thank you for guidance,
just to recap the issue was about squirrelmail giving a wrong message :
"connection dropped by imap server" instead of "invalid user or
password"
as advised i connected using command line on both my old and new servers, and
have posted the details including the output of dovevcot -n.
1) command prompt login. i put wrong password
telnet x.x.x.x 143
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE START
TLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] ready.
1 login acc at mydomain.com wrongpass
1 NO [AUTHENTICATIONFAILED] Authentication failed.
2) DOVECOT LOG output
CURRENT SERVER
Nov 28 08:48:39 imap-login: Info: Disconnected (auth failed, 1 attempts in 72
secs): user=<acc at mydomain.com, method=PLAIN, rip=120.62.202.70,
lip=103.241.181.155, session=<4PxKs+II2QB4PspG>
OLD SERVER
Nov 28 09:06:08 imap-login: Info: Disconnected (auth failed, 1 attempts):
user=<acc at mydomain.com>, method=PLAIN, rip=120.62.202.70,
lip=72.35.76.156
3) DOVECOT CONFIG FILE DETAILS
# dovecot -n
# 2.2.7: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-431.29.2.el6.x86_64 x86_64 CentOS release 6.5 (Final)
auth_cache_negative_ttl = 0
auth_cache_size = 32 M
auth_cache_ttl = 30 mins
auth_mechanisms = plain login digest-md5 cram-md5
default_login_user = vpopmail
disable_plaintext_auth = no
first_valid_gid = 89
first_valid_uid = 89
log_path = /var/log/dovecot.log
login_greeting = ready.
mail_max_userip_connections = 50
mail_plugins = " quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
namespace {
inbox = yes
location prefix separator = .
type = private
}
passdb {
args = cache_key=%u webmail=127.0.0.1
driver = vpopmail
}
plugin {
quota = maildir:ignore=Trash
quota_rule = ?:storage=0
}
protocols = imap pop3
service imap-login {
client_limit = 256
process_limit = 400
process_min_avail = 12
service_count = 0
vsz_limit = 384 M
}
service pop3-login {
client_limit = 1000
process_limit = 400
process_min_avail = 12
service_count = 0
vsz_limit = 512 M
}
ssl_cert = </var/qmail/control/servercert.pem
ssl_dh_parameters_length = 2048
ssl_key = </var/qmail/control/servercert.pem
userdb {
args = cache_key=%u quota_template=quota_rule=*:backend=%q
driver = vpopmail
}
protocol imap {
imap_client_workarounds = delay-newmail
mail_plugins = " quota imap_quota"
}
protocol pop3 {
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_fast_size_lookups = yes
pop3_lock_session = no
pop3_no_flag_updates = yes
}
thank you for your time and patience.
rajesh
----- Original Message -----
From: Gedalya [mailto:gedalya at gedalya.net]
To: 24x7server at 24x7server.net,dovecot at dovecot.org
Sent: Tue, 25 Nov 2014 05:54:49 -0500
Subject: Re: failed login message
On 11/25/2014 04:49 AM, 24x7server at 24x7server.net
wrote:> thanks for your reply
>
> i intentionaly put the wrong password and checked the dovecot log and the
message i got was
>
> # tail -f /var/log/dovecot.log | grep "xxx at yyy.com"
> Nov 25 08:47:46 imap-login: Info: Aborted login (auth failed, 1 attempts in
2 secs): user=<xxx at yyy.com>, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1,
> secured, session=<xObTWqYIwgB/AAAB>
>
> but in the squirrelmail login page instead of the message "unknown
user or password incorrect" i get the message
>
> ERROR: Connection dropped by IMAP server.
> Query: LOGOUT
>
>
> in my old server where it is working correctly dovecot logs shows the error
>
> Nov 25 14:46:12 imap-login: Info: Aborted login (auth failed, 1 attempts):
user=<"xxx at yyy.com">, method=PLAIN, rip=127.0.0.1,
lip=127.0.0.1, secured
>
> and squirrelmail gives the error : "unknown user or password
incorrect" which is correct.
>
> is there any other place i need to check or some other config file (either
squirrelmail or dovecot) that i need to modify
>
> could you kindly guide me
>
1. Please carefully read http://dovecot.org/mailinglists.html
2. Please carefully follow the instructions at
http://dovecot.org/mailinglists.html. In your case, post full details
for both servers.
3. Try to manually log in to both servers using e.g. telnet in order to
see any differences in the way they respond.
Something like
$ telnet 192.168.9.11 143
Trying 192.168.9.11...
Connected to 192.168.9.11.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE STARTTLS LOGINDISABLED] Dovecot ready.
1 login gedalya 1234
* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but
your client did it anyway. If anyone was listening, the password was
exposed.
1 NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure
(SSL/TLS) connections.
2 logout
* BYE Logging out
2 OK Logout completed.
Connection closed by foreign host.
(that's how it responds in my specific case as I disallow plaintext login)
Or if you need TLS (like me):
$ openssl s_client -starttls imap -quiet -connect 192.168.9.11:143
depth=2 C = IL, O = StartCom Ltd., OU = Secure Digital Certificate
Signing, CN = StartCom Certification Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
. OK Pre-login capabilities listed, post-login capabilities have more.
1 login gedalya 1234
1 NO [AUTHENTICATIONFAILED] Authentication failed.
2 logout
* BYE Logging out
2 OK Logout completed.