I only added
> passdb {
>   driver = passwd-file
>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> and comment out from above block default lines
>   #args = /etc/dovecot/dovecot-sql.conf
>   #driver = sql
>
> And in auth_mechanisms add line cram-md5. Nothing more in any other file.
>
> I don't want to use cram-md5. I need move back to default settings.
> Cram-md5 was only for testing purposes. :) But I supposed that I can move
> back to default by commenting out added lines. But unfortunately it
isn't
> that simple.
>
> 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>> Are you still trying to authenticate using cram-md5?
>>
>> Aki
>>
>>
>> On 01.02.2017 09:51, Poliman - Serwis wrote:
>>> It still use:
>>> passdb {
>>>   driver = passwd-file
>>>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>> }
>>>
>>> When I delete above and delete "cram-md5" in
auth_mechanisms it still not
>>> working.
>>>
>>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
>>>
>>>> You are probably wanting to do
>>>> passdb {
>>>>   driver = passwd-file
>>>>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>> }
>>>>
>>>> passdb {
>>>>   driver = sql
>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>> }
>>>>
>>>> Why you want to use cram-md5 is beyond me, because using SSL is
much
>>>> more safer.
>>>>
>>>> Aki
>>>>
>>>> On 01.02.2017 09:41, Poliman - Serwis wrote:
>>>>> Default it was: "auth_mechanisms = plain login" 
and I added cram-md5.
>>>>> After restart all work perfectly. But after I added:
>>>>>    driver = passwd-file
>>>>>    args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>> I can't set default lines because I got error. Please
tell me which
>> lines
>>>>> should be changed to resolve this issue. Should I remove
"login" from
>>>>> auth_mechanism ("login" was default setting and I
would like to move
>> back
>>>>> to default settings)?
>>>>>
>>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
>>>>>
>>>>>> Because cram-md5 needs the user's password for
calculating responses,
>> it
>>>>>> cannot work with hashed passwords (one-way encrypted).
The only
>>>>>> supported password schemes are PLAIN and CRAM-MD5.
>>>>>>
>>>>>> Aki
>>>>>>
>>>>>> On 01.02.2017 09:33, Poliman - Serwis wrote:
>>>>>>> I always restart dovecot after change config. ;)
Sure, I commented
>> out
>>>>>>> added two lines by me, restarted dovecot and here
it is:
>>>>>>>
>>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf
>>>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu
14.04.5 LTS
>>>>>>> auth_mechanisms = plain login cram-md5
>>>>>>> listen = *,[::]
>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>>>>>>> mail_max_userip_connections = 100
>>>>>>> mail_plugins = " quota"
>>>>>>> mail_privileged_group = vmail
>>>>>>> passdb {
>>>>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>>>>>   driver = sql
>>>>>>> }
>>>>>>> plugin {
>>>>>>>   quota =
dict:user::file:/var/vmail/%d/%n/.quotausage
>>>>>>>   sieve = /var/vmail/%d/%n/.sieve
>>>>>>>   sieve_max_redirects = 25
>>>>>>> }
>>>>>>> postmaster_address = postmaster at example.com
>>>>>>> protocols = imap pop3
>>>>>>> service auth {
>>>>>>>   unix_listener /var/spool/postfix/private/auth {
>>>>>>>     group = postfix
>>>>>>>     mode = 0660
>>>>>>>     user = postfix
>>>>>>>   }
>>>>>>>   unix_listener auth-userdb {
>>>>>>>     group = vmail
>>>>>>>     mode = 0600
>>>>>>>     user = vmail
>>>>>>>   }
>>>>>>>   user = root
>>>>>>> }
>>>>>>> service imap-login {
>>>>>>>   client_limit = 1000
>>>>>>>   process_limit = 512
>>>>>>> }
>>>>>>> service lmtp {
>>>>>>>   unix_listener
/var/spool/postfix/private/dovecot-lmtp {
>>>>>>>     group = postfix
>>>>>>>     mode = 0600
>>>>>>>     user = postfix
>>>>>>>   }
>>>>>>> }
>>>>>>> ssl = required
>>>>>>> ssl_cert = </etc/postfix/smtpd.cert
>>>>>>> ssl_cipher_list >>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
>>>>>>
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
>>>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
>>>>>>
SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
>>>>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
>>>>>>
AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
>>>>>>
RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
>>>>>>
DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
>>>>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
>>>>>>
SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
>>>>>>
EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
>>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
>>>>>>> ssl_dh_parameters_length = 2048
>>>>>>> ssl_key = </etc/postfix/smtpd.key
>>>>>>> ssl_prefer_server_ciphers = yes
>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
>>>>>>> userdb {
>>>>>>>   driver = prefetch
>>>>>>> }
>>>>>>> userdb {
>>>>>>>   args = /etc/dovecot/dovecot-sql.conf
>>>>>>>   driver = sql
>>>>>>> }
>>>>>>> protocol imap {
>>>>>>>   mail_plugins = quota imap_quota
>>>>>>> }
>>>>>>> protocol pop3 {
>>>>>>>   mail_plugins = quota
>>>>>>>   pop3_uidl_format = %08Xu%08Xv
>>>>>>> }
>>>>>>> protocol lda {
>>>>>>>   mail_plugins = sieve quota
>>>>>>>   postmaster_address = webmaster at localhost
>>>>>>> }
>>>>>>> protocol lmtp {
>>>>>>>   mail_plugins = quota sieve
>>>>>>>   postmaster_address = webmaster at localhost
>>>>>>> }
>>>>>>>
>>>>>>>
>>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi
at dovecot.fi>:
>>>>>>>
>>>>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote:
>>>>>>>>> This is debug log files in syslog:
>>>>>>>>> Feb  1 07:10:25 vps342401 dovecot: auth:
Debug: client passdb out:
>>>>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
>>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
>>>>>>>> m5ldD4>>>>>>>>> Feb 
1 07:10:26 vps342401 dovecot: auth: Debug: client in:
>>>> CONT<hidden>
>>>>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): Debug: sql(
>>>>>>>>> do_not_reply at example.com,12.173.211.32):
query: SELECT email as
>>>> user,
>>>>>>>>> password, maildir as userdb_home, CONCAT(
maildir_format, ':',
>>>> maildir,
>>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
>>>>>>>> userdb_mail,
>>>>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
>>>> 'B')
>>>>>> AS
>>>>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve FROM
>>>>>>>>> mail_user WHERE (login = 'do_not_reply
at example.com' OR email = '
>>>>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND server_id >>>> '1'
>>>>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): password(
>>>>>>>>> do_not_reply at example.com,
12.173.211.32): Requested CRAM-MD5
>> scheme,
>>>>>>>> but we
>>>>>>>>> have only CRYPT
>>>>>>>>> Feb  1 07:10:28 vps342401 dovecot: auth:
Debug: client passdb out:
>>>>>>>>> FAIL#0112#011user=do_not_reply at
example.com
>>>>>>>>> Feb  1 07:10:28 vps342401
postfix/smtps/smtpd[27067]: warning:
>>>>>>>>> host23131.internet.3s.com[12.173.211.32]:
SASL CRAM-MD5
>>>> authentication
>>>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT
>> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
>>>>>> dD4>>>>>>>>> Feb  1 07:11:02
vps342401 CRON[27074]: (root) CMD
>>>>>>>>> (/usr/local/ispconfig/server/server.sh
2>&1 | while read line; do
>>>> echo
>>>>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
>>>>>>>>> Feb  1 07:11:02 vps342401 CRON[27075]:
(root) CMD
>>>>>>>>> (/usr/local/ispconfig/server/cron.sh
2>&1 | while read line; do
>> echo
>>>>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
>>>>>>>>> Feb  1 07:11:11 vps342401 dovecot: auth:
Debug: client in:
>>>>>>>>>
AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
>>>>>>>>
011lip=173.72.31.7#011rip=12.173.211.32#011secured
>>>>>>>>> Feb  1 07:11:11 vps342401 dovecot: auth:
Debug: client passdb out:
>>>>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
>>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
>>>>>>>> m5ldD4>>>>>>>>> Feb 
1 07:11:11 vps342401 dovecot: auth: Debug: client in:
>>>> CONT<hidden>
>>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): Debug: sql(
>>>>>>>>> do_not_reply at example.com,12.173.211.32):
query: SELECT email as
>>>> user,
>>>>>>>>> password, maildir as userdb_home, CONCAT(
maildir_format, ':',
>>>> maildir,
>>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
>>>>>>>> userdb_mail,
>>>>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
>>>> 'B')
>>>>>> AS
>>>>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve FROM
>>>>>>>>> mail_user WHERE (login = 'do_not_reply
at example.com' OR email = '
>>>>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND server_id >>>> '1'
>>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): password(
>>>>>>>>> do_not_reply at example.com,12.173.211.32):
Requested CRAM-MD5
>> scheme,
>>>>>> but
>>>>>>>> we
>>>>>>>>> have only CRYPT
>>>>>>>>> Feb  1 07:11:13 vps342401 dovecot: auth:
Debug: client passdb out:
>>>>>>>>> FAIL#0113#011user=do_not_reply at
example.com
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> #####################
>>>>>>>>> I added in dovecot.conf lines in passdb
block:
>>>>>>>>>    driver = passwd-file
>>>>>>>>>    args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
>>>>>>>>> and commented out default lines
>>>>>>>>>   #args = /etc/dovecot/dovecot-sql.conf
>>>>>>>>>   #driver = sql
>>>>>>>>> When I try set again default lines I got
above error
>>>>>>>> Can you run doveconf -n with the configuration
that causes the above
>>>>>>>> error? Also it clearly does SQL lookup, so that
error is happening
>>>> with
>>>>>>>> SQL passdb. You need to remember to restart
dovecot between
>>>>>>>> configuration changes.
>>>>>>>>
>>>>>>>> Aki
>>>>>>>>
>>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
>>>>>>>>>
>>>>>>>>>> On 31.01.2017 09:06, Poliman - Serwis
wrote:
>>>>>>>>>>> I set up cram-md5 using this
tutorial
>>>>>>>>>>>
https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
>>>>>> /etc/dovecot/dovecot.conf
>>>>>>>> in
>>>>>>>>>>> passdb code block:
>>>>>>>>>>> listen = *,[::]
>>>>>>>>>>> protocols = imap pop3
>>>>>>>>>>> #auth_mechanisms = plain login
cram-md5
>>>>>>>>>>> auth_mechanisms = cram-md5 plain
login
>>>>>>>>>>> #dodana nizej linia
>>>>>>>>>>> ssl = required
>>>>>>>>>>> disable_plaintext_auth = yes
>>>>>>>>>>> log_timestamp = "%Y-%m-%d
%H:%M:%S "
>>>>>>>>>>> mail_privileged_group = vmail
>>>>>>>>>>> postmaster_address = postmaster at
vps342401.ovh.net
>>>>>>>>>>> ssl_cert =
</etc/postfix/smtpd.cert
>>>>>>>>>>> ssl_key =
</etc/postfix/smtpd.key
>>>>>>>>>>> ssl_protocols = !SSLv2 !SSLv3
!TLSv1 !TLSv1.1
>>>>>>>>>>> ssl_cipher_list
>>>>>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
>>>>>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
>>>>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image:
:D]HE-DSS-AES$
>>>>>>>>>>> ssl_prefer_server_ciphers = yes
>>>>>>>>>>> ssl_dh_parameters_length = 2048
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> mail_max_userip_connections = 100
>>>>>>>>>>> passdb {
>>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
>>>>>>>>>>> # driver = sql
>>>>>>>>>>> driver = passwd-file
>>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
>>>>>>>>>>> }
>>>>>>>>>>> userdb {
>>>>>>>>>>> driver = prefetch
>>>>>>>>>>> }
>>>>>>>>>>> userdb {
>>>>>>>>>>> args =
/etc/dovecot/dovecot-sql.conf
>>>>>>>>>>> driver = sql
>>>>>>>>>>> }
>>>>>>>>>>> Of course I created cram-md5.pwd
file. All mails go out and come
>>>>>>>> nicely.
>>>>>>>>>>> But after I want to do default
settings by commented out these
>> two
>>>>>>>> lines:
>>>>>>>>>>> driver = passwd-file
>>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
>>>>>>>>>>> and uncomment
>>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
>>>>>>>>>>> # driver = sql
>>>>>>>>>>> I can't send emails - I use
Thunderbird - get error "logging on
>>>>>> server
>>>>>>>>>>> mail.example.com not work
out". Error in logs:
>>>>>>>>>>> dovecot: auth-worker(22698): Error:
Auth worker sees different
>>>>>>>>>>> passdbs/userdbs than auth server.
>>>>>>>>>>> dovecot: auth: Error:
read(anvil-auth-penalty) failed: EOF
>>>>>>>>>>>
>>>>>>>>>>> Is it possible that hashed password
from cram-md5.pwd file was
>>>>>> written
>>>>>>>> to
>>>>>>>>>>> database (if yes then where - I
have ISPconfig)? I wasn't change
>>>> any
>>>>>>>>>> userdb
>>>>>>>>>>> {} block and this second userdb
block has this same lines like
>>>>>> default
>>>>>>>>>>> settings in passdb block.
>>>>>>>>>>>
>>>>>>>>>> Try
>>>>>>>>>>
>>>>>>>>>> auth_debug=yes
>>>>>>>>>> auth_verbose=yes
>>>>>>>>>>
>>>>>>>>>> and see if it gives any more reasonable
messages.
>>>>>>>>>>
>>>>>>>>>> Aki
>>>>>>>>>>
>>>
>
>

Logs from syslog or mail.err? And with these not working settings with
auth_debug and auth_verbose?

2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> Can you check your logs?
>
> Aki
>
>
> On 01.02.2017 10:02, Poliman - Serwis wrote:
> > When I used backup copy of the dovecot.conf file I have this same
error.
> So
> > I think that maybe something was written to database? I really would
> point
> > out that I only added
> > passdb {
> >   driver = passwd-file
> >   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > and comment out from above block default lines
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >
> > And in auth_mechanisms add line cram-md5. Nothing more in any other
file.
> >
> > I don't want to use cram-md5. I need move back to default
settings.
> > Cram-md5 was only for testing purposes. :) But I supposed that I can
move
> > back to default by commenting out added lines. But unfortunately it
isn't
> > that simple.
> >
> > 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >> Are you still trying to authenticate using cram-md5?
> >>
> >> Aki
> >>
> >>
> >> On 01.02.2017 09:51, Poliman - Serwis wrote:
> >>> It still use:
> >>> passdb {
> >>>   driver = passwd-file
> >>>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> When I delete above and delete "cram-md5" in
auth_mechanisms it still
> not
> >>> working.
> >>>
> >>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>
> >>>> You are probably wanting to do
> >>>> passdb {
> >>>>   driver = passwd-file
> >>>>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>> }
> >>>>
> >>>> passdb {
> >>>>   driver = sql
> >>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>> }
> >>>>
> >>>> Why you want to use cram-md5 is beyond me, because using
SSL is much
> >>>> more safer.
> >>>>
> >>>> Aki
> >>>>
> >>>> On 01.02.2017 09:41, Poliman - Serwis wrote:
> >>>>> Default it was: "auth_mechanisms = plain
login"  and I added
> cram-md5.
> >>>>> After restart all work perfectly. But after I added:
> >>>>>    driver = passwd-file
> >>>>>    args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> I can't set default lines because I got error.
Please tell me which
> >> lines
> >>>>> should be changed to resolve this issue. Should I
remove "login" from
> >>>>> auth_mechanism ("login" was default setting
and I would like to move
> >> back
> >>>>> to default settings)?
> >>>>>
> >>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>>>
> >>>>>> Because cram-md5 needs the user's password for
calculating
> responses,
> >> it
> >>>>>> cannot work with hashed passwords (one-way
encrypted). The only
> >>>>>> supported password schemes are PLAIN and CRAM-MD5.
> >>>>>>
> >>>>>> Aki
> >>>>>>
> >>>>>> On 01.02.2017 09:33, Poliman - Serwis wrote:
> >>>>>>> I always restart dovecot after change config.
;) Sure, I commented
> >> out
> >>>>>>> added two lines by me, restarted dovecot and
here it is:
> >>>>>>>
> >>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf
> >>>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu
14.04.5 LTS
> >>>>>>> auth_mechanisms = plain login cram-md5
> >>>>>>> listen = *,[::]
> >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>>>> mail_max_userip_connections = 100
> >>>>>>> mail_plugins = " quota"
> >>>>>>> mail_privileged_group = vmail
> >>>>>>> passdb {
> >>>>>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>   driver = sql
> >>>>>>> }
> >>>>>>> plugin {
> >>>>>>>   quota =
dict:user::file:/var/vmail/%d/%n/.quotausage
> >>>>>>>   sieve = /var/vmail/%d/%n/.sieve
> >>>>>>>   sieve_max_redirects = 25
> >>>>>>> }
> >>>>>>> postmaster_address = postmaster at example.com
> >>>>>>> protocols = imap pop3
> >>>>>>> service auth {
> >>>>>>>   unix_listener
/var/spool/postfix/private/auth {
> >>>>>>>     group = postfix
> >>>>>>>     mode = 0660
> >>>>>>>     user = postfix
> >>>>>>>   }
> >>>>>>>   unix_listener auth-userdb {
> >>>>>>>     group = vmail
> >>>>>>>     mode = 0600
> >>>>>>>     user = vmail
> >>>>>>>   }
> >>>>>>>   user = root
> >>>>>>> }
> >>>>>>> service imap-login {
> >>>>>>>   client_limit = 1000
> >>>>>>>   process_limit = 512
> >>>>>>> }
> >>>>>>> service lmtp {
> >>>>>>>   unix_listener
/var/spool/postfix/private/dovecot-lmtp {
> >>>>>>>     group = postfix
> >>>>>>>     mode = 0600
> >>>>>>>     user = postfix
> >>>>>>>   }
> >>>>>>> }
> >>>>>>> ssl = required
> >>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>> ssl_cipher_list >
>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> >>>>>>
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> >>>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> >>>>>>
SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> >>>>>>
RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> >>>>>>
AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> >>>>>>
RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> >>>>>>
DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> >>>>>>
AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> >>>>>>
SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> >>>>>>
EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> >>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> >>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>>>> userdb {
> >>>>>>>   driver = prefetch
> >>>>>>> }
> >>>>>>> userdb {
> >>>>>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>   driver = sql
> >>>>>>> }
> >>>>>>> protocol imap {
> >>>>>>>   mail_plugins = quota imap_quota
> >>>>>>> }
> >>>>>>> protocol pop3 {
> >>>>>>>   mail_plugins = quota
> >>>>>>>   pop3_uidl_format = %08Xu%08Xv
> >>>>>>> }
> >>>>>>> protocol lda {
> >>>>>>>   mail_plugins = sieve quota
> >>>>>>>   postmaster_address = webmaster at localhost
> >>>>>>> }
> >>>>>>> protocol lmtp {
> >>>>>>>   mail_plugins = quota sieve
> >>>>>>>   postmaster_address = webmaster at localhost
> >>>>>>> }
> >>>>>>>
> >>>>>>>
> >>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
> >>>>>>>
> >>>>>>>> On 01.02.2017 08:18, Poliman - Serwis
wrote:
> >>>>>>>>> This is debug log files in syslog:
> >>>>>>>>> Feb  1 07:10:25 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>>
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
> >>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >>>>>>>> m5ldD4>
>>>>>>>>> Feb  1 07:10:26 vps342401 dovecot: auth:
Debug: client in:
> >>>> CONT<hidden>
> >>>>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): Debug:
> sql(
> >>>>>>>>> do_not_reply at
example.com,12.173.211.32): query: SELECT email as
> >>>> user,
> >>>>>>>>> password, maildir as userdb_home,
CONCAT( maildir_format, ':',
> >>>> maildir,
> >>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>> userdb_mail,
> >>>>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> >>>> 'B')
> >>>>>> AS
> >>>>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve
> FROM
> >>>>>>>>> mail_user WHERE (login =
'do_not_reply at example.com' OR email = '
> >>>>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND
> server_id > >>>> '1'
> >>>>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): password(
> >>>>>>>>> do_not_reply at example.com,
12.173.211.32): Requested CRAM-MD5
> >> scheme,
> >>>>>>>> but we
> >>>>>>>>> have only CRYPT
> >>>>>>>>> Feb  1 07:10:28 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>> FAIL#0112#011user=do_not_reply at
example.com
> >>>>>>>>> Feb  1 07:10:28 vps342401
postfix/smtps/smtpd[27067]: warning:
> >>>>>>>>>
host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
> >>>> authentication
> >>>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT
> >> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> >>>>>> dD4> >>>>>>>>> Feb 
1 07:11:02 vps342401 CRON[27074]: (root) CMD
> >>>>>>>>> (/usr/local/ispconfig/server/server.sh
2>&1 | while read line;
> do
> >>>> echo
> >>>>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>>>>>> Feb  1 07:11:02 vps342401 CRON[27075]:
(root) CMD
> >>>>>>>>> (/usr/local/ispconfig/server/cron.sh
2>&1 | while read line; do
> >> echo
> >>>>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth: Debug: client in:
> >>>>>>>>>
AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >>>>>>>>
011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>>
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
> >>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >>>>>>>> m5ldD4>
>>>>>>>>> Feb  1 07:11:11 vps342401 dovecot: auth:
Debug: client in:
> >>>> CONT<hidden>
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): Debug:
> sql(
> >>>>>>>>> do_not_reply at
example.com,12.173.211.32): query: SELECT email as
> >>>> user,
> >>>>>>>>> password, maildir as userdb_home,
CONCAT( maildir_format, ':',
> >>>> maildir,
> >>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>> userdb_mail,
> >>>>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> >>>> 'B')
> >>>>>> AS
> >>>>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve
> FROM
> >>>>>>>>> mail_user WHERE (login =
'do_not_reply at example.com' OR email = '
> >>>>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND
> server_id > >>>> '1'
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): password(
> >>>>>>>>> do_not_reply at
example.com,12.173.211.32): Requested CRAM-MD5
> >> scheme,
> >>>>>> but
> >>>>>>>> we
> >>>>>>>>> have only CRYPT
> >>>>>>>>> Feb  1 07:11:13 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>> FAIL#0113#011user=do_not_reply at
example.com
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> #####################
> >>>>>>>>> I added in dovecot.conf lines in
passdb block:
> >>>>>>>>>    driver = passwd-file
> >>>>>>>>>    args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>> and commented out default lines
> >>>>>>>>>   #args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>   #driver = sql
> >>>>>>>>> When I try set again default lines I
got above error
> >>>>>>>> Can you run doveconf -n with the
configuration that causes the
> above
> >>>>>>>> error? Also it clearly does SQL lookup, so
that error is happening
> >>>> with
> >>>>>>>> SQL passdb. You need to remember to
restart dovecot between
> >>>>>>>> configuration changes.
> >>>>>>>>
> >>>>>>>> Aki
> >>>>>>>>
> >>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
> >>>>>>>>>
> >>>>>>>>>> On 31.01.2017 09:06, Poliman -
Serwis wrote:
> >>>>>>>>>>> I set up cram-md5 using this
tutorial
> >>>>>>>>>>>
https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> >>>>>> /etc/dovecot/dovecot.conf
> >>>>>>>> in
> >>>>>>>>>>> passdb code block:
> >>>>>>>>>>> listen = *,[::]
> >>>>>>>>>>> protocols = imap pop3
> >>>>>>>>>>> #auth_mechanisms = plain login
cram-md5
> >>>>>>>>>>> auth_mechanisms = cram-md5
plain login
> >>>>>>>>>>> #dodana nizej linia
> >>>>>>>>>>> ssl = required
> >>>>>>>>>>> disable_plaintext_auth = yes
> >>>>>>>>>>> log_timestamp = "%Y-%m-%d
%H:%M:%S "
> >>>>>>>>>>> mail_privileged_group = vmail
> >>>>>>>>>>> postmaster_address =
postmaster at vps342401.ovh.net
> >>>>>>>>>>> ssl_cert =
</etc/postfix/smtpd.cert
> >>>>>>>>>>> ssl_key =
</etc/postfix/smtpd.key
> >>>>>>>>>>> ssl_protocols = !SSLv2 !SSLv3
!TLSv1 !TLSv1.1
> >>>>>>>>>>> ssl_cipher_list >
>>>>>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[
> image:
> >>>>>>>>>>>
:D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>>>>>>>> ssl_prefer_server_ciphers =
yes
> >>>>>>>>>>> ssl_dh_parameters_length =
2048
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> mail_max_userip_connections =
100
> >>>>>>>>>>> passdb {
> >>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> # driver = sql
> >>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>>>> }
> >>>>>>>>>>> userdb {
> >>>>>>>>>>> driver = prefetch
> >>>>>>>>>>> }
> >>>>>>>>>>> userdb {
> >>>>>>>>>>> args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> driver = sql
> >>>>>>>>>>> }
> >>>>>>>>>>> Of course I created
cram-md5.pwd file. All mails go out and
> come
> >>>>>>>> nicely.
> >>>>>>>>>>> But after I want to do default
settings by commented out these
> >> two
> >>>>>>>> lines:
> >>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>>>> and uncomment
> >>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> # driver = sql
> >>>>>>>>>>> I can't send emails - I
use Thunderbird - get error "logging on
> >>>>>> server
> >>>>>>>>>>> mail.example.com not work
out". Error in logs:
> >>>>>>>>>>> dovecot: auth-worker(22698):
Error: Auth worker sees different
> >>>>>>>>>>> passdbs/userdbs than auth
server.
> >>>>>>>>>>> dovecot: auth: Error:
read(anvil-auth-penalty) failed: EOF
> >>>>>>>>>>>
> >>>>>>>>>>> Is it possible that hashed
password from cram-md5.pwd file was
> >>>>>> written
> >>>>>>>> to
> >>>>>>>>>>> database (if yes then where -
I have ISPconfig)? I wasn't
> change
> >>>> any
> >>>>>>>>>> userdb
> >>>>>>>>>>> {} block and this second
userdb block has this same lines like
> >>>>>> default
> >>>>>>>>>>> settings in passdb block.
> >>>>>>>>>>>
> >>>>>>>>>> Try
> >>>>>>>>>>
> >>>>>>>>>> auth_debug=yes
> >>>>>>>>>> auth_verbose=yes
> >>>>>>>>>>
> >>>>>>>>>> and see if it gives any more
reasonable messages.
> >>>>>>>>>>
> >>>>>>>>>> Aki
> >>>>>>>>>>
> >>>
> >
> >
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*serwis at poliman.pl <serwis at poliman.pl>*

I can check each logs, I have root privileges.

2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> Can you check your logs?
>
> Aki
>
>
> On 01.02.2017 10:02, Poliman - Serwis wrote:
> > When I used backup copy of the dovecot.conf file I have this same
error.
> So
> > I think that maybe something was written to database? I really would
> point
> > out that I only added
> > passdb {
> >   driver = passwd-file
> >   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> >
> > and comment out from above block default lines
> >   #args = /etc/dovecot/dovecot-sql.conf
> >   #driver = sql
> >
> > And in auth_mechanisms add line cram-md5. Nothing more in any other
file.
> >
> > I don't want to use cram-md5. I need move back to default
settings.
> > Cram-md5 was only for testing purposes. :) But I supposed that I can
move
> > back to default by commenting out added lines. But unfortunately it
isn't
> > that simple.
> >
> > 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >> Are you still trying to authenticate using cram-md5?
> >>
> >> Aki
> >>
> >>
> >> On 01.02.2017 09:51, Poliman - Serwis wrote:
> >>> It still use:
> >>> passdb {
> >>>   driver = passwd-file
> >>>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> When I delete above and delete "cram-md5" in
auth_mechanisms it still
> not
> >>> working.
> >>>
> >>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>
> >>>> You are probably wanting to do
> >>>> passdb {
> >>>>   driver = passwd-file
> >>>>   args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>> }
> >>>>
> >>>> passdb {
> >>>>   driver = sql
> >>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>> }
> >>>>
> >>>> Why you want to use cram-md5 is beyond me, because using
SSL is much
> >>>> more safer.
> >>>>
> >>>> Aki
> >>>>
> >>>> On 01.02.2017 09:41, Poliman - Serwis wrote:
> >>>>> Default it was: "auth_mechanisms = plain
login"  and I added
> cram-md5.
> >>>>> After restart all work perfectly. But after I added:
> >>>>>    driver = passwd-file
> >>>>>    args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> I can't set default lines because I got error.
Please tell me which
> >> lines
> >>>>> should be changed to resolve this issue. Should I
remove "login" from
> >>>>> auth_mechanism ("login" was default setting
and I would like to move
> >> back
> >>>>> to default settings)?
> >>>>>
> >>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>>>
> >>>>>> Because cram-md5 needs the user's password for
calculating
> responses,
> >> it
> >>>>>> cannot work with hashed passwords (one-way
encrypted). The only
> >>>>>> supported password schemes are PLAIN and CRAM-MD5.
> >>>>>>
> >>>>>> Aki
> >>>>>>
> >>>>>> On 01.02.2017 09:33, Poliman - Serwis wrote:
> >>>>>>> I always restart dovecot after change config.
;) Sure, I commented
> >> out
> >>>>>>> added two lines by me, restarted dovecot and
here it is:
> >>>>>>>
> >>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf
> >>>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu
14.04.5 LTS
> >>>>>>> auth_mechanisms = plain login cram-md5
> >>>>>>> listen = *,[::]
> >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>>>> mail_max_userip_connections = 100
> >>>>>>> mail_plugins = " quota"
> >>>>>>> mail_privileged_group = vmail
> >>>>>>> passdb {
> >>>>>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>   driver = sql
> >>>>>>> }
> >>>>>>> plugin {
> >>>>>>>   quota =
dict:user::file:/var/vmail/%d/%n/.quotausage
> >>>>>>>   sieve = /var/vmail/%d/%n/.sieve
> >>>>>>>   sieve_max_redirects = 25
> >>>>>>> }
> >>>>>>> postmaster_address = postmaster at example.com
> >>>>>>> protocols = imap pop3
> >>>>>>> service auth {
> >>>>>>>   unix_listener
/var/spool/postfix/private/auth {
> >>>>>>>     group = postfix
> >>>>>>>     mode = 0660
> >>>>>>>     user = postfix
> >>>>>>>   }
> >>>>>>>   unix_listener auth-userdb {
> >>>>>>>     group = vmail
> >>>>>>>     mode = 0600
> >>>>>>>     user = vmail
> >>>>>>>   }
> >>>>>>>   user = root
> >>>>>>> }
> >>>>>>> service imap-login {
> >>>>>>>   client_limit = 1000
> >>>>>>>   process_limit = 512
> >>>>>>> }
> >>>>>>> service lmtp {
> >>>>>>>   unix_listener
/var/spool/postfix/private/dovecot-lmtp {
> >>>>>>>     group = postfix
> >>>>>>>     mode = 0600
> >>>>>>>     user = postfix
> >>>>>>>   }
> >>>>>>> }
> >>>>>>> ssl = required
> >>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>> ssl_cipher_list >
>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> >>>>>>
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> >>>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> >>>>>>
SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> >>>>>>
RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> >>>>>>
AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> >>>>>>
RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> >>>>>>
DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> >>>>>>
AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> >>>>>>
SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> >>>>>>
EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> >>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> >>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>>>> userdb {
> >>>>>>>   driver = prefetch
> >>>>>>> }
> >>>>>>> userdb {
> >>>>>>>   args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>   driver = sql
> >>>>>>> }
> >>>>>>> protocol imap {
> >>>>>>>   mail_plugins = quota imap_quota
> >>>>>>> }
> >>>>>>> protocol pop3 {
> >>>>>>>   mail_plugins = quota
> >>>>>>>   pop3_uidl_format = %08Xu%08Xv
> >>>>>>> }
> >>>>>>> protocol lda {
> >>>>>>>   mail_plugins = sieve quota
> >>>>>>>   postmaster_address = webmaster at localhost
> >>>>>>> }
> >>>>>>> protocol lmtp {
> >>>>>>>   mail_plugins = quota sieve
> >>>>>>>   postmaster_address = webmaster at localhost
> >>>>>>> }
> >>>>>>>
> >>>>>>>
> >>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
> >>>>>>>
> >>>>>>>> On 01.02.2017 08:18, Poliman - Serwis
wrote:
> >>>>>>>>> This is debug log files in syslog:
> >>>>>>>>> Feb  1 07:10:25 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>>
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
> >>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >>>>>>>> m5ldD4>
>>>>>>>>> Feb  1 07:10:26 vps342401 dovecot: auth:
Debug: client in:
> >>>> CONT<hidden>
> >>>>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): Debug:
> sql(
> >>>>>>>>> do_not_reply at
example.com,12.173.211.32): query: SELECT email as
> >>>> user,
> >>>>>>>>> password, maildir as userdb_home,
CONCAT( maildir_format, ':',
> >>>> maildir,
> >>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>> userdb_mail,
> >>>>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> >>>> 'B')
> >>>>>> AS
> >>>>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve
> FROM
> >>>>>>>>> mail_user WHERE (login =
'do_not_reply at example.com' OR email = '
> >>>>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND
> server_id > >>>> '1'
> >>>>>>>>> Feb  1 07:10:26 vps342401 dovecot:
auth-worker(27069): password(
> >>>>>>>>> do_not_reply at example.com,
12.173.211.32): Requested CRAM-MD5
> >> scheme,
> >>>>>>>> but we
> >>>>>>>>> have only CRYPT
> >>>>>>>>> Feb  1 07:10:28 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>> FAIL#0112#011user=do_not_reply at
example.com
> >>>>>>>>> Feb  1 07:10:28 vps342401
postfix/smtps/smtpd[27067]: warning:
> >>>>>>>>>
host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
> >>>> authentication
> >>>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT
> >> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> >>>>>> dD4> >>>>>>>>> Feb 
1 07:11:02 vps342401 CRON[27074]: (root) CMD
> >>>>>>>>> (/usr/local/ispconfig/server/server.sh
2>&1 | while read line;
> do
> >>>> echo
> >>>>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>>>>>> Feb  1 07:11:02 vps342401 CRON[27075]:
(root) CMD
> >>>>>>>>> (/usr/local/ispconfig/server/cron.sh
2>&1 | while read line; do
> >> echo
> >>>>>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth: Debug: client in:
> >>>>>>>>>
AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >>>>>>>>
011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>>
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
> >>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >>>>>>>> m5ldD4>
>>>>>>>>> Feb  1 07:11:11 vps342401 dovecot: auth:
Debug: client in:
> >>>> CONT<hidden>
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): Debug:
> sql(
> >>>>>>>>> do_not_reply at
example.com,12.173.211.32): query: SELECT email as
> >>>> user,
> >>>>>>>>> password, maildir as userdb_home,
CONCAT( maildir_format, ':',
> >>>> maildir,
> >>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>> userdb_mail,
> >>>>>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> >>>> 'B')
> >>>>>> AS
> >>>>>>>>> userdb_quota_rule, CONCAT(maildir,
'/.sieve') as userdb_sieve
> FROM
> >>>>>>>>> mail_user WHERE (login =
'do_not_reply at example.com' OR email = '
> >>>>>>>>> do_not_reply at example.com') AND
`disablesmtp` = 'n' AND
> server_id > >>>> '1'
> >>>>>>>>> Feb  1 07:11:11 vps342401 dovecot:
auth-worker(27069): password(
> >>>>>>>>> do_not_reply at
example.com,12.173.211.32): Requested CRAM-MD5
> >> scheme,
> >>>>>> but
> >>>>>>>> we
> >>>>>>>>> have only CRYPT
> >>>>>>>>> Feb  1 07:11:13 vps342401 dovecot:
auth: Debug: client passdb
> out:
> >>>>>>>>> FAIL#0113#011user=do_not_reply at
example.com
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> #####################
> >>>>>>>>> I added in dovecot.conf lines in
passdb block:
> >>>>>>>>>    driver = passwd-file
> >>>>>>>>>    args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>> and commented out default lines
> >>>>>>>>>   #args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>   #driver = sql
> >>>>>>>>> When I try set again default lines I
got above error
> >>>>>>>> Can you run doveconf -n with the
configuration that causes the
> above
> >>>>>>>> error? Also it clearly does SQL lookup, so
that error is happening
> >>>> with
> >>>>>>>> SQL passdb. You need to remember to
restart dovecot between
> >>>>>>>> configuration changes.
> >>>>>>>>
> >>>>>>>> Aki
> >>>>>>>>
> >>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
> >>>>>>>>>
> >>>>>>>>>> On 31.01.2017 09:06, Poliman -
Serwis wrote:
> >>>>>>>>>>> I set up cram-md5 using this
tutorial
> >>>>>>>>>>>
https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> >>>>>> /etc/dovecot/dovecot.conf
> >>>>>>>> in
> >>>>>>>>>>> passdb code block:
> >>>>>>>>>>> listen = *,[::]
> >>>>>>>>>>> protocols = imap pop3
> >>>>>>>>>>> #auth_mechanisms = plain login
cram-md5
> >>>>>>>>>>> auth_mechanisms = cram-md5
plain login
> >>>>>>>>>>> #dodana nizej linia
> >>>>>>>>>>> ssl = required
> >>>>>>>>>>> disable_plaintext_auth = yes
> >>>>>>>>>>> log_timestamp = "%Y-%m-%d
%H:%M:%S "
> >>>>>>>>>>> mail_privileged_group = vmail
> >>>>>>>>>>> postmaster_address =
postmaster at vps342401.ovh.net
> >>>>>>>>>>> ssl_cert =
</etc/postfix/smtpd.cert
> >>>>>>>>>>> ssl_key =
</etc/postfix/smtpd.key
> >>>>>>>>>>> ssl_protocols = !SSLv2 !SSLv3
!TLSv1 !TLSv1.1
> >>>>>>>>>>> ssl_cipher_list >
>>>>>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[
> image:
> >>>>>>>>>>>
:D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>>>>>>>> ssl_prefer_server_ciphers =
yes
> >>>>>>>>>>> ssl_dh_parameters_length =
2048
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> mail_max_userip_connections =
100
> >>>>>>>>>>> passdb {
> >>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> # driver = sql
> >>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>>>> }
> >>>>>>>>>>> userdb {
> >>>>>>>>>>> driver = prefetch
> >>>>>>>>>>> }
> >>>>>>>>>>> userdb {
> >>>>>>>>>>> args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> driver = sql
> >>>>>>>>>>> }
> >>>>>>>>>>> Of course I created
cram-md5.pwd file. All mails go out and
> come
> >>>>>>>> nicely.
> >>>>>>>>>>> But after I want to do default
settings by commented out these
> >> two
> >>>>>>>> lines:
> >>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>>>> and uncomment
> >>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> # driver = sql
> >>>>>>>>>>> I can't send emails - I
use Thunderbird - get error "logging on
> >>>>>> server
> >>>>>>>>>>> mail.example.com not work
out". Error in logs:
> >>>>>>>>>>> dovecot: auth-worker(22698):
Error: Auth worker sees different
> >>>>>>>>>>> passdbs/userdbs than auth
server.
> >>>>>>>>>>> dovecot: auth: Error:
read(anvil-auth-penalty) failed: EOF
> >>>>>>>>>>>
> >>>>>>>>>>> Is it possible that hashed
password from cram-md5.pwd file was
> >>>>>> written
> >>>>>>>> to
> >>>>>>>>>>> database (if yes then where -
I have ISPconfig)? I wasn't
> change
> >>>> any
> >>>>>>>>>> userdb
> >>>>>>>>>>> {} block and this second
userdb block has this same lines like
> >>>>>> default
> >>>>>>>>>>> settings in passdb block.
> >>>>>>>>>>>
> >>>>>>>>>> Try
> >>>>>>>>>>
> >>>>>>>>>> auth_debug=yes
> >>>>>>>>>> auth_verbose=yes
> >>>>>>>>>>
> >>>>>>>>>> and see if it gives any more
reasonable messages.
> >>>>>>>>>>
> >>>>>>>>>> Aki
> >>>>>>>>>>
> >>>
> >
> >
>


-- 

*Pozdrawiam / Best Regards*
*Piotr Bracha*




*tel. 534 555 877*

*serwis at poliman.pl <serwis at poliman.pl>*