Default it was: "auth_mechanisms = plain login" and I added cram-md5.
After restart all work perfectly. But after I added:
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
I can't set default lines because I got error. Please tell me which lines
should be changed to resolve this issue. Should I remove "login" from
auth_mechanism ("login" was default setting and I would like to move
back
to default settings)?
2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> Because cram-md5 needs the user's password for calculating responses,
it
> cannot work with hashed passwords (one-way encrypted). The only
> supported password schemes are PLAIN and CRAM-MD5.
>
> Aki
>
> On 01.02.2017 09:33, Poliman - Serwis wrote:
> > I always restart dovecot after change config. ;) Sure, I commented out
> > added two lines by me, restarted dovecot and here it is:
> >
> > # 2.2.9: /etc/dovecot/dovecot.conf
> > # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> > auth_mechanisms = plain login cram-md5
> > listen = *,[::]
> > log_timestamp = "%Y-%m-%d %H:%M:%S "
> > mail_max_userip_connections = 100
> > mail_plugins = " quota"
> > mail_privileged_group = vmail
> > passdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > plugin {
> > quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> > sieve = /var/vmail/%d/%n/.sieve
> > sieve_max_redirects = 25
> > }
> > postmaster_address = postmaster at example.com
> > protocols = imap pop3
> > service auth {
> > unix_listener /var/spool/postfix/private/auth {
> > group = postfix
> > mode = 0660
> > user = postfix
> > }
> > unix_listener auth-userdb {
> > group = vmail
> > mode = 0600
> > user = vmail
> > }
> > user = root
> > }
> > service imap-login {
> > client_limit = 1000
> > process_limit = 512
> > }
> > service lmtp {
> > unix_listener /var/spool/postfix/private/dovecot-lmtp {
> > group = postfix
> > mode = 0600
> > user = postfix
> > }
> > }
> > ssl = required
> > ssl_cert = </etc/postfix/smtpd.cert
> > ssl_cipher_list > >
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> > ssl_dh_parameters_length = 2048
> > ssl_key = </etc/postfix/smtpd.key
> > ssl_prefer_server_ciphers = yes
> > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> > userdb {
> > driver = prefetch
> > }
> > userdb {
> > args = /etc/dovecot/dovecot-sql.conf
> > driver = sql
> > }
> > protocol imap {
> > mail_plugins = quota imap_quota
> > }
> > protocol pop3 {
> > mail_plugins = quota
> > pop3_uidl_format = %08Xu%08Xv
> > }
> > protocol lda {
> > mail_plugins = sieve quota
> > postmaster_address = webmaster at localhost
> > }
> > protocol lmtp {
> > mail_plugins = quota sieve
> > postmaster_address = webmaster at localhost
> > }
> >
> >
> > 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >>
> >> On 01.02.2017 08:18, Poliman - Serwis wrote:
> >>> This is debug log files in syslog:
> >>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb
out:
> >>>
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >> m5ldD4> >>> Feb 1 07:10:26 vps342401 dovecot: auth:
Debug: client in: CONT<hidden>
> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug:
sql(
> >>> do_not_reply at example.com,12.173.211.32): query: SELECT
email as user,
> >>> password, maildir as userdb_home, CONCAT( maildir_format,
':', maildir,
> >>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >> userdb_mail,
> >>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota, 'B')
> AS
> >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as
userdb_sieve FROM
> >>> mail_user WHERE (login = 'do_not_reply at example.com'
OR email = '
> >>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id = '1'
> >>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):
password(
> >>> do_not_reply at example.com, 12.173.211.32): Requested
CRAM-MD5 scheme,
> >> but we
> >>> have only CRYPT
> >>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb
out:
> >>> FAIL#0112#011user=do_not_reply at example.com
> >>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning:
> >>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
authentication
> >>> failed:
PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> dD4> >>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD
> >>> (/usr/local/ispconfig/server/server.sh 2>&1 | while
read line; do echo
> >>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
> >>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read
line; do echo
> >>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
> >>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb
out:
> >>>
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >> m5ldD4> >>> Feb 1 07:11:11 vps342401 dovecot: auth:
Debug: client in: CONT<hidden>
> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug:
sql(
> >>> do_not_reply at example.com,12.173.211.32): query: SELECT
email as user,
> >>> password, maildir as userdb_home, CONCAT( maildir_format,
':', maildir,
> >>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >> userdb_mail,
> >>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota, 'B')
> AS
> >>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as
userdb_sieve FROM
> >>> mail_user WHERE (login = 'do_not_reply at example.com'
OR email = '
> >>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id = '1'
> >>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):
password(
> >>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5
scheme,
> but
> >> we
> >>> have only CRYPT
> >>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb
out:
> >>> FAIL#0113#011user=do_not_reply at example.com
> >>>
> >>>
> >>>
> >>> #####################
> >>> I added in dovecot.conf lines in passdb block:
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> and commented out default lines
> >>> #args = /etc/dovecot/dovecot-sql.conf
> >>> #driver = sql
> >>> When I try set again default lines I got above error
> >> Can you run doveconf -n with the configuration that causes the
above
> >> error? Also it clearly does SQL lookup, so that error is happening
with
> >> SQL passdb. You need to remember to restart dovecot between
> >> configuration changes.
> >>
> >> Aki
> >>
> >>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>
> >>>> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>>>> I set up cram-md5 using this tutorial
> >>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> /etc/dovecot/dovecot.conf
> >> in
> >>>>> passdb code block:
> >>>>> listen = *,[::]
> >>>>> protocols = imap pop3
> >>>>> #auth_mechanisms = plain login cram-md5
> >>>>> auth_mechanisms = cram-md5 plain login
> >>>>> #dodana nizej linia
> >>>>> ssl = required
> >>>>> disable_plaintext_auth = yes
> >>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>> mail_privileged_group = vmail
> >>>>> postmaster_address = postmaster at vps342401.ovh.net
> >>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>> ssl_cipher_list > >>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>> ssl_prefer_server_ciphers = yes
> >>>>> ssl_dh_parameters_length = 2048
> >>>>>
> >>>>>
> >>>>> mail_max_userip_connections = 100
> >>>>> passdb {
> >>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>> # driver = sql
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> }
> >>>>> userdb {
> >>>>> driver = prefetch
> >>>>> }
> >>>>> userdb {
> >>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>> driver = sql
> >>>>> }
> >>>>> Of course I created cram-md5.pwd file. All mails go
out and come
> >> nicely.
> >>>>> But after I want to do default settings by commented
out these two
> >> lines:
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> and uncomment
> >>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>> # driver = sql
> >>>>> I can't send emails - I use Thunderbird - get
error "logging on
> server
> >>>>> mail.example.com not work out". Error in logs:
> >>>>> dovecot: auth-worker(22698): Error: Auth worker sees
different
> >>>>> passdbs/userdbs than auth server.
> >>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed:
EOF
> >>>>>
> >>>>> Is it possible that hashed password from cram-md5.pwd
file was
> written
> >> to
> >>>>> database (if yes then where - I have ISPconfig)? I
wasn't change any
> >>>> userdb
> >>>>> {} block and this second userdb block has this same
lines like
> default
> >>>>> settings in passdb block.
> >>>>>
> >>>> Try
> >>>>
> >>>> auth_debug=yes
> >>>> auth_verbose=yes
> >>>>
> >>>> and see if it gives any more reasonable messages.
> >>>>
> >>>> Aki
> >>>>
> >>>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*
You are probably wanting to do
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
Why you want to use cram-md5 is beyond me, because using SSL is much
more safer.
Aki
On 01.02.2017 09:41, Poliman - Serwis wrote:> Default it was: "auth_mechanisms = plain login" and I added
cram-md5.
> After restart all work perfectly. But after I added:
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> I can't set default lines because I got error. Please tell me which
lines
> should be changed to resolve this issue. Should I remove "login"
from
> auth_mechanism ("login" was default setting and I would like to
move back
> to default settings)?
>
> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
>
>> Because cram-md5 needs the user's password for calculating
responses, it
>> cannot work with hashed passwords (one-way encrypted). The only
>> supported password schemes are PLAIN and CRAM-MD5.
>>
>> Aki
>>
>> On 01.02.2017 09:33, Poliman - Serwis wrote:
>>> I always restart dovecot after change config. ;) Sure, I commented
out
>>> added two lines by me, restarted dovecot and here it is:
>>>
>>> # 2.2.9: /etc/dovecot/dovecot.conf
>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
>>> auth_mechanisms = plain login cram-md5
>>> listen = *,[::]
>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>>> mail_max_userip_connections = 100
>>> mail_plugins = " quota"
>>> mail_privileged_group = vmail
>>> passdb {
>>> args = /etc/dovecot/dovecot-sql.conf
>>> driver = sql
>>> }
>>> plugin {
>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage
>>> sieve = /var/vmail/%d/%n/.sieve
>>> sieve_max_redirects = 25
>>> }
>>> postmaster_address = postmaster at example.com
>>> protocols = imap pop3
>>> service auth {
>>> unix_listener /var/spool/postfix/private/auth {
>>> group = postfix
>>> mode = 0660
>>> user = postfix
>>> }
>>> unix_listener auth-userdb {
>>> group = vmail
>>> mode = 0600
>>> user = vmail
>>> }
>>> user = root
>>> }
>>> service imap-login {
>>> client_limit = 1000
>>> process_limit = 512
>>> }
>>> service lmtp {
>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>> group = postfix
>>> mode = 0600
>>> user = postfix
>>> }
>>> }
>>> ssl = required
>>> ssl_cert = </etc/postfix/smtpd.cert
>>> ssl_cipher_list >>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
>>> ssl_dh_parameters_length = 2048
>>> ssl_key = </etc/postfix/smtpd.key
>>> ssl_prefer_server_ciphers = yes
>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
>>> userdb {
>>> driver = prefetch
>>> }
>>> userdb {
>>> args = /etc/dovecot/dovecot-sql.conf
>>> driver = sql
>>> }
>>> protocol imap {
>>> mail_plugins = quota imap_quota
>>> }
>>> protocol pop3 {
>>> mail_plugins = quota
>>> pop3_uidl_format = %08Xu%08Xv
>>> }
>>> protocol lda {
>>> mail_plugins = sieve quota
>>> postmaster_address = webmaster at localhost
>>> }
>>> protocol lmtp {
>>> mail_plugins = quota sieve
>>> postmaster_address = webmaster at localhost
>>> }
>>>
>>>
>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
>>>
>>>> On 01.02.2017 08:18, Poliman - Serwis wrote:
>>>>> This is debug log files in syslog:
>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client
passdb out:
>>>>>
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
>>>> m5ldD4>>>>> Feb 1 07:10:26 vps342401 dovecot:
auth: Debug: client in: CONT<hidden>
>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):
Debug: sql(
>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT
email as user,
>>>>> password, maildir as userdb_home, CONCAT( maildir_format,
':', maildir,
>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
>>>> userdb_mail,
>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota, 'B')
>> AS
>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as
userdb_sieve FROM
>>>>> mail_user WHERE (login = 'do_not_reply at
example.com' OR email = '
>>>>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id = '1'
>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):
password(
>>>>> do_not_reply at example.com, 12.173.211.32): Requested
CRAM-MD5 scheme,
>>>> but we
>>>>> have only CRYPT
>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client
passdb out:
>>>>> FAIL#0112#011user=do_not_reply at example.com
>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]:
warning:
>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
authentication
>>>>> failed:
PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
>> dD4>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root)
CMD
>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while
read line; do echo
>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while
read line; do echo
>>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in:
>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client
passdb out:
>>>>>
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
>>>> m5ldD4>>>>> Feb 1 07:11:11 vps342401 dovecot:
auth: Debug: client in: CONT<hidden>
>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):
Debug: sql(
>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT
email as user,
>>>>> password, maildir as userdb_home, CONCAT( maildir_format,
':', maildir,
>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
>>>> userdb_mail,
>>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota, 'B')
>> AS
>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as
userdb_sieve FROM
>>>>> mail_user WHERE (login = 'do_not_reply at
example.com' OR email = '
>>>>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id = '1'
>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):
password(
>>>>> do_not_reply at example.com,12.173.211.32): Requested
CRAM-MD5 scheme,
>> but
>>>> we
>>>>> have only CRYPT
>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client
passdb out:
>>>>> FAIL#0113#011user=do_not_reply at example.com
>>>>>
>>>>>
>>>>>
>>>>> #####################
>>>>> I added in dovecot.conf lines in passdb block:
>>>>> driver = passwd-file
>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>> and commented out default lines
>>>>> #args = /etc/dovecot/dovecot-sql.conf
>>>>> #driver = sql
>>>>> When I try set again default lines I got above error
>>>> Can you run doveconf -n with the configuration that causes the
above
>>>> error? Also it clearly does SQL lookup, so that error is
happening with
>>>> SQL passdb. You need to remember to restart dovecot between
>>>> configuration changes.
>>>>
>>>> Aki
>>>>
>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
>>>>>
>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote:
>>>>>>> I set up cram-md5 using this tutorial
>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
>> /etc/dovecot/dovecot.conf
>>>> in
>>>>>>> passdb code block:
>>>>>>> listen = *,[::]
>>>>>>> protocols = imap pop3
>>>>>>> #auth_mechanisms = plain login cram-md5
>>>>>>> auth_mechanisms = cram-md5 plain login
>>>>>>> #dodana nizej linia
>>>>>>> ssl = required
>>>>>>> disable_plaintext_auth = yes
>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
>>>>>>> mail_privileged_group = vmail
>>>>>>> postmaster_address = postmaster at
vps342401.ovh.net
>>>>>>> ssl_cert = </etc/postfix/smtpd.cert
>>>>>>> ssl_key = </etc/postfix/smtpd.key
>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
>>>>>>> ssl_cipher_list >>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
>>>>>>> ssl_prefer_server_ciphers = yes
>>>>>>> ssl_dh_parameters_length = 2048
>>>>>>>
>>>>>>>
>>>>>>> mail_max_userip_connections = 100
>>>>>>> passdb {
>>>>>>> # args = /etc/dovecot/dovecot-sql.conf
>>>>>>> # driver = sql
>>>>>>> driver = passwd-file
>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>>>> }
>>>>>>> userdb {
>>>>>>> driver = prefetch
>>>>>>> }
>>>>>>> userdb {
>>>>>>> args = /etc/dovecot/dovecot-sql.conf
>>>>>>> driver = sql
>>>>>>> }
>>>>>>> Of course I created cram-md5.pwd file. All mails go
out and come
>>>> nicely.
>>>>>>> But after I want to do default settings by
commented out these two
>>>> lines:
>>>>>>> driver = passwd-file
>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
>>>>>>> and uncomment
>>>>>>> # args = /etc/dovecot/dovecot-sql.conf
>>>>>>> # driver = sql
>>>>>>> I can't send emails - I use Thunderbird - get
error "logging on
>> server
>>>>>>> mail.example.com not work out". Error in logs:
>>>>>>> dovecot: auth-worker(22698): Error: Auth worker
sees different
>>>>>>> passdbs/userdbs than auth server.
>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty)
failed: EOF
>>>>>>>
>>>>>>> Is it possible that hashed password from
cram-md5.pwd file was
>> written
>>>> to
>>>>>>> database (if yes then where - I have ISPconfig)? I
wasn't change any
>>>>>> userdb
>>>>>>> {} block and this second userdb block has this same
lines like
>> default
>>>>>>> settings in passdb block.
>>>>>>>
>>>>>> Try
>>>>>>
>>>>>> auth_debug=yes
>>>>>> auth_verbose=yes
>>>>>>
>>>>>> and see if it gives any more reasonable messages.
>>>>>>
>>>>>> Aki
>>>>>>
>>>
>
>
It was only for testing purposes. That's why I want change it back to default settings. ;) I will check above lines and give response asap. 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:> You are probably wanting to do > passdb { > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > > passdb { > driver = sql > args = /etc/dovecot/dovecot-sql.conf > } > > Why you want to use cram-md5 is beyond me, because using SSL is much > more safer. > > Aki > > On 01.02.2017 09:41, Poliman - Serwis wrote: > > Default it was: "auth_mechanisms = plain login" and I added cram-md5. > > After restart all work perfectly. But after I added: > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > I can't set default lines because I got error. Please tell me which lines > > should be changed to resolve this issue. Should I remove "login" from > > auth_mechanism ("login" was default setting and I would like to move back > > to default settings)? > > > > 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > > > >> Because cram-md5 needs the user's password for calculating responses, it > >> cannot work with hashed passwords (one-way encrypted). The only > >> supported password schemes are PLAIN and CRAM-MD5. > >> > >> Aki > >> > >> On 01.02.2017 09:33, Poliman - Serwis wrote: > >>> I always restart dovecot after change config. ;) Sure, I commented out > >>> added two lines by me, restarted dovecot and here it is: > >>> > >>> # 2.2.9: /etc/dovecot/dovecot.conf > >>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > >>> auth_mechanisms = plain login cram-md5 > >>> listen = *,[::] > >>> log_timestamp = "%Y-%m-%d %H:%M:%S " > >>> mail_max_userip_connections = 100 > >>> mail_plugins = " quota" > >>> mail_privileged_group = vmail > >>> passdb { > >>> args = /etc/dovecot/dovecot-sql.conf > >>> driver = sql > >>> } > >>> plugin { > >>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage > >>> sieve = /var/vmail/%d/%n/.sieve > >>> sieve_max_redirects = 25 > >>> } > >>> postmaster_address = postmaster at example.com > >>> protocols = imap pop3 > >>> service auth { > >>> unix_listener /var/spool/postfix/private/auth { > >>> group = postfix > >>> mode = 0660 > >>> user = postfix > >>> } > >>> unix_listener auth-userdb { > >>> group = vmail > >>> mode = 0600 > >>> user = vmail > >>> } > >>> user = root > >>> } > >>> service imap-login { > >>> client_limit = 1000 > >>> process_limit = 512 > >>> } > >>> service lmtp { > >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { > >>> group = postfix > >>> mode = 0600 > >>> user = postfix > >>> } > >>> } > >>> ssl = required > >>> ssl_cert = </etc/postfix/smtpd.cert > >>> ssl_cipher_list > >>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > >> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > >> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > >> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- > >> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- > >> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- > >> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: > >> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: > >> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- > >> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! > >> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! > >> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > >>> ssl_dh_parameters_length = 2048 > >>> ssl_key = </etc/postfix/smtpd.key > >>> ssl_prefer_server_ciphers = yes > >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > >>> userdb { > >>> driver = prefetch > >>> } > >>> userdb { > >>> args = /etc/dovecot/dovecot-sql.conf > >>> driver = sql > >>> } > >>> protocol imap { > >>> mail_plugins = quota imap_quota > >>> } > >>> protocol pop3 { > >>> mail_plugins = quota > >>> pop3_uidl_format = %08Xu%08Xv > >>> } > >>> protocol lda { > >>> mail_plugins = sieve quota > >>> postmaster_address = webmaster at localhost > >>> } > >>> protocol lmtp { > >>> mail_plugins = quota sieve > >>> postmaster_address = webmaster at localhost > >>> } > >>> > >>> > >>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>> > >>>> On 01.02.2017 08:18, Poliman - Serwis wrote: > >>>>> This is debug log files in syslog: > >>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb out: > >>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ > 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL > >>>> m5ldD4> >>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> > >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: sql( > >>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as > user, > >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, > >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > >>>> userdb_mail, > >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') > >> AS > >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM > >>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' > >>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id > '1' > >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( > >>>>> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 scheme, > >>>> but we > >>>>> have only CRYPT > >>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb out: > >>>>> FAIL#0112#011user=do_not_reply at example.com > >>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: > >>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 > authentication > >>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l > >> dD4> >>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD > >>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do > echo > >>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) > >>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD > >>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo > >>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) > >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > >>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# > >>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured > >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb out: > >>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ > 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL > >>>> m5ldD4> >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > CONT<hidden> > >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: sql( > >>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as > user, > >>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > maildir, > >>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > >>>> userdb_mail, > >>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > 'B') > >> AS > >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve FROM > >>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' > >>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND server_id > '1' > >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( > >>>>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 scheme, > >> but > >>>> we > >>>>> have only CRYPT > >>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb out: > >>>>> FAIL#0113#011user=do_not_reply at example.com > >>>>> > >>>>> > >>>>> > >>>>> ##################### > >>>>> I added in dovecot.conf lines in passdb block: > >>>>> driver = passwd-file > >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>> and commented out default lines > >>>>> #args = /etc/dovecot/dovecot-sql.conf > >>>>> #driver = sql > >>>>> When I try set again default lines I got above error > >>>> Can you run doveconf -n with the configuration that causes the above > >>>> error? Also it clearly does SQL lookup, so that error is happening > with > >>>> SQL passdb. You need to remember to restart dovecot between > >>>> configuration changes. > >>>> > >>>> Aki > >>>> > >>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>> > >>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: > >>>>>>> I set up cram-md5 using this tutorial > >>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in > >> /etc/dovecot/dovecot.conf > >>>> in > >>>>>>> passdb code block: > >>>>>>> listen = *,[::] > >>>>>>> protocols = imap pop3 > >>>>>>> #auth_mechanisms = plain login cram-md5 > >>>>>>> auth_mechanisms = cram-md5 plain login > >>>>>>> #dodana nizej linia > >>>>>>> ssl = required > >>>>>>> disable_plaintext_auth = yes > >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " > >>>>>>> mail_privileged_group = vmail > >>>>>>> postmaster_address = postmaster at vps342401.ovh.net > >>>>>>> ssl_cert = </etc/postfix/smtpd.cert > >>>>>>> ssl_key = </etc/postfix/smtpd.key > >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > >>>>>>> ssl_cipher_list > >>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > >>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > >>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > >>>>>>> ssl_prefer_server_ciphers = yes > >>>>>>> ssl_dh_parameters_length = 2048 > >>>>>>> > >>>>>>> > >>>>>>> mail_max_userip_connections = 100 > >>>>>>> passdb { > >>>>>>> # args = /etc/dovecot/dovecot-sql.conf > >>>>>>> # driver = sql > >>>>>>> driver = passwd-file > >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>> } > >>>>>>> userdb { > >>>>>>> driver = prefetch > >>>>>>> } > >>>>>>> userdb { > >>>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>>> driver = sql > >>>>>>> } > >>>>>>> Of course I created cram-md5.pwd file. All mails go out and come > >>>> nicely. > >>>>>>> But after I want to do default settings by commented out these two > >>>> lines: > >>>>>>> driver = passwd-file > >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>> and uncomment > >>>>>>> # args = /etc/dovecot/dovecot-sql.conf > >>>>>>> # driver = sql > >>>>>>> I can't send emails - I use Thunderbird - get error "logging on > >> server > >>>>>>> mail.example.com not work out". Error in logs: > >>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different > >>>>>>> passdbs/userdbs than auth server. > >>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > >>>>>>> > >>>>>>> Is it possible that hashed password from cram-md5.pwd file was > >> written > >>>> to > >>>>>>> database (if yes then where - I have ISPconfig)? I wasn't change > any > >>>>>> userdb > >>>>>>> {} block and this second userdb block has this same lines like > >> default > >>>>>>> settings in passdb block. > >>>>>>> > >>>>>> Try > >>>>>> > >>>>>> auth_debug=yes > >>>>>> auth_verbose=yes > >>>>>> > >>>>>> and see if it gives any more reasonable messages. > >>>>>> > >>>>>> Aki > >>>>>> > >>> > > > > >-- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *serwis at poliman.pl <serwis at poliman.pl>*
It still use:
passdb {
driver = passwd-file
args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
}
When I delete above and delete "cram-md5" in auth_mechanisms it still
not
working.
2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> You are probably wanting to do
> passdb {
> driver = passwd-file
> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> }
>
> passdb {
> driver = sql
> args = /etc/dovecot/dovecot-sql.conf
> }
>
> Why you want to use cram-md5 is beyond me, because using SSL is much
> more safer.
>
> Aki
>
> On 01.02.2017 09:41, Poliman - Serwis wrote:
> > Default it was: "auth_mechanisms = plain login" and I added
cram-md5.
> > After restart all work perfectly. But after I added:
> > driver = passwd-file
> > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> > I can't set default lines because I got error. Please tell me
which lines
> > should be changed to resolve this issue. Should I remove
"login" from
> > auth_mechanism ("login" was default setting and I would like
to move back
> > to default settings)?
> >
> > 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >> Because cram-md5 needs the user's password for calculating
responses, it
> >> cannot work with hashed passwords (one-way encrypted). The only
> >> supported password schemes are PLAIN and CRAM-MD5.
> >>
> >> Aki
> >>
> >> On 01.02.2017 09:33, Poliman - Serwis wrote:
> >>> I always restart dovecot after change config. ;) Sure, I
commented out
> >>> added two lines by me, restarted dovecot and here it is:
> >>>
> >>> # 2.2.9: /etc/dovecot/dovecot.conf
> >>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
> >>> auth_mechanisms = plain login cram-md5
> >>> listen = *,[::]
> >>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>> mail_max_userip_connections = 100
> >>> mail_plugins = " quota"
> >>> mail_privileged_group = vmail
> >>> passdb {
> >>> args = /etc/dovecot/dovecot-sql.conf
> >>> driver = sql
> >>> }
> >>> plugin {
> >>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage
> >>> sieve = /var/vmail/%d/%n/.sieve
> >>> sieve_max_redirects = 25
> >>> }
> >>> postmaster_address = postmaster at example.com
> >>> protocols = imap pop3
> >>> service auth {
> >>> unix_listener /var/spool/postfix/private/auth {
> >>> group = postfix
> >>> mode = 0660
> >>> user = postfix
> >>> }
> >>> unix_listener auth-userdb {
> >>> group = vmail
> >>> mode = 0600
> >>> user = vmail
> >>> }
> >>> user = root
> >>> }
> >>> service imap-login {
> >>> client_limit = 1000
> >>> process_limit = 512
> >>> }
> >>> service lmtp {
> >>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> >>> group = postfix
> >>> mode = 0600
> >>> user = postfix
> >>> }
> >>> }
> >>> ssl = required
> >>> ssl_cert = </etc/postfix/smtpd.cert
> >>> ssl_cipher_list > >>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> >> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> >> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> >> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> >> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> >> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> >> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> >> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> >> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> >> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> >> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> >> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> >>> ssl_dh_parameters_length = 2048
> >>> ssl_key = </etc/postfix/smtpd.key
> >>> ssl_prefer_server_ciphers = yes
> >>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>> userdb {
> >>> driver = prefetch
> >>> }
> >>> userdb {
> >>> args = /etc/dovecot/dovecot-sql.conf
> >>> driver = sql
> >>> }
> >>> protocol imap {
> >>> mail_plugins = quota imap_quota
> >>> }
> >>> protocol pop3 {
> >>> mail_plugins = quota
> >>> pop3_uidl_format = %08Xu%08Xv
> >>> }
> >>> protocol lda {
> >>> mail_plugins = sieve quota
> >>> postmaster_address = webmaster at localhost
> >>> }
> >>> protocol lmtp {
> >>> mail_plugins = quota sieve
> >>> postmaster_address = webmaster at localhost
> >>> }
> >>>
> >>>
> >>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>
> >>>> On 01.02.2017 08:18, Poliman - Serwis wrote:
> >>>>> This is debug log files in syslog:
> >>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client
passdb out:
> >>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >>>> m5ldD4> >>>>> Feb 1 07:10:26 vps342401
dovecot: auth: Debug: client in:
> CONT<hidden>
> >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):
Debug: sql(
> >>>>> do_not_reply at example.com,12.173.211.32): query:
SELECT email as
> user,
> >>>>> password, maildir as userdb_home, CONCAT(
maildir_format, ':',
> maildir,
> >>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>> userdb_mail,
> >>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> 'B')
> >> AS
> >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve')
as userdb_sieve FROM
> >>>>> mail_user WHERE (login = 'do_not_reply at
example.com' OR email = '
> >>>>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id > '1'
> >>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069):
password(
> >>>>> do_not_reply at example.com, 12.173.211.32): Requested
CRAM-MD5 scheme,
> >>>> but we
> >>>>> have only CRYPT
> >>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client
passdb out:
> >>>>> FAIL#0112#011user=do_not_reply at example.com
> >>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]:
warning:
> >>>>> host23131.internet.3s.com[12.173.211.32]: SASL
CRAM-MD5
> authentication
> >>>>> failed:
PDAxODg3ODIzMTUwMzgxNzMuMTQ4NTkyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> >> dD4> >>>>> Feb 1 07:11:02 vps342401
CRON[27074]: (root) CMD
> >>>>> (/usr/local/ispconfig/server/server.sh 2>&1 |
while read line; do
> echo
> >>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD
> >>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 |
while read line; do echo
> >>>>> `/bin/date` "$line" >>
/var/log/ispconfig/cron.log; done)
> >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client
in:
> >>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client
passdb out:
> >>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >>>> m5ldD4> >>>>> Feb 1 07:11:11 vps342401
dovecot: auth: Debug: client in:
> CONT<hidden>
> >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):
Debug: sql(
> >>>>> do_not_reply at example.com,12.173.211.32): query:
SELECT email as
> user,
> >>>>> password, maildir as userdb_home, CONCAT(
maildir_format, ':',
> maildir,
> >>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>> userdb_mail,
> >>>>> uid as userdb_uid, gid as userdb_gid,
CONCAT('*:storage=', quota,
> 'B')
> >> AS
> >>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve')
as userdb_sieve FROM
> >>>>> mail_user WHERE (login = 'do_not_reply at
example.com' OR email = '
> >>>>> do_not_reply at example.com') AND `disablesmtp` =
'n' AND server_id > '1'
> >>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069):
password(
> >>>>> do_not_reply at example.com,12.173.211.32): Requested
CRAM-MD5 scheme,
> >> but
> >>>> we
> >>>>> have only CRYPT
> >>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client
passdb out:
> >>>>> FAIL#0113#011user=do_not_reply at example.com
> >>>>>
> >>>>>
> >>>>>
> >>>>> #####################
> >>>>> I added in dovecot.conf lines in passdb block:
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> and commented out default lines
> >>>>> #args = /etc/dovecot/dovecot-sql.conf
> >>>>> #driver = sql
> >>>>> When I try set again default lines I got above error
> >>>> Can you run doveconf -n with the configuration that causes
the above
> >>>> error? Also it clearly does SQL lookup, so that error is
happening
> with
> >>>> SQL passdb. You need to remember to restart dovecot
between
> >>>> configuration changes.
> >>>>
> >>>> Aki
> >>>>
> >>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>>>
> >>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote:
> >>>>>>> I set up cram-md5 using this tutorial
> >>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> >> /etc/dovecot/dovecot.conf
> >>>> in
> >>>>>>> passdb code block:
> >>>>>>> listen = *,[::]
> >>>>>>> protocols = imap pop3
> >>>>>>> #auth_mechanisms = plain login cram-md5
> >>>>>>> auth_mechanisms = cram-md5 plain login
> >>>>>>> #dodana nizej linia
> >>>>>>> ssl = required
> >>>>>>> disable_plaintext_auth = yes
> >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S "
> >>>>>>> mail_privileged_group = vmail
> >>>>>>> postmaster_address = postmaster at
vps342401.ovh.net
> >>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
> >>>>>>> ssl_cipher_list >
>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image:
> >>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image:
:D]HE-DSS-AES$
> >>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>>
> >>>>>>>
> >>>>>>> mail_max_userip_connections = 100
> >>>>>>> passdb {
> >>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> # driver = sql
> >>>>>>> driver = passwd-file
> >>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>> }
> >>>>>>> userdb {
> >>>>>>> driver = prefetch
> >>>>>>> }
> >>>>>>> userdb {
> >>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> driver = sql
> >>>>>>> }
> >>>>>>> Of course I created cram-md5.pwd file. All
mails go out and come
> >>>> nicely.
> >>>>>>> But after I want to do default settings by
commented out these two
> >>>> lines:
> >>>>>>> driver = passwd-file
> >>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>> and uncomment
> >>>>>>> # args = /etc/dovecot/dovecot-sql.conf
> >>>>>>> # driver = sql
> >>>>>>> I can't send emails - I use Thunderbird -
get error "logging on
> >> server
> >>>>>>> mail.example.com not work out". Error in
logs:
> >>>>>>> dovecot: auth-worker(22698): Error: Auth
worker sees different
> >>>>>>> passdbs/userdbs than auth server.
> >>>>>>> dovecot: auth: Error: read(anvil-auth-penalty)
failed: EOF
> >>>>>>>
> >>>>>>> Is it possible that hashed password from
cram-md5.pwd file was
> >> written
> >>>> to
> >>>>>>> database (if yes then where - I have
ISPconfig)? I wasn't change
> any
> >>>>>> userdb
> >>>>>>> {} block and this second userdb block has this
same lines like
> >> default
> >>>>>>> settings in passdb block.
> >>>>>>>
> >>>>>> Try
> >>>>>>
> >>>>>> auth_debug=yes
> >>>>>> auth_verbose=yes
> >>>>>>
> >>>>>> and see if it gives any more reasonable messages.
> >>>>>>
> >>>>>> Aki
> >>>>>>
> >>>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*