Hi,
when I updated Dovecot from 1.1.8 to 1.1.10, it changed the username from
account at domain.tld to account at account@domain.tld thus not authenticating.
From logs:
####
(Before update)
Feb 1 09:45:51 count-bubba dovecot: auth(default): client in: AUTH 1 PLAIN
service=imap secured lip=78.47.39.122 rip=85.177.168.174 lport=143
rport=38118 resp=<hidden>
Feb 1 09:45:51 count-bubba dovecot: auth-worker(default):
sql(mail at fathomssen.de,85.177.168.174): query: SELECT id AS user, mbox_host
AS
domain, passwd AS password FROM pop_access WHERE ( (id = 'mail' AND
mbox_host
= 'fathomssen.de') OR (id = SUBSTRING_INDEX('mail', '@',
1) AND mbox_host =
SUBSTRING_INDEX('mail', '@', -1)) ) AND active = '1'
Feb 1 09:45:51 count-bubba dovecot: auth-worker(default):
auth(mail at fathomssen.de,85.177.168.174): username changed mail at
fathomssen.de -> mail
Feb 1 09:45:51 count-bubba dovecot: auth-worker(default):
auth(mail,85.177.168.174): username changed mail -> mail at fathomssen.de
Feb 1 09:45:51 count-bubba dovecot: auth(default): client out: OK 1
user=mail at fathomssen.de
Feb 1 09:45:51 count-bubba dovecot: auth(default): master in: REQUEST 505
27174 1
Feb 1 09:45:51 count-bubba dovecot: auth-worker(default):
sql(mail at fathomssen.de,85.177.168.174): SELECT uid, gid, home FROM pop_access
WHERE ( (id = 'mail' AND mbox_host = 'fathomssen.de') OR (id =
SUBSTRING_INDEX('mail', '@', 1) AND mbox_host =
SUBSTRING_INDEX('mail', '@',
-1)) ) AND active = '1'
Feb 1 09:45:51 count-bubba dovecot: auth(default): master out: USER 505
mail at fathomssen.de uid=500 gid=500
home=/var/www/sites/fathomssen/fathomssen.de/Mailboxs/mail
Feb 1 09:45:51 count-bubba dovecot: imap-login: Login:
user=<mail at fathomssen.de>, method=PLAIN, rip=85.177.168.174,
lip=78.47.39.122,
TLS
Feb 1 09:45:51 count-bubba dovecot: auth(default): new auth connection:
pid=9277
####
####
(After update)
Feb 1 15:23:13 count-bubba dovecot: auth(default): client in: AUTH 1 PLAIN
service=imap secured lip=78.47.39.122 rip=85.177.168.174 lport=143
rport=54903 resp=<hidden>
Feb 1 15:23:13 count-bubba dovecot: auth-worker(default):
sql(mail at fathomssen.de,85.177.168.174): query: SELECT id AS user, mbox_host
AS
domain, passwd AS password FROM pop_access WHERE ( (id = 'mail' AND
mbox_host
= 'fathomssen.de') OR (id = SUBSTRING_INDEX('mail', '@',
1) AND mbox_host =
SUBSTRING_INDEX('mail', '@', -1)) ) AND active = '1'
Feb 1 15:23:13 count-bubba dovecot: auth-worker(default):
auth(mail at fathomssen.de,85.177.168.174): username changed mail at
fathomssen.de -> mail
Feb 1 15:23:13 count-bubba dovecot: auth-worker(default):
auth(mail,85.177.168.174): username changed mail -> mail at fathomssen.de
Feb 1 15:23:13 count-bubba dovecot: auth(default):
auth(mail at fathomssen.de,85.177.168.174): username changed mail at
fathomssen.de -> mail
Feb 1 15:23:13 count-bubba dovecot: auth(default): auth(mail,85.177.168.174):
username changed mail -> mail at mail@fathomssen.de
Feb 1 15:23:13 count-bubba dovecot: auth(default): client out: OK 1
user=mail at mail@fathomssen.de
Feb 1 15:23:13 count-bubba dovecot: auth(default): master in: REQUEST 2
15962 1
Feb 1 15:23:13 count-bubba dovecot: auth-worker(default):
sql(mail at mail@fathomssen.de,85.177.168.174): SELECT uid, gid, home FROM
pop_access WHERE ( (id = 'mail' AND mbox_host = 'mail at
fathomssen.de') OR (id
= SUBSTRING_INDEX('mail', '@', 1) AND mbox_host =
SUBSTRING_INDEX('mail', '@',
-1)) ) AND active = '1'
Feb 1 15:23:13 count-bubba dovecot: auth-worker(default):
sql(mail at mail@fathomssen.de,85.177.168.174): Unknown user
Feb 1 15:23:13 count-bubba dovecot: auth(default):
userdb(mail at mail@fathomssen.de,85.177.168.174): user not found from userdb
sql
Feb 1 15:23:13 count-bubba dovecot: auth(default): master out: NOTFOUND 2
Feb 1 15:23:13 count-bubba dovecot: imap-login: Internal login failure (auth
failed, 1 attempts): user=<mail at mail@fathomssen.de>, method=PLAIN,
rip=85.177.168.174, lip=78.47.39.122, TLS
####
As you see, mail at fathomssen.de (the correct login name) was changed to
mail at mail@fathomssen.de and could not be authenticated.
####
count-bubba ~ # dovecot -n
# 1.1.8: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.28 x86_64 Gentoo Base System release 1.12.12
protocols: imap imaps pop3 pop3s
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
mail_location: maildir:~/Maildir
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib64/dovecot/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/imap
mail_plugin_dir(pop3): /usr/lib64/dovecot/pop3
auth default:
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: dtc
####
####
count-bubba ~ # grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=localhost port=3306 dbname=you user=get password=the_idea
default_pass_scheme = PLAIN-MD5
password_query = SELECT id AS user, mbox_host AS domain, passwd AS password
FROM pop_access WHERE ( (id = '%n' AND mbox_host = '%d') OR (id
=
SUBSTRING_INDEX('%n', '@', 1) AND mbox_host =
SUBSTRING_INDEX('%n', '@', -1))
) AND active = '1'
user_query = SELECT uid, gid, home FROM pop_access WHERE ( (id = '%n'
AND
mbox_host = '%d') OR (id = SUBSTRING_INDEX('%n', '@', 1)
AND mbox_host =
SUBSTRING_INDEX('%n', '@', -1)) ) AND active = '1'
####
Best regards,
Freddy Thomssen
--
Frederick Alexander Thomssen
http://fathomssen.de
mail at fathomssen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090202/28c56228/attachment-0002.bin>