I set up cram-md5 using this tutorial
https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in
passdb code block:
listen = *,[::]
protocols = imap pop3
#auth_mechanisms = plain login cram-md5
auth_mechanisms = cram-md5 plain login
#dodana nizej linia
ssl = required
disable_plaintext_auth = yes
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_privileged_group = vmail
postmaster_address = postmaster at vps342401.ovh.net
ssl_cert = </etc/postfix/smtpd.cert
ssl_key = </etc/postfix/smtpd.key
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
ssl_cipher_list
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
:D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048
mail_max_userip_connections = 100
passdb {
# args = /etc/dovecot/dovecot-sql.conf
# driver = sql
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
Of course I created cram-md5.pwd file. All mails go out and come nicely.
But after I want to do default settings by commented out these two lines:
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
and uncomment
# args = /etc/dovecot/dovecot-sql.conf
# driver = sql
I can't send emails - I use Thunderbird - get error "logging on server
mail.example.com not work out". Error in logs:
dovecot: auth-worker(22698): Error: Auth worker sees different
passdbs/userdbs than auth server.
dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
Is it possible that hashed password from cram-md5.pwd file was written to
database (if yes then where - I have ISPconfig)? I wasn't change any userdb
{} block and this second userdb block has this same lines like default
settings in passdb block.
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*
On 31.01.2017 09:06, Poliman - Serwis wrote:> I set up cram-md5 using this tutorial > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > passdb code block: > listen = *,[::] > protocols = imap pop3 > #auth_mechanisms = plain login cram-md5 > auth_mechanisms = cram-md5 plain login > #dodana nizej linia > ssl = required > disable_plaintext_auth = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_privileged_group = vmail > postmaster_address = postmaster at vps342401.ovh.net > ssl_cert = </etc/postfix/smtpd.cert > ssl_key = </etc/postfix/smtpd.key > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > ssl_cipher_list > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > ssl_prefer_server_ciphers = yes > ssl_dh_parameters_length = 2048 > > > mail_max_userip_connections = 100 > passdb { > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > Of course I created cram-md5.pwd file. All mails go out and come nicely. > But after I want to do default settings by commented out these two lines: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > and uncomment > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > I can't send emails - I use Thunderbird - get error "logging on server > mail.example.com not work out". Error in logs: > dovecot: auth-worker(22698): Error: Auth worker sees different > passdbs/userdbs than auth server. > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > Is it possible that hashed password from cram-md5.pwd file was written to > database (if yes then where - I have ISPconfig)? I wasn't change any userdb > {} block and this second userdb block has this same lines like default > settings in passdb block. >Try auth_debug=yes auth_verbose=yes and see if it gives any more reasonable messages. Aki
Thank You for answer. Where could I setup these two lines? 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:> > > On 31.01.2017 09:06, Poliman - Serwis wrote: > > I set up cram-md5 using this tutorial > > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > > passdb code block: > > listen = *,[::] > > protocols = imap pop3 > > #auth_mechanisms = plain login cram-md5 > > auth_mechanisms = cram-md5 plain login > > #dodana nizej linia > > ssl = required > > disable_plaintext_auth = yes > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > mail_privileged_group = vmail > > postmaster_address = postmaster at vps342401.ovh.net > > ssl_cert = </etc/postfix/smtpd.cert > > ssl_key = </etc/postfix/smtpd.key > > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > > ssl_cipher_list > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > > ssl_prefer_server_ciphers = yes > > ssl_dh_parameters_length = 2048 > > > > > > mail_max_userip_connections = 100 > > passdb { > > # args = /etc/dovecot/dovecot-sql.conf > > # driver = sql > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > userdb { > > driver = prefetch > > } > > userdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > Of course I created cram-md5.pwd file. All mails go out and come nicely. > > But after I want to do default settings by commented out these two lines: > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > and uncomment > > # args = /etc/dovecot/dovecot-sql.conf > > # driver = sql > > I can't send emails - I use Thunderbird - get error "logging on server > > mail.example.com not work out". Error in logs: > > dovecot: auth-worker(22698): Error: Auth worker sees different > > passdbs/userdbs than auth server. > > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > > > Is it possible that hashed password from cram-md5.pwd file was written to > > database (if yes then where - I have ISPconfig)? I wasn't change any > userdb > > {} block and this second userdb block has this same lines like default > > settings in passdb block. > > > Try > > auth_debug=yes > auth_verbose=yes > > and see if it gives any more reasonable messages. > > Aki >-- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *serwis at poliman.pl <serwis at poliman.pl>*
This is debug log files in syslog:
Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out:
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4Feb
1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql(
do_not_reply at example.com,12.173.211.32): query: SELECT email as user,
password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
'/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
userdb_mail,
uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota,
'B') AS
userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id
= '1'
Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 scheme, but we
have only CRYPT
Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out:
FAIL#0112#011user=do_not_reply at example.com
Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication
failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4Feb 1
07:11:02 vps342401 CRON[27074]: (root) CMD
(/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; done)
Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#011lip=173.72.31.7#011rip=12.173.211.32#011secured
Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out:
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoLm5ldD4Feb
1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden>
Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql(
do_not_reply at example.com,12.173.211.32): query: SELECT email as user,
password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir,
'/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
userdb_mail,
uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota,
'B') AS
userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM
mail_user WHERE (login = 'do_not_reply at example.com' OR email = '
do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id
= '1'
Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 scheme, but we
have only CRYPT
Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out:
FAIL#0113#011user=do_not_reply at example.com
#####################
I added in dovecot.conf lines in passdb block:
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
and commented out default lines
#args = /etc/dovecot/dovecot-sql.conf
#driver = sql
When I try set again default lines I got above error
2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>
> On 31.01.2017 09:06, Poliman - Serwis wrote:
> > I set up cram-md5 using this tutorial
> > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf
in
> > passdb code block:
> > listen = *,[::]
> > protocols = imap pop3
> > #auth_mechanisms = plain login cram-md5
> > auth_mechanisms = cram-md5 plain login
> > #dodana nizej linia
> > ssl = required
> > disable_plaintext_auth = yes
> > log_timestamp = "%Y-%m-%d %H:%M:%S "
> > mail_privileged_group = vmail
> > postmaster_address = postmaster at vps342401.ovh.net
> > ssl_cert = </etc/postfix/smtpd.cert
> > ssl_key = </etc/postfix/smtpd.key
> > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> > ssl_cipher_list > >
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> > ssl_prefer_server_ciphers = yes
> > ssl_dh_parameters_length = 2048
> >
> >
> > mail_max_userip_connections = 100
> > passdb {
> > # args = /etc/dovecot/dovecot-sql.conf
> > # driver = sql
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > }
> > userdb {
> > driver = prefetch
> > }
> > userdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > Of course I created cram-md5.pwd file. All mails go out and come
nicely.
> > But after I want to do default settings by commented out these two
lines:
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > and uncomment
> > # args = /etc/dovecot/dovecot-sql.conf
> > # driver = sql
> > I can't send emails - I use Thunderbird - get error "logging
on server
> > mail.example.com not work out". Error in logs:
> > dovecot: auth-worker(22698): Error: Auth worker sees different
> > passdbs/userdbs than auth server.
> > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> >
> > Is it possible that hashed password from cram-md5.pwd file was written
to
> > database (if yes then where - I have ISPconfig)? I wasn't change
any
> userdb
> > {} block and this second userdb block has this same lines like default
> > settings in passdb block.
> >
> Try
>
> auth_debug=yes
> auth_verbose=yes
>
> and see if it gives any more reasonable messages.
>
> Aki
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*