I always restart dovecot after change config. ;) Sure, I commented out
added two lines by me, restarted dovecot and here it is:
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login cram-md5
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmaster at example.com
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = </etc/postfix/smtpd.cert
ssl_cipher_list
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key = </etc/postfix/smtpd.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota
}
protocol pop3 {
mail_plugins = quota
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
mail_plugins = sieve quota
postmaster_address = webmaster at localhost
}
protocol lmtp {
mail_plugins = quota sieve
postmaster_address = webmaster at localhost
}
2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>
> On 01.02.2017 08:18, Poliman - Serwis wrote:
> > This is debug log files in syslog:
> > Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out:
> > CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> m5ldD4> > Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in:
CONT<hidden>
> > Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql(
> > do_not_reply at example.com,12.173.211.32): query: SELECT email as
user,
> > password, maildir as userdb_home, CONCAT( maildir_format, ':',
maildir,
> > '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> userdb_mail,
> > uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=',
quota, 'B') AS
> > userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve
FROM
> > mail_user WHERE (login = 'do_not_reply at example.com' OR
email = '
> > do_not_reply at example.com') AND `disablesmtp` = 'n' AND
server_id = '1'
> > Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password(
> > do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5
scheme,
> but we
> > have only CRYPT
> > Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out:
> > FAIL#0112#011user=do_not_reply at example.com
> > Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> > host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication
> > failed:
PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4> > Feb 1
07:11:02 vps342401 CRON[27074]: (root) CMD
> > (/usr/local/ispconfig/server/server.sh 2>&1 | while read line;
do echo
> > `/bin/date` "$line" >> /var/log/ispconfig/cron.log;
done)
> > Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
> > (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do
echo
> > `/bin/date` "$line" >> /var/log/ispconfig/cron.log;
done)
> > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> > AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out:
> > CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> m5ldD4> > Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
CONT<hidden>
> > Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql(
> > do_not_reply at example.com,12.173.211.32): query: SELECT email as
user,
> > password, maildir as userdb_home, CONCAT( maildir_format, ':',
maildir,
> > '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> userdb_mail,
> > uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=',
quota, 'B') AS
> > userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve
FROM
> > mail_user WHERE (login = 'do_not_reply at example.com' OR
email = '
> > do_not_reply at example.com') AND `disablesmtp` = 'n' AND
server_id = '1'
> > Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password(
> > do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 scheme,
but
> we
> > have only CRYPT
> > Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out:
> > FAIL#0113#011user=do_not_reply at example.com
> >
> >
> >
> > #####################
> > I added in dovecot.conf lines in passdb block:
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > and commented out default lines
> > #args = /etc/dovecot/dovecot-sql.conf
> > #driver = sql
> > When I try set again default lines I got above error
>
> Can you run doveconf -n with the configuration that causes the above
> error? Also it clearly does SQL lookup, so that error is happening with
> SQL passdb. You need to remember to restart dovecot between
> configuration changes.
>
> Aki
>
> >
> > 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >>
> >> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>> I set up cram-md5 using this tutorial
> >>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
/etc/dovecot/dovecot.conf
> in
> >>> passdb code block:
> >>> listen = *,[::]
> >>> protocols = imap pop3
> >>> #auth_mechanisms = plain login cram-md5
> >>> auth_mechanisms = cram-md5 plain login
> >>> #dodana nizej linia
> >>> ssl = required
> >>> disable_plaintext_auth = yes
> >>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>> mail_privileged_group = vmail
> >>> postmaster_address = postmaster at vps342401.ovh.net
> >>> ssl_cert = </etc/postfix/smtpd.cert
> >>> ssl_key = </etc/postfix/smtpd.key
> >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>> ssl_cipher_list > >>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>> ssl_prefer_server_ciphers = yes
> >>> ssl_dh_parameters_length = 2048
> >>>
> >>>
> >>> mail_max_userip_connections = 100
> >>> passdb {
> >>> # args = /etc/dovecot/dovecot-sql.conf
> >>> # driver = sql
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>> userdb {
> >>> driver = prefetch
> >>> }
> >>> userdb {
> >>> args = /etc/dovecot/dovecot-sql.conf
> >>> driver = sql
> >>> }
> >>> Of course I created cram-md5.pwd file. All mails go out and
come
> nicely.
> >>> But after I want to do default settings by commented out these
two
> lines:
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> and uncomment
> >>> # args = /etc/dovecot/dovecot-sql.conf
> >>> # driver = sql
> >>> I can't send emails - I use Thunderbird - get error
"logging on server
> >>> mail.example.com not work out". Error in logs:
> >>> dovecot: auth-worker(22698): Error: Auth worker sees different
> >>> passdbs/userdbs than auth server.
> >>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF
> >>>
> >>> Is it possible that hashed password from cram-md5.pwd file was
written
> to
> >>> database (if yes then where - I have ISPconfig)? I wasn't
change any
> >> userdb
> >>> {} block and this second userdb block has this same lines like
default
> >>> settings in passdb block.
> >>>
> >> Try
> >>
> >> auth_debug=yes
> >> auth_verbose=yes
> >>
> >> and see if it gives any more reasonable messages.
> >>
> >> Aki
> >>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*
Because cram-md5 needs the user's password for calculating responses, it cannot work with hashed passwords (one-way encrypted). The only supported password schemes are PLAIN and CRAM-MD5. Aki On 01.02.2017 09:33, Poliman - Serwis wrote:> I always restart dovecot after change config. ;) Sure, I commented out > added two lines by me, restarted dovecot and here it is: > > # 2.2.9: /etc/dovecot/dovecot.conf > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > auth_mechanisms = plain login cram-md5 > listen = *,[::] > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_max_userip_connections = 100 > mail_plugins = " quota" > mail_privileged_group = vmail > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > quota = dict:user::file:/var/vmail/%d/%n/.quotausage > sieve = /var/vmail/%d/%n/.sieve > sieve_max_redirects = 25 > } > postmaster_address = postmaster at example.com > protocols = imap pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > unix_listener auth-userdb { > group = vmail > mode = 0600 > user = vmail > } > user = root > } > service imap-login { > client_limit = 1000 > process_limit = 512 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > ssl = required > ssl_cert = </etc/postfix/smtpd.cert > ssl_cipher_list > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > ssl_dh_parameters_length = 2048 > ssl_key = </etc/postfix/smtpd.key > ssl_prefer_server_ciphers = yes > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol imap { > mail_plugins = quota imap_quota > } > protocol pop3 { > mail_plugins = quota > pop3_uidl_format = %08Xu%08Xv > } > protocol lda { > mail_plugins = sieve quota > postmaster_address = webmaster at localhost > } > protocol lmtp { > mail_plugins = quota sieve > postmaster_address = webmaster at localhost > } > > > 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >> >> On 01.02.2017 08:18, Poliman - Serwis wrote: >>> This is debug log files in syslog: >>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: >>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >> m5ldD4>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( >>> do_not_reply at example.com,12.173.211.32): query: SELECT email as user, >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >> userdb_mail, >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' >>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id = '1' >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 scheme, >> but we >>> have only CRYPT >>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: >>> FAIL#0112#011user=do_not_reply at example.com >>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 authentication >>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5ldD4>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo >>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) >>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo >>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: >>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >> m5ldD4>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: CONT<hidden> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( >>> do_not_reply at example.com,12.173.211.32): query: SELECT email as user, >>> password, maildir as userdb_home, CONCAT( maildir_format, ':', maildir, >>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >> userdb_mail, >>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, 'B') AS >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM >>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' >>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id = '1' >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 scheme, but >> we >>> have only CRYPT >>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: >>> FAIL#0113#011user=do_not_reply at example.com >>> >>> >>> >>> ##################### >>> I added in dovecot.conf lines in passdb block: >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> and commented out default lines >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>> When I try set again default lines I got above error >> Can you run doveconf -n with the configuration that causes the above >> error? Also it clearly does SQL lookup, so that error is happening with >> SQL passdb. You need to remember to restart dovecot between >> configuration changes. >> >> Aki >> >>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: >>> >>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>> I set up cram-md5 using this tutorial >>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf >> in >>>>> passdb code block: >>>>> listen = *,[::] >>>>> protocols = imap pop3 >>>>> #auth_mechanisms = plain login cram-md5 >>>>> auth_mechanisms = cram-md5 plain login >>>>> #dodana nizej linia >>>>> ssl = required >>>>> disable_plaintext_auth = yes >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>> mail_privileged_group = vmail >>>>> postmaster_address = postmaster at vps342401.ovh.net >>>>> ssl_cert = </etc/postfix/smtpd.cert >>>>> ssl_key = </etc/postfix/smtpd.key >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>> ssl_cipher_list >>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: >>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>> ssl_prefer_server_ciphers = yes >>>>> ssl_dh_parameters_length = 2048 >>>>> >>>>> >>>>> mail_max_userip_connections = 100 >>>>> passdb { >>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>> # driver = sql >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> } >>>>> userdb { >>>>> driver = prefetch >>>>> } >>>>> userdb { >>>>> args = /etc/dovecot/dovecot-sql.conf >>>>> driver = sql >>>>> } >>>>> Of course I created cram-md5.pwd file. All mails go out and come >> nicely. >>>>> But after I want to do default settings by commented out these two >> lines: >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> and uncomment >>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>> # driver = sql >>>>> I can't send emails - I use Thunderbird - get error "logging on server >>>>> mail.example.com not work out". Error in logs: >>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>> passdbs/userdbs than auth server. >>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>> >>>>> Is it possible that hashed password from cram-md5.pwd file was written >> to >>>>> database (if yes then where - I have ISPconfig)? I wasn't change any >>>> userdb >>>>> {} block and this second userdb block has this same lines like default >>>>> settings in passdb block. >>>>> >>>> Try >>>> >>>> auth_debug=yes >>>> auth_verbose=yes >>>> >>>> and see if it gives any more reasonable messages. >>>> >>>> Aki >>>> >>> > >
Default it was: "auth_mechanisms = plain login" and I added cram-md5.
After restart all work perfectly. But after I added:
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
I can't set default lines because I got error. Please tell me which lines
should be changed to resolve this issue. Should I remove "login" from
auth_mechanism ("login" was default setting and I would like to move
back
to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> Because cram-md5 needs the user's password for calculating responses,
it
> cannot work with hashed passwords (one-way encrypted). The only
> supported password schemes are PLAIN and CRAM-MD5.
>
> Aki
>
> On 01.02.2017 09:33, Poliman - Serwis wrote:
> > I always restart dovecot after change config. ;) Sure, I commented out
> > added two lines by me, restarted dovecot and here it is:
> >
> > # 2.2.9: /etc/dovecot/dovecot.conf
> > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> > auth_mechanisms = plain login cram-md5
> > listen = *,[::]
> > log_timestamp = "%Y-%m-%d %H:%M:%S "
> > mail_max_userip_connections = 100
> > mail_plugins = " quota"
> > mail_privileged_group = vmail
> > passdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > plugin {
> > quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> > sieve = /var/vmail/%d/%n/.sieve
> > sieve_max_redirects = 25
> > }
> > postmaster_address = postmaster at example.com
> > protocols = imap pop3
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > group = postfix
> > mode = 0660
> > user = postfix
> > }
> > unix_listener auth-userdb {
> > group = vmail
> > mode = 0600
> > user = vmail
> > }
> > user = root
> > }
> > service imap-login {
> > client_limit = 1000
> > process_limit = 512
> > }
> > service lmtp {
> > unix_listener /var/spool/postfix/private/dovecot-lmtp {
> > group = postfix
> > mode = 0600
> > user = postfix
> > }
> > }
> > ssl = required
> > ssl_cert = </etc/postfix/smtpd.cert
> > ssl_cipher_list > >
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> > ssl_dh_parameters_length = 2048
> > ssl_key = </etc/postfix/smtpd.key
> > ssl_prefer_server_ciphers = yes
> > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> > userdb {
> > driver = prefetch
> > }
> > userdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > protocol imap {
> > mail_plugins = quota imap_quota
> > }
> > protocol pop3 {
> > mail_plugins = quota
> > pop3_uidl_format = %08Xu%08Xv
> > }
> > protocol lda {
> > mail_plugins = sieve quota
> > postmaster_address = webmaster at localhost
> > }
> > protocol lmtp {
> > mail_plugins = quota sieve
> > postmaster_address = webmaster at localhost
> > }
> >
> >
> > 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >>
> >> On 01.02.2017 08:18, Poliman - Serwis wrote:
> >>> This is debug log files in syslog:
> >>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb
out:
> >>>
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >> m5ldD4> >>> Feb 1 07:10:26 vps342401 dovecot: auth:
Debug: client in: CONT<hidden>
> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug:
sql(
> >>> do_not_reply at example.com,12.173.211.32): query: SELECT
email as user,
> >>> password, maildir as userdb_home, CONCAT( maildir_format,
':', maildir,
> >>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >> userdb_mail,
> >>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota, 'B')
> AS
> >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as
userdb_sieve FROM
> >>> mail_user WHERE (login = 'do_not_reply at example.com'
OR email = '
> >>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id = '1'
> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):
password(
> >>> do_not_reply at example.com, 12.173.211.32): Requested
CRAM-MD5 scheme,
> >> but we
> >>> have only CRYPT
> >>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb
out:
> >>> FAIL#0112#011user=do_not_reply at example.com
> >>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> >>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
authentication
> >>> failed:
PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> dD4> >>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD
> >>> (/usr/local/ispconfig/server/server.sh 2>&1 | while
read line; do echo
> >>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
> >>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read
line; do echo
> >>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> >>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb
out:
> >>>
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >> m5ldD4> >>> Feb 1 07:11:11 vps342401 dovecot: auth:
Debug: client in: CONT<hidden>
> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug:
sql(
> >>> do_not_reply at example.com,12.173.211.32): query: SELECT
email as user,
> >>> password, maildir as userdb_home, CONCAT( maildir_format,
':', maildir,
> >>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >> userdb_mail,
> >>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota, 'B')
> AS
> >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as
userdb_sieve FROM
> >>> mail_user WHERE (login = 'do_not_reply at example.com'
OR email = '
> >>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id = '1'
> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):
password(
> >>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5
scheme,
> but
> >> we
> >>> have only CRYPT
> >>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb
out:
> >>> FAIL#0113#011user=do_not_reply at example.com
> >>>
> >>>
> >>>
> >>> #####################
> >>> I added in dovecot.conf lines in passdb block:
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> and commented out default lines
> >>> #args = /etc/dovecot/dovecot-sql.conf
> >>> #driver = sql
> >>> When I try set again default lines I got above error
> >> Can you run doveconf -n with the configuration that causes the
above
> >> error? Also it clearly does SQL lookup, so that error is happening
with
> >> SQL passdb. You need to remember to restart dovecot between
> >> configuration changes.
> >>
> >> Aki
> >>
> >>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>
> >>>> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>>>> I set up cram-md5 using this tutorial
> >>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> /etc/dovecot/dovecot.conf
> >> in
> >>>>> passdb code block:
> >>>>> listen = *,[::]
> >>>>> protocols = imap pop3
> >>>>> #auth_mechanisms = plain login cram-md5
> >>>>> auth_mechanisms = cram-md5 plain login
> >>>>> #dodana nizej linia
> >>>>> ssl = required
> >>>>> disable_plaintext_auth = yes
> >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>> mail_privileged_group = vmail
> >>>>> postmaster_address = postmaster at vps342401.ovh.net
> >>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>> ssl_cipher_list > >>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>> ssl_prefer_server_ciphers = yes
> >>>>> ssl_dh_parameters_length = 2048
> >>>>>
> >>>>>
> >>>>> mail_max_userip_connections = 100
> >>>>> passdb {
> >>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>> # driver = sql
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> }
> >>>>> userdb {
> >>>>> driver = prefetch
> >>>>> }
> >>>>> userdb {
> >>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>> driver = sql
> >>>>> }
> >>>>> Of course I created cram-md5.pwd file. All mails go
out and come
> >> nicely.
> >>>>> But after I want to do default settings by commented
out these two
> >> lines:
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> and uncomment
> >>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>> # driver = sql
> >>>>> I can't send emails - I use Thunderbird - get
error "logging on
> server
> >>>>> mail.example.com not work out". Error in logs:
> >>>>> dovecot: auth-worker(22698): Error: Auth worker sees
different
> >>>>> passdbs/userdbs than auth server.
> >>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed:
EOF
> >>>>>
> >>>>> Is it possible that hashed password from cram-md5.pwd
file was
> written
> >> to
> >>>>> database (if yes then where - I have ISPconfig)? I
wasn't change any
> >>>> userdb
> >>>>> {} block and this second userdb block has this same
lines like
> default
> >>>>> settings in passdb block.
> >>>>>
> >>>> Try
> >>>>
> >>>> auth_debug=yes
> >>>> auth_verbose=yes
> >>>>
> >>>> and see if it gives any more reasonable messages.
> >>>>
> >>>> Aki
> >>>>
> >>>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*