dovecot - Mar 2014 - Fwd: Dovecot not honoring configuration settings (auth failure)

boah how i hate that "reply all" attitude leading to break
"reply to list" and leads in off-list replies


-------- Original-Nachricht --------
Betreff: Re: [Dovecot] Dovecot not honoring configuration settings (auth
failure)
Datum: Tue, 01 Apr 2014 00:02:42 +0200
Von: Reindl Harald <h.reindl at thelounge.net>
Organisation: the lounge interactive design
An: noloader at gmail.com

Am 31.03.2014 23:47, schrieb Jeffrey Walton:
> On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald <h.reindl at
thelounge.net> wrote:
>>
>> Am 31.03.2014 23:37, schrieb Jeffrey Walton:
>>> My dovecot.conf has the following:
>>>
>>>     # No results when searching the wiki
>>>     disable_plaintext_auth = no
>>>
>>>     # http://wiki2.dovecot.org/Authentication/Mechanisms
>>>     auth_mechanisms = plain login digest-md5 cram-md5
>>>
>>> When I attempt to run imapsync, I receive an error:
>>>
>>>     Host2: <host> says it has NO CAPABILITY for AUTHENTICATE
LOGIN
>>>
>>> imapsync also dumps the helo string, and it is missing:
>>>
>>>     Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLS
>>> AUTH=PLAIN] Dovecot ready.
>>>
>>> I've restarted the dovecot service with 'service dovecot
restart' and
>>> even rebooted the machine.
>>>
>>> There is nothing reported in any on the log files
>>> (/var/mail/dovecot.log and /var/log/mail.<level>).
>>>
>>> Any ideas why dovecot is not honoring the setting in its config
file?
>>
>> and the settings are *really* in /etc/dovecot/dovecot.conf
>> or in some ".d"-folder which may or may not be included?
> I believe they are in /etc/dovecot/dovecot.conf:
> 
> # cat /etc/dovecot/dovecot.conf | grep -i auth_
> auth_mechanisms = plain login digest-md5 cram-md5
my local machine is configured like below for years and it works

well, post the whole config-file and strip only what is really needed to keep
secret

# provided services
protocols                      = imap

# configure ssl
ssl                            = yes
ssl_cert                       = </etc/postfix/certs/localhost.pem
ssl_key                        = </etc/postfix/certs/localhost.pem
ssl_cipher_list               
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES2$
ssl_prefer_server_ciphers      = yes
ssl_parameters_regenerate      = 0

# configure imap-proxy
service imap-login {
  inet_listener imap {
    address                    = *
    port                       = 143
  }
  inet_listener imaps {
    address                    = *
    port                       = 993
  }
  vsz_limit                    = 128M
  service_count                = 0
  process_min_avail            = 1
  process_limit                = 1
  client_limit                 = 200
}

# default settings
imap_capability                = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
THREAD=ORDEREDSUBJECT UNSELECT I$
login_greeting                 login_log_format_elements      = %u %r %m %c
login_log_format               = %{login_status}: %s
pop3_client_workarounds        = outlook-no-nuls oe-ns-eoh
mail_max_userip_connections    = 100
auth_mechanisms                = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
SCRAM-SHA-1
disable_plaintext_auth         = no
shutdown_clients               = no
version_ignore                 = yes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 246 bytes
Desc: OpenPGP digital signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20140401/8586d6d5/attachment-0001.sig>

If you dont want to help, you better not send a response at all.


Reindl Harald wrote:
> boah how i hate that "reply all" attitude leading to break
> "reply to list" and leads in off-list replies
>
>
> -------- Original-Nachricht --------
> Betreff: Re: [Dovecot] Dovecot not honoring configuration settings (auth
failure)
> Datum: Tue, 01 Apr 2014 00:02:42 +0200
> Von: Reindl Harald <h.reindl at thelounge.net>
> Organisation: the lounge interactive design
> An: noloader at gmail.com
>
> Am 31.03.2014 23:47, schrieb Jeffrey Walton:
>> On Mon, Mar 31, 2014 at 5:39 PM, Reindl Harald <h.reindl at
thelounge.net> wrote:
>>>
>>> Am 31.03.2014 23:37, schrieb Jeffrey Walton:
>>>> My dovecot.conf has the following:
>>>>
>>>>      # No results when searching the wiki
>>>>      disable_plaintext_auth = no
>>>>
>>>>      # http://wiki2.dovecot.org/Authentication/Mechanisms
>>>>      auth_mechanisms = plain login digest-md5 cram-md5
>>>>
>>>> When I attempt to run imapsync, I receive an error:
>>>>
>>>>      Host2: <host> says it has NO CAPABILITY for
AUTHENTICATE LOGIN
>>>>
>>>> imapsync also dumps the helo string, and it is missing:
>>>>
>>>>      Host2: * OK [CAPABILITY IMAP4rev1 LITERAL+ ... STARTTLS
>>>> AUTH=PLAIN] Dovecot ready.
>>>>
>>>> I've restarted the dovecot service with 'service
dovecot restart' and
>>>> even rebooted the machine.
>>>>
>>>> There is nothing reported in any on the log files
>>>> (/var/mail/dovecot.log and /var/log/mail.<level>).
>>>>
>>>> Any ideas why dovecot is not honoring the setting in its config
file?
>>>
>>> and the settings are *really* in /etc/dovecot/dovecot.conf
>>> or in some ".d"-folder which may or may not be included?
>> I believe they are in /etc/dovecot/dovecot.conf:
>>
>> # cat /etc/dovecot/dovecot.conf | grep -i auth_
>> auth_mechanisms = plain login digest-md5 cram-md5
>
> my local machine is configured like below for years and it works
>
> well, post the whole config-file and strip only what is really needed to
keep secret
>
> # provided services
> protocols                      = imap
>
> # configure ssl
> ssl                            = yes
> ssl_cert                       = </etc/postfix/certs/localhost.pem
> ssl_key                        = </etc/postfix/certs/localhost.pem
> ssl_cipher_list                >
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES2$
> ssl_prefer_server_ciphers      = yes
> ssl_parameters_regenerate      = 0
>
> # configure imap-proxy
> service imap-login {
>    inet_listener imap {
>      address                    = *
>      port                       = 143
>    }
>    inet_listener imaps {
>      address                    = *
>      port                       = 993
>    }
>    vsz_limit                    = 128M
>    service_count                = 0
>    process_min_avail            = 1
>    process_limit                = 1
>    client_limit                 = 200
> }
>
> # default settings
> imap_capability                = IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE
CHILDREN SORT QUOTA
> THREAD=ORDEREDSUBJECT UNSELECT I$
> login_greeting                 > login_log_format_elements      = %u %r
%m %c
> login_log_format               = %{login_status}: %s
> pop3_client_workarounds        = outlook-no-nuls oe-ns-eoh
> mail_max_userip_connections    = 100
> auth_mechanisms                = CRAM-MD5 DIGEST-MD5 APOP LOGIN PLAIN
SCRAM-SHA-1
> disable_plaintext_auth         = no
> shutdown_clients               = no
> version_ignore                 = yes
>