I can check each logs, I have root privileges. 2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:> Can you check your logs? > > Aki > > > On 01.02.2017 10:02, Poliman - Serwis wrote: > > When I used backup copy of the dovecot.conf file I have this same error. > So > > I think that maybe something was written to database? I really would > point > > out that I only added > > passdb { > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > > > and comment out from above block default lines > > #args = /etc/dovecot/dovecot-sql.conf > > #driver = sql > > > > And in auth_mechanisms add line cram-md5. Nothing more in any other file. > > > > I don't want to use cram-md5. I need move back to default settings. > > Cram-md5 was only for testing purposes. :) But I supposed that I can move > > back to default by commenting out added lines. But unfortunately it isn't > > that simple. > > > > 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > > > >> Are you still trying to authenticate using cram-md5? > >> > >> Aki > >> > >> > >> On 01.02.2017 09:51, Poliman - Serwis wrote: > >>> It still use: > >>> passdb { > >>> driver = passwd-file > >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> } > >>> > >>> When I delete above and delete "cram-md5" in auth_mechanisms it still > not > >>> working. > >>> > >>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>> > >>>> You are probably wanting to do > >>>> passdb { > >>>> driver = passwd-file > >>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>> } > >>>> > >>>> passdb { > >>>> driver = sql > >>>> args = /etc/dovecot/dovecot-sql.conf > >>>> } > >>>> > >>>> Why you want to use cram-md5 is beyond me, because using SSL is much > >>>> more safer. > >>>> > >>>> Aki > >>>> > >>>> On 01.02.2017 09:41, Poliman - Serwis wrote: > >>>>> Default it was: "auth_mechanisms = plain login" and I added > cram-md5. > >>>>> After restart all work perfectly. But after I added: > >>>>> driver = passwd-file > >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>> I can't set default lines because I got error. Please tell me which > >> lines > >>>>> should be changed to resolve this issue. Should I remove "login" from > >>>>> auth_mechanism ("login" was default setting and I would like to move > >> back > >>>>> to default settings)? > >>>>> > >>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>> > >>>>>> Because cram-md5 needs the user's password for calculating > responses, > >> it > >>>>>> cannot work with hashed passwords (one-way encrypted). The only > >>>>>> supported password schemes are PLAIN and CRAM-MD5. > >>>>>> > >>>>>> Aki > >>>>>> > >>>>>> On 01.02.2017 09:33, Poliman - Serwis wrote: > >>>>>>> I always restart dovecot after change config. ;) Sure, I commented > >> out > >>>>>>> added two lines by me, restarted dovecot and here it is: > >>>>>>> > >>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf > >>>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > >>>>>>> auth_mechanisms = plain login cram-md5 > >>>>>>> listen = *,[::] > >>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " > >>>>>>> mail_max_userip_connections = 100 > >>>>>>> mail_plugins = " quota" > >>>>>>> mail_privileged_group = vmail > >>>>>>> passdb { > >>>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>>> driver = sql > >>>>>>> } > >>>>>>> plugin { > >>>>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage > >>>>>>> sieve = /var/vmail/%d/%n/.sieve > >>>>>>> sieve_max_redirects = 25 > >>>>>>> } > >>>>>>> postmaster_address = postmaster at example.com > >>>>>>> protocols = imap pop3 > >>>>>>> service auth { > >>>>>>> unix_listener /var/spool/postfix/private/auth { > >>>>>>> group = postfix > >>>>>>> mode = 0660 > >>>>>>> user = postfix > >>>>>>> } > >>>>>>> unix_listener auth-userdb { > >>>>>>> group = vmail > >>>>>>> mode = 0600 > >>>>>>> user = vmail > >>>>>>> } > >>>>>>> user = root > >>>>>>> } > >>>>>>> service imap-login { > >>>>>>> client_limit = 1000 > >>>>>>> process_limit = 512 > >>>>>>> } > >>>>>>> service lmtp { > >>>>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { > >>>>>>> group = postfix > >>>>>>> mode = 0600 > >>>>>>> user = postfix > >>>>>>> } > >>>>>>> } > >>>>>>> ssl = required > >>>>>>> ssl_cert = </etc/postfix/smtpd.cert > >>>>>>> ssl_cipher_list > >>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > >>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > >>>>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > >>>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > >>>>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- > >>>>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- > >>>>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- > >>>>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: > >>>>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: > >>>>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- > >>>>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! > >>>>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! > >>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > >>>>>>> ssl_dh_parameters_length = 2048 > >>>>>>> ssl_key = </etc/postfix/smtpd.key > >>>>>>> ssl_prefer_server_ciphers = yes > >>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > >>>>>>> userdb { > >>>>>>> driver = prefetch > >>>>>>> } > >>>>>>> userdb { > >>>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>>> driver = sql > >>>>>>> } > >>>>>>> protocol imap { > >>>>>>> mail_plugins = quota imap_quota > >>>>>>> } > >>>>>>> protocol pop3 { > >>>>>>> mail_plugins = quota > >>>>>>> pop3_uidl_format = %08Xu%08Xv > >>>>>>> } > >>>>>>> protocol lda { > >>>>>>> mail_plugins = sieve quota > >>>>>>> postmaster_address = webmaster at localhost > >>>>>>> } > >>>>>>> protocol lmtp { > >>>>>>> mail_plugins = quota sieve > >>>>>>> postmaster_address = webmaster at localhost > >>>>>>> } > >>>>>>> > >>>>>>> > >>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>>>> > >>>>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: > >>>>>>>>> This is debug log files in syslog: > >>>>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb > out: > >>>>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ > >>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL > >>>>>>>> m5ldD4> >>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: > >>>> CONT<hidden> > >>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: > sql( > >>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as > >>>> user, > >>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > >>>> maildir, > >>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > >>>>>>>> userdb_mail, > >>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > >>>> 'B') > >>>>>> AS > >>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve > FROM > >>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' > >>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND > server_id > >>>> '1' > >>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( > >>>>>>>>> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 > >> scheme, > >>>>>>>> but we > >>>>>>>>> have only CRYPT > >>>>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb > out: > >>>>>>>>> FAIL#0112#011user=do_not_reply at example.com > >>>>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: > >>>>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 > >>>> authentication > >>>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT > >> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l > >>>>>> dD4> >>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD > >>>>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; > do > >>>> echo > >>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) > >>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD > >>>>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do > >> echo > >>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) > >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > >>>>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# > >>>>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured > >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb > out: > >>>>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ > >>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL > >>>>>>>> m5ldD4> >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > >>>> CONT<hidden> > >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: > sql( > >>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as > >>>> user, > >>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > >>>> maildir, > >>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > >>>>>>>> userdb_mail, > >>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, > >>>> 'B') > >>>>>> AS > >>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve > FROM > >>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' > >>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND > server_id > >>>> '1' > >>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( > >>>>>>>>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 > >> scheme, > >>>>>> but > >>>>>>>> we > >>>>>>>>> have only CRYPT > >>>>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb > out: > >>>>>>>>> FAIL#0113#011user=do_not_reply at example.com > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> ##################### > >>>>>>>>> I added in dovecot.conf lines in passdb block: > >>>>>>>>> driver = passwd-file > >>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>>>> and commented out default lines > >>>>>>>>> #args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>> #driver = sql > >>>>>>>>> When I try set again default lines I got above error > >>>>>>>> Can you run doveconf -n with the configuration that causes the > above > >>>>>>>> error? Also it clearly does SQL lookup, so that error is happening > >>>> with > >>>>>>>> SQL passdb. You need to remember to restart dovecot between > >>>>>>>> configuration changes. > >>>>>>>> > >>>>>>>> Aki > >>>>>>>> > >>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>>>>>> > >>>>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: > >>>>>>>>>>> I set up cram-md5 using this tutorial > >>>>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in > >>>>>> /etc/dovecot/dovecot.conf > >>>>>>>> in > >>>>>>>>>>> passdb code block: > >>>>>>>>>>> listen = *,[::] > >>>>>>>>>>> protocols = imap pop3 > >>>>>>>>>>> #auth_mechanisms = plain login cram-md5 > >>>>>>>>>>> auth_mechanisms = cram-md5 plain login > >>>>>>>>>>> #dodana nizej linia > >>>>>>>>>>> ssl = required > >>>>>>>>>>> disable_plaintext_auth = yes > >>>>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " > >>>>>>>>>>> mail_privileged_group = vmail > >>>>>>>>>>> postmaster_address = postmaster at vps342401.ovh.net > >>>>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert > >>>>>>>>>>> ssl_key = </etc/postfix/smtpd.key > >>>>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > >>>>>>>>>>> ssl_cipher_list > >>>>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > >>>>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ > image: > >>>>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > >>>>>>>>>>> ssl_prefer_server_ciphers = yes > >>>>>>>>>>> ssl_dh_parameters_length = 2048 > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> mail_max_userip_connections = 100 > >>>>>>>>>>> passdb { > >>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>>>> # driver = sql > >>>>>>>>>>> driver = passwd-file > >>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>>>>>> } > >>>>>>>>>>> userdb { > >>>>>>>>>>> driver = prefetch > >>>>>>>>>>> } > >>>>>>>>>>> userdb { > >>>>>>>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>>>> driver = sql > >>>>>>>>>>> } > >>>>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and > come > >>>>>>>> nicely. > >>>>>>>>>>> But after I want to do default settings by commented out these > >> two > >>>>>>>> lines: > >>>>>>>>>>> driver = passwd-file > >>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>>>>>> and uncomment > >>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>>>> # driver = sql > >>>>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on > >>>>>> server > >>>>>>>>>>> mail.example.com not work out". Error in logs: > >>>>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different > >>>>>>>>>>> passdbs/userdbs than auth server. > >>>>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > >>>>>>>>>>> > >>>>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was > >>>>>> written > >>>>>>>> to > >>>>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't > change > >>>> any > >>>>>>>>>> userdb > >>>>>>>>>>> {} block and this second userdb block has this same lines like > >>>>>> default > >>>>>>>>>>> settings in passdb block. > >>>>>>>>>>> > >>>>>>>>>> Try > >>>>>>>>>> > >>>>>>>>>> auth_debug=yes > >>>>>>>>>> auth_verbose=yes > >>>>>>>>>> > >>>>>>>>>> and see if it gives any more reasonable messages. > >>>>>>>>>> > >>>>>>>>>> Aki > >>>>>>>>>> > >>> > > > > >-- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *serwis at poliman.pl <serwis at poliman.pl>*
doveadm log errors can be helpful too On 01.02.2017 10:25, Poliman - Serwis wrote:> I can check each logs, I have root privileges. > > 2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >> Can you check your logs? >> >> Aki >> >> >> On 01.02.2017 10:02, Poliman - Serwis wrote: >>> When I used backup copy of the dovecot.conf file I have this same error. >> So >>> I think that maybe something was written to database? I really would >> point >>> out that I only added >>> passdb { >>> driver = passwd-file >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>> } >>> >>> and comment out from above block default lines >>> #args = /etc/dovecot/dovecot-sql.conf >>> #driver = sql >>> >>> And in auth_mechanisms add line cram-md5. Nothing more in any other file. >>> >>> I don't want to use cram-md5. I need move back to default settings. >>> Cram-md5 was only for testing purposes. :) But I supposed that I can move >>> back to default by commenting out added lines. But unfortunately it isn't >>> that simple. >>> >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: >>> >>>> Are you still trying to authenticate using cram-md5? >>>> >>>> Aki >>>> >>>> >>>> On 01.02.2017 09:51, Poliman - Serwis wrote: >>>>> It still use: >>>>> passdb { >>>>> driver = passwd-file >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>> } >>>>> >>>>> When I delete above and delete "cram-md5" in auth_mechanisms it still >> not >>>>> working. >>>>> >>>>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: >>>>> >>>>>> You are probably wanting to do >>>>>> passdb { >>>>>> driver = passwd-file >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>> } >>>>>> >>>>>> passdb { >>>>>> driver = sql >>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>> } >>>>>> >>>>>> Why you want to use cram-md5 is beyond me, because using SSL is much >>>>>> more safer. >>>>>> >>>>>> Aki >>>>>> >>>>>> On 01.02.2017 09:41, Poliman - Serwis wrote: >>>>>>> Default it was: "auth_mechanisms = plain login" and I added >> cram-md5. >>>>>>> After restart all work perfectly. But after I added: >>>>>>> driver = passwd-file >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>> I can't set default lines because I got error. Please tell me which >>>> lines >>>>>>> should be changed to resolve this issue. Should I remove "login" from >>>>>>> auth_mechanism ("login" was default setting and I would like to move >>>> back >>>>>>> to default settings)? >>>>>>> >>>>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: >>>>>>> >>>>>>>> Because cram-md5 needs the user's password for calculating >> responses, >>>> it >>>>>>>> cannot work with hashed passwords (one-way encrypted). The only >>>>>>>> supported password schemes are PLAIN and CRAM-MD5. >>>>>>>> >>>>>>>> Aki >>>>>>>> >>>>>>>> On 01.02.2017 09:33, Poliman - Serwis wrote: >>>>>>>>> I always restart dovecot after change config. ;) Sure, I commented >>>> out >>>>>>>>> added two lines by me, restarted dovecot and here it is: >>>>>>>>> >>>>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf >>>>>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS >>>>>>>>> auth_mechanisms = plain login cram-md5 >>>>>>>>> listen = *,[::] >>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>>> mail_max_userip_connections = 100 >>>>>>>>> mail_plugins = " quota" >>>>>>>>> mail_privileged_group = vmail >>>>>>>>> passdb { >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> driver = sql >>>>>>>>> } >>>>>>>>> plugin { >>>>>>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage >>>>>>>>> sieve = /var/vmail/%d/%n/.sieve >>>>>>>>> sieve_max_redirects = 25 >>>>>>>>> } >>>>>>>>> postmaster_address = postmaster at example.com >>>>>>>>> protocols = imap pop3 >>>>>>>>> service auth { >>>>>>>>> unix_listener /var/spool/postfix/private/auth { >>>>>>>>> group = postfix >>>>>>>>> mode = 0660 >>>>>>>>> user = postfix >>>>>>>>> } >>>>>>>>> unix_listener auth-userdb { >>>>>>>>> group = vmail >>>>>>>>> mode = 0600 >>>>>>>>> user = vmail >>>>>>>>> } >>>>>>>>> user = root >>>>>>>>> } >>>>>>>>> service imap-login { >>>>>>>>> client_limit = 1000 >>>>>>>>> process_limit = 512 >>>>>>>>> } >>>>>>>>> service lmtp { >>>>>>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>>>>>>>> group = postfix >>>>>>>>> mode = 0600 >>>>>>>>> user = postfix >>>>>>>>> } >>>>>>>>> } >>>>>>>>> ssl = required >>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert >>>>>>>>> ssl_cipher_list >>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: >>>>>>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ >>>>>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- >>>>>>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- >>>>>>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- >>>>>>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- >>>>>>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: >>>>>>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: >>>>>>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- >>>>>>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! >>>>>>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! >>>>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA >>>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>>> ssl_key = </etc/postfix/smtpd.key >>>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>>> userdb { >>>>>>>>> driver = prefetch >>>>>>>>> } >>>>>>>>> userdb { >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>> driver = sql >>>>>>>>> } >>>>>>>>> protocol imap { >>>>>>>>> mail_plugins = quota imap_quota >>>>>>>>> } >>>>>>>>> protocol pop3 { >>>>>>>>> mail_plugins = quota >>>>>>>>> pop3_uidl_format = %08Xu%08Xv >>>>>>>>> } >>>>>>>>> protocol lda { >>>>>>>>> mail_plugins = sieve quota >>>>>>>>> postmaster_address = webmaster at localhost >>>>>>>>> } >>>>>>>>> protocol lmtp { >>>>>>>>> mail_plugins = quota sieve >>>>>>>>> postmaster_address = webmaster at localhost >>>>>>>>> } >>>>>>>>> >>>>>>>>> >>>>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: >>>>>>>>> >>>>>>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: >>>>>>>>>>> This is debug log files in syslog: >>>>>>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb >> out: >>>>>>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ >>>>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL >>>>>>>>>> m5ldD4>>>>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: >>>>>> CONT<hidden> >>>>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: >> sql( >>>>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as >>>>>> user, >>>>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >>>>>> maildir, >>>>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>>>>>> userdb_mail, >>>>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >>>>>> 'B') >>>>>>>> AS >>>>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve >> FROM >>>>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' >>>>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND >> server_id >>>>>> '1' >>>>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): password( >>>>>>>>>>> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 >>>> scheme, >>>>>>>>>> but we >>>>>>>>>>> have only CRYPT >>>>>>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb >> out: >>>>>>>>>>> FAIL#0112#011user=do_not_reply at example.com >>>>>>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: >>>>>>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 >>>>>> authentication >>>>>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT >>>> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l >>>>>>>> dD4>>>>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD >>>>>>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; >> do >>>>>> echo >>>>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) >>>>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD >>>>>>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do >>>> echo >>>>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# >>>>>>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb >> out: >>>>>>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ >>>>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL >>>>>>>>>> m5ldD4>>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: >>>>>> CONT<hidden> >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: >> sql( >>>>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email as >>>>>> user, >>>>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', >>>>>> maildir, >>>>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as >>>>>>>>>> userdb_mail, >>>>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', quota, >>>>>> 'B') >>>>>>>> AS >>>>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve >> FROM >>>>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email = ' >>>>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND >> server_id >>>>>> '1' >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): password( >>>>>>>>>>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 >>>> scheme, >>>>>>>> but >>>>>>>>>> we >>>>>>>>>>> have only CRYPT >>>>>>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb >> out: >>>>>>>>>>> FAIL#0113#011user=do_not_reply at example.com >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> ##################### >>>>>>>>>>> I added in dovecot.conf lines in passdb block: >>>>>>>>>>> driver = passwd-file >>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>>>> and commented out default lines >>>>>>>>>>> #args = /etc/dovecot/dovecot-sql.conf >>>>>>>>>>> #driver = sql >>>>>>>>>>> When I try set again default lines I got above error >>>>>>>>>> Can you run doveconf -n with the configuration that causes the >> above >>>>>>>>>> error? Also it clearly does SQL lookup, so that error is happening >>>>>> with >>>>>>>>>> SQL passdb. You need to remember to restart dovecot between >>>>>>>>>> configuration changes. >>>>>>>>>> >>>>>>>>>> Aki >>>>>>>>>> >>>>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: >>>>>>>>>>> >>>>>>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: >>>>>>>>>>>>> I set up cram-md5 using this tutorial >>>>>>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in >>>>>>>> /etc/dovecot/dovecot.conf >>>>>>>>>> in >>>>>>>>>>>>> passdb code block: >>>>>>>>>>>>> listen = *,[::] >>>>>>>>>>>>> protocols = imap pop3 >>>>>>>>>>>>> #auth_mechanisms = plain login cram-md5 >>>>>>>>>>>>> auth_mechanisms = cram-md5 plain login >>>>>>>>>>>>> #dodana nizej linia >>>>>>>>>>>>> ssl = required >>>>>>>>>>>>> disable_plaintext_auth = yes >>>>>>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " >>>>>>>>>>>>> mail_privileged_group = vmail >>>>>>>>>>>>> postmaster_address = postmaster at vps342401.ovh.net >>>>>>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert >>>>>>>>>>>>> ssl_key = </etc/postfix/smtpd.key >>>>>>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 >>>>>>>>>>>>> ssl_cipher_list >>>>>>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: >>>>>>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ >> image: >>>>>>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ >>>>>>>>>>>>> ssl_prefer_server_ciphers = yes >>>>>>>>>>>>> ssl_dh_parameters_length = 2048 >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> mail_max_userip_connections = 100 >>>>>>>>>>>>> passdb { >>>>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>>>>>> # driver = sql >>>>>>>>>>>>> driver = passwd-file >>>>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>>>>>> } >>>>>>>>>>>>> userdb { >>>>>>>>>>>>> driver = prefetch >>>>>>>>>>>>> } >>>>>>>>>>>>> userdb { >>>>>>>>>>>>> args = /etc/dovecot/dovecot-sql.conf >>>>>>>>>>>>> driver = sql >>>>>>>>>>>>> } >>>>>>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and >> come >>>>>>>>>> nicely. >>>>>>>>>>>>> But after I want to do default settings by commented out these >>>> two >>>>>>>>>> lines: >>>>>>>>>>>>> driver = passwd-file >>>>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd >>>>>>>>>>>>> and uncomment >>>>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf >>>>>>>>>>>>> # driver = sql >>>>>>>>>>>>> I can't send emails - I use Thunderbird - get error "logging on >>>>>>>> server >>>>>>>>>>>>> mail.example.com not work out". Error in logs: >>>>>>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees different >>>>>>>>>>>>> passdbs/userdbs than auth server. >>>>>>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF >>>>>>>>>>>>> >>>>>>>>>>>>> Is it possible that hashed password from cram-md5.pwd file was >>>>>>>> written >>>>>>>>>> to >>>>>>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't >> change >>>>>> any >>>>>>>>>>>> userdb >>>>>>>>>>>>> {} block and this second userdb block has this same lines like >>>>>>>> default >>>>>>>>>>>>> settings in passdb block. >>>>>>>>>>>>> >>>>>>>>>>>> Try >>>>>>>>>>>> >>>>>>>>>>>> auth_debug=yes >>>>>>>>>>>> auth_verbose=yes >>>>>>>>>>>> >>>>>>>>>>>> and see if it gives any more reasonable messages. >>>>>>>>>>>> >>>>>>>>>>>> Aki >>>>>>>>>>>> >>> > >
I haven't doveadm logs in /var/log/. Are they default in another place or
maybe should I turn on something?
My config (default passdb block and auth_mechanisms, nothing more changed):
root at vps342401:/etc/dovecot# doveconf -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS
auth_mechanisms = plain login
listen = *,[::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
mail_max_userip_connections = 100
mail_plugins = " quota"
mail_privileged_group = vmail
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
quota = dict:user::file:/var/vmail/%d/%n/.quotausage
sieve = /var/vmail/%d/%n/.sieve
sieve_max_redirects = 25
}
postmaster_address = postmaster at vps342401.ovh.net
protocols = imap pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service imap-login {
client_limit = 1000
process_limit = 512
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl = required
ssl_cert = </etc/postfix/smtpd.cert
ssl_cipher_list
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_dh_parameters_length = 2048
ssl_key = </etc/postfix/smtpd.key
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol imap {
mail_plugins = quota imap_quota
}
protocol pop3 {
mail_plugins = quota
pop3_uidl_format = %08Xu%08Xv
}
protocol lda {
mail_plugins = sieve quota
postmaster_address = webmaster at localhost
}
protocol lmtp {
mail_plugins = quota sieve
postmaster_address = webmaster at localhost
}
Error from mail.err:
Feb 1 09:50:01 vps342401 postfix/smtpd[699]: fatal: no SASL authentication
mechanisms
Feb 1 09:51:02 vps342401 postfix/smtpd[724]: fatal: no SASL authentication
mechanisms
Feb 1 09:51:02 vps342401 postfix/smtpd[725]: fatal: no SASL authentication
mechanisms
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL
authentication mechanisms
Error from syslog:
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: connect from
host9323131.internet.3s.com[12.34.45.56]
Feb 1 09:52:21 vps342401 postfix/smtps/smtpd[773]: fatal: no SASL
authentication mechanisms
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning: process
/usr/lib/postfix/smtpd pid 773 exit status 1
Feb 1 09:52:22 vps342401 postfix/master[29133]: warning:
/usr/lib/postfix/smtpd: bad command startup -- throttling
Feb 1 09:53:01 vps342401 CRON[777]: (root) CMD
(/usr/local/ispconfig/server/server.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; do ne)
Feb 1 09:53:01 vps342401 CRON[778]: (root) CMD
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; do echo
`/bin/date` "$line" >> /var/log/ispconfig/cron.log; done )
2017-02-01 9:40 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> doveadm log errors can be helpful too
>
>
> On 01.02.2017 10:25, Poliman - Serwis wrote:
> > I can check each logs, I have root privileges.
> >
> > 2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:
> >
> >> Can you check your logs?
> >>
> >> Aki
> >>
> >>
> >> On 01.02.2017 10:02, Poliman - Serwis wrote:
> >>> When I used backup copy of the dovecot.conf file I have this
same
> error.
> >> So
> >>> I think that maybe something was written to database? I really
would
> >> point
> >>> out that I only added
> >>> passdb {
> >>> driver = passwd-file
> >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>> }
> >>>
> >>> and comment out from above block default lines
> >>> #args = /etc/dovecot/dovecot-sql.conf
> >>> #driver = sql
> >>>
> >>> And in auth_mechanisms add line cram-md5. Nothing more in any
other
> file.
> >>>
> >>> I don't want to use cram-md5. I need move back to default
settings.
> >>> Cram-md5 was only for testing purposes. :) But I supposed that
I can
> move
> >>> back to default by commenting out added lines. But
unfortunately it
> isn't
> >>> that simple.
> >>>
> >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>
> >>>> Are you still trying to authenticate using cram-md5?
> >>>>
> >>>> Aki
> >>>>
> >>>>
> >>>> On 01.02.2017 09:51, Poliman - Serwis wrote:
> >>>>> It still use:
> >>>>> passdb {
> >>>>> driver = passwd-file
> >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>> }
> >>>>>
> >>>>> When I delete above and delete "cram-md5" in
auth_mechanisms it still
> >> not
> >>>>> working.
> >>>>>
> >>>>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at
dovecot.fi>:
> >>>>>
> >>>>>> You are probably wanting to do
> >>>>>> passdb {
> >>>>>> driver = passwd-file
> >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd
> >>>>>> }
> >>>>>>
> >>>>>> passdb {
> >>>>>> driver = sql
> >>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>> }
> >>>>>>
> >>>>>> Why you want to use cram-md5 is beyond me, because
using SSL is much
> >>>>>> more safer.
> >>>>>>
> >>>>>> Aki
> >>>>>>
> >>>>>> On 01.02.2017 09:41, Poliman - Serwis wrote:
> >>>>>>> Default it was: "auth_mechanisms = plain
login" and I added
> >> cram-md5.
> >>>>>>> After restart all work perfectly. But after I
added:
> >>>>>>> driver = passwd-file
> >>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>> I can't set default lines because I got
error. Please tell me which
> >>>> lines
> >>>>>>> should be changed to resolve this issue.
Should I remove "login"
> from
> >>>>>>> auth_mechanism ("login" was default
setting and I would like to
> move
> >>>> back
> >>>>>>> to default settings)?
> >>>>>>>
> >>>>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
> >>>>>>>
> >>>>>>>> Because cram-md5 needs the user's
password for calculating
> >> responses,
> >>>> it
> >>>>>>>> cannot work with hashed passwords (one-way
encrypted). The only
> >>>>>>>> supported password schemes are PLAIN and
CRAM-MD5.
> >>>>>>>>
> >>>>>>>> Aki
> >>>>>>>>
> >>>>>>>> On 01.02.2017 09:33, Poliman - Serwis
wrote:
> >>>>>>>>> I always restart dovecot after change
config. ;) Sure, I
> commented
> >>>> out
> >>>>>>>>> added two lines by me, restarted
dovecot and here it is:
> >>>>>>>>>
> >>>>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf
> >>>>>>>>> # OS: Linux 3.13.0-100-generic x86_64
Ubuntu 14.04.5 LTS
> >>>>>>>>> auth_mechanisms = plain login cram-md5
> >>>>>>>>> listen = *,[::]
> >>>>>>>>> log_timestamp = "%Y-%m-%d
%H:%M:%S "
> >>>>>>>>> mail_max_userip_connections = 100
> >>>>>>>>> mail_plugins = " quota"
> >>>>>>>>> mail_privileged_group = vmail
> >>>>>>>>> passdb {
> >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>> driver = sql
> >>>>>>>>> }
> >>>>>>>>> plugin {
> >>>>>>>>> quota =
dict:user::file:/var/vmail/%d/%n/.quotausage
> >>>>>>>>> sieve = /var/vmail/%d/%n/.sieve
> >>>>>>>>> sieve_max_redirects = 25
> >>>>>>>>> }
> >>>>>>>>> postmaster_address = postmaster at
example.com
> >>>>>>>>> protocols = imap pop3
> >>>>>>>>> service auth {
> >>>>>>>>> unix_listener
/var/spool/postfix/private/auth {
> >>>>>>>>> group = postfix
> >>>>>>>>> mode = 0660
> >>>>>>>>> user = postfix
> >>>>>>>>> }
> >>>>>>>>> unix_listener auth-userdb {
> >>>>>>>>> group = vmail
> >>>>>>>>> mode = 0600
> >>>>>>>>> user = vmail
> >>>>>>>>> }
> >>>>>>>>> user = root
> >>>>>>>>> }
> >>>>>>>>> service imap-login {
> >>>>>>>>> client_limit = 1000
> >>>>>>>>> process_limit = 512
> >>>>>>>>> }
> >>>>>>>>> service lmtp {
> >>>>>>>>> unix_listener
/var/spool/postfix/private/dovecot-lmtp {
> >>>>>>>>> group = postfix
> >>>>>>>>> mode = 0600
> >>>>>>>>> user = postfix
> >>>>>>>>> }
> >>>>>>>>> }
> >>>>>>>>> ssl = required
> >>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert
> >>>>>>>>> ssl_cipher_list >
>>>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:
> >>>>>>>>
DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+
> >>>>>>>>
AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-
> >>>>>>>>
SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-
> >>>>>>>>
RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-
> >>>>>>>>
AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
> >>>>>>>>
RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:
> >>>>>>>>
DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:
> >>>>>>>>
AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-
> >>>>>>>>
SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!
> >>>>>>>>
EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!
> >>>>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
> >>>>>>>>> ssl_dh_parameters_length = 2048
> >>>>>>>>> ssl_key = </etc/postfix/smtpd.key
> >>>>>>>>> ssl_prefer_server_ciphers = yes
> >>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1
!TLSv1.1
> >>>>>>>>> userdb {
> >>>>>>>>> driver = prefetch
> >>>>>>>>> }
> >>>>>>>>> userdb {
> >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf
> >>>>>>>>> driver = sql
> >>>>>>>>> }
> >>>>>>>>> protocol imap {
> >>>>>>>>> mail_plugins = quota imap_quota
> >>>>>>>>> }
> >>>>>>>>> protocol pop3 {
> >>>>>>>>> mail_plugins = quota
> >>>>>>>>> pop3_uidl_format = %08Xu%08Xv
> >>>>>>>>> }
> >>>>>>>>> protocol lda {
> >>>>>>>>> mail_plugins = sieve quota
> >>>>>>>>> postmaster_address = webmaster at
localhost
> >>>>>>>>> }
> >>>>>>>>> protocol lmtp {
> >>>>>>>>> mail_plugins = quota sieve
> >>>>>>>>> postmaster_address = webmaster at
localhost
> >>>>>>>>> }
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi
<aki.tuomi at dovecot.fi>:
> >>>>>>>>>
> >>>>>>>>>> On 01.02.2017 08:18, Poliman -
Serwis wrote:
> >>>>>>>>>>> This is debug log files in
syslog:
> >>>>>>>>>>> Feb 1 07:10:25 vps342401
dovecot: auth: Debug: client passdb
> >> out:
> >>>>>>>>>>>
CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ
> >>>>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL
> >>>>>>>>>> m5ldD4>
>>>>>>>>>>> Feb 1 07:10:26 vps342401 dovecot:
auth: Debug: client in:
> >>>>>> CONT<hidden>
> >>>>>>>>>>> Feb 1 07:10:26 vps342401
dovecot: auth-worker(27069): Debug:
> >> sql(
> >>>>>>>>>>> do_not_reply at
example.com,12.173.211.32): query: SELECT email
> as
> >>>>>> user,
> >>>>>>>>>>> password, maildir as
userdb_home, CONCAT( maildir_format, ':',
> >>>>>> maildir,
> >>>>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>>>> userdb_mail,
> >>>>>>>>>>> uid as userdb_uid, gid as
userdb_gid, CONCAT('*:storage=',
> quota,
> >>>>>> 'B')
> >>>>>>>> AS
> >>>>>>>>>>> userdb_quota_rule,
CONCAT(maildir, '/.sieve') as userdb_sieve
> >> FROM
> >>>>>>>>>>> mail_user WHERE (login =
'do_not_reply at example.com' OR email
> = '
> >>>>>>>>>>> do_not_reply at
example.com') AND `disablesmtp` = 'n' AND
> >> server_id > >>>>>> '1'
> >>>>>>>>>>> Feb 1 07:10:26 vps342401
dovecot: auth-worker(27069):
> password(
> >>>>>>>>>>> do_not_reply at example.com,
12.173.211.32): Requested CRAM-MD5
> >>>> scheme,
> >>>>>>>>>> but we
> >>>>>>>>>>> have only CRYPT
> >>>>>>>>>>> Feb 1 07:10:28 vps342401
dovecot: auth: Debug: client passdb
> >> out:
> >>>>>>>>>>> FAIL#0112#011user=do_not_reply
at example.com
> >>>>>>>>>>> Feb 1 07:10:28 vps342401
postfix/smtps/smtpd[27067]: warning:
> >>>>>>>>>>>
host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5
> >>>>>> authentication
> >>>>>>>>>>> failed:
PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT
> >>>> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l
> >>>>>>>> dD4>
>>>>>>>>>>> Feb 1 07:11:02 vps342401
CRON[27074]: (root) CMD
> >>>>>>>>>>>
(/usr/local/ispconfig/server/server.sh 2>&1 | while read line;
> >> do
> >>>>>> echo
> >>>>>>>>>>> `/bin/date` "$line"
>> /var/log/ispconfig/cron.log; done)
> >>>>>>>>>>> Feb 1 07:11:02 vps342401
CRON[27075]: (root) CMD
> >>>>>>>>>>>
(/usr/local/ispconfig/server/cron.sh 2>&1 | while read line;
> do
> >>>> echo
> >>>>>>>>>>> `/bin/date` "$line"
>> /var/log/ispconfig/cron.log; done)
> >>>>>>>>>>> Feb 1 07:11:11 vps342401
dovecot: auth: Debug: client in:
> >>>>>>>>>>>
AUTH#0113#011CRAM-MD5#011service=smtp#011nologin#
> >>>>>>>>>>
011lip=173.72.31.7#011rip=12.173.211.32#011secured
> >>>>>>>>>>> Feb 1 07:11:11 vps342401
dovecot: auth: Debug: client passdb
> >> out:
> >>>>>>>>>>>
CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ
> >>>>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL
> >>>>>>>>>> m5ldD4>
>>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot:
auth: Debug: client in:
> >>>>>> CONT<hidden>
> >>>>>>>>>>> Feb 1 07:11:11 vps342401
dovecot: auth-worker(27069): Debug:
> >> sql(
> >>>>>>>>>>> do_not_reply at
example.com,12.173.211.32): query: SELECT email
> as
> >>>>>> user,
> >>>>>>>>>>> password, maildir as
userdb_home, CONCAT( maildir_format, ':',
> >>>>>> maildir,
> >>>>>>>>>>> '/',
IF(maildir_format='maildir','Maildir',maildir_format)) as
> >>>>>>>>>> userdb_mail,
> >>>>>>>>>>> uid as userdb_uid, gid as
userdb_gid, CONCAT('*:storage=',
> quota,
> >>>>>> 'B')
> >>>>>>>> AS
> >>>>>>>>>>> userdb_quota_rule,
CONCAT(maildir, '/.sieve') as userdb_sieve
> >> FROM
> >>>>>>>>>>> mail_user WHERE (login =
'do_not_reply at example.com' OR email
> = '
> >>>>>>>>>>> do_not_reply at
example.com') AND `disablesmtp` = 'n' AND
> >> server_id > >>>>>> '1'
> >>>>>>>>>>> Feb 1 07:11:11 vps342401
dovecot: auth-worker(27069):
> password(
> >>>>>>>>>>> do_not_reply at
example.com,12.173.211.32): Requested CRAM-MD5
> >>>> scheme,
> >>>>>>>> but
> >>>>>>>>>> we
> >>>>>>>>>>> have only CRYPT
> >>>>>>>>>>> Feb 1 07:11:13 vps342401
dovecot: auth: Debug: client passdb
> >> out:
> >>>>>>>>>>> FAIL#0113#011user=do_not_reply
at example.com
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>> #####################
> >>>>>>>>>>> I added in dovecot.conf lines
in passdb block:
> >>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>>>> and commented out default
lines
> >>>>>>>>>>> #args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>> #driver = sql
> >>>>>>>>>>> When I try set again default
lines I got above error
> >>>>>>>>>> Can you run doveconf -n with the
configuration that causes the
> >> above
> >>>>>>>>>> error? Also it clearly does SQL
lookup, so that error is
> happening
> >>>>>> with
> >>>>>>>>>> SQL passdb. You need to remember
to restart dovecot between
> >>>>>>>>>> configuration changes.
> >>>>>>>>>>
> >>>>>>>>>> Aki
> >>>>>>>>>>
> >>>>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki
Tuomi <aki.tuomi at dovecot.fi>:
> >>>>>>>>>>>
> >>>>>>>>>>>> On 31.01.2017 09:06,
Poliman - Serwis wrote:
> >>>>>>>>>>>>> I set up cram-md5
using this tutorial
> >>>>>>>>>>>>>
https://wiki2.dovecot.org/HowTo/CRAM-MD5 in
> >>>>>>>> /etc/dovecot/dovecot.conf
> >>>>>>>>>> in
> >>>>>>>>>>>>> passdb code block:
> >>>>>>>>>>>>> listen = *,[::]
> >>>>>>>>>>>>> protocols = imap pop3
> >>>>>>>>>>>>> #auth_mechanisms =
plain login cram-md5
> >>>>>>>>>>>>> auth_mechanisms =
cram-md5 plain login
> >>>>>>>>>>>>> #dodana nizej linia
> >>>>>>>>>>>>> ssl = required
> >>>>>>>>>>>>> disable_plaintext_auth
= yes
> >>>>>>>>>>>>> log_timestamp =
"%Y-%m-%d %H:%M:%S "
> >>>>>>>>>>>>> mail_privileged_group
= vmail
> >>>>>>>>>>>>> postmaster_address =
postmaster at vps342401.ovh.net
> >>>>>>>>>>>>> ssl_cert =
</etc/postfix/smtpd.cert
> >>>>>>>>>>>>> ssl_key =
</etc/postfix/smtpd.key
> >>>>>>>>>>>>> ssl_protocols = !SSLv2
!SSLv3 !TLSv1 !TLSv1.1
> >>>>>>>>>>>>> ssl_cipher_list >
>>>>>>>>>>>>>
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:
> >>>>>>>>>>>>
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[
> >> image:
> >>>>>>>>>>>>>
:D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$
> >>>>>>>>>>>>>
ssl_prefer_server_ciphers = yes
> >>>>>>>>>>>>>
ssl_dh_parameters_length = 2048
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
mail_max_userip_connections = 100
> >>>>>>>>>>>>> passdb {
> >>>>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>>>> # driver = sql
> >>>>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>>>>>> }
> >>>>>>>>>>>>> userdb {
> >>>>>>>>>>>>> driver = prefetch
> >>>>>>>>>>>>> }
> >>>>>>>>>>>>> userdb {
> >>>>>>>>>>>>> args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>>>> driver = sql
> >>>>>>>>>>>>> }
> >>>>>>>>>>>>> Of course I created
cram-md5.pwd file. All mails go out and
> >> come
> >>>>>>>>>> nicely.
> >>>>>>>>>>>>> But after I want to do
default settings by commented out
> these
> >>>> two
> >>>>>>>>>> lines:
> >>>>>>>>>>>>> driver = passwd-file
> >>>>>>>>>>>>> args = scheme=cram-md5
/etc/dovecot/cram-md5.pwd
> >>>>>>>>>>>>> and uncomment
> >>>>>>>>>>>>> # args =
/etc/dovecot/dovecot-sql.conf
> >>>>>>>>>>>>> # driver = sql
> >>>>>>>>>>>>> I can't send
emails - I use Thunderbird - get error "logging
> on
> >>>>>>>> server
> >>>>>>>>>>>>> mail.example.com not
work out". Error in logs:
> >>>>>>>>>>>>> dovecot:
auth-worker(22698): Error: Auth worker sees
> different
> >>>>>>>>>>>>> passdbs/userdbs than
auth server.
> >>>>>>>>>>>>> dovecot: auth: Error:
read(anvil-auth-penalty) failed: EOF
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Is it possible that
hashed password from cram-md5.pwd file
> was
> >>>>>>>> written
> >>>>>>>>>> to
> >>>>>>>>>>>>> database (if yes then
where - I have ISPconfig)? I wasn't
> >> change
> >>>>>> any
> >>>>>>>>>>>> userdb
> >>>>>>>>>>>>> {} block and this
second userdb block has this same lines
> like
> >>>>>>>> default
> >>>>>>>>>>>>> settings in passdb
block.
> >>>>>>>>>>>>>
> >>>>>>>>>>>> Try
> >>>>>>>>>>>>
> >>>>>>>>>>>> auth_debug=yes
> >>>>>>>>>>>> auth_verbose=yes
> >>>>>>>>>>>>
> >>>>>>>>>>>> and see if it gives any
more reasonable messages.
> >>>>>>>>>>>>
> >>>>>>>>>>>> Aki
> >>>>>>>>>>>>
> >>>
> >
> >
>
--
*Pozdrawiam / Best Regards*
*Piotr Bracha*
*tel. 534 555 877*
*serwis at poliman.pl <serwis at poliman.pl>*
Is there any strange thing in these config lines? 2017-02-01 9:40 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>:> doveadm log errors can be helpful too > > > On 01.02.2017 10:25, Poliman - Serwis wrote: > > I can check each logs, I have root privileges. > > > > 2017-02-01 9:04 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > > > >> Can you check your logs? > >> > >> Aki > >> > >> > >> On 01.02.2017 10:02, Poliman - Serwis wrote: > >>> When I used backup copy of the dovecot.conf file I have this same > error. > >> So > >>> I think that maybe something was written to database? I really would > >> point > >>> out that I only added > >>> passdb { > >>> driver = passwd-file > >>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>> } > >>> > >>> and comment out from above block default lines > >>> #args = /etc/dovecot/dovecot-sql.conf > >>> #driver = sql > >>> > >>> And in auth_mechanisms add line cram-md5. Nothing more in any other > file. > >>> > >>> I don't want to use cram-md5. I need move back to default settings. > >>> Cram-md5 was only for testing purposes. :) But I supposed that I can > move > >>> back to default by commenting out added lines. But unfortunately it > isn't > >>> that simple. > >>> > >>> 2017-02-01 8:59 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>> > >>>> Are you still trying to authenticate using cram-md5? > >>>> > >>>> Aki > >>>> > >>>> > >>>> On 01.02.2017 09:51, Poliman - Serwis wrote: > >>>>> It still use: > >>>>> passdb { > >>>>> driver = passwd-file > >>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>> } > >>>>> > >>>>> When I delete above and delete "cram-md5" in auth_mechanisms it still > >> not > >>>>> working. > >>>>> > >>>>> 2017-02-01 8:45 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>> > >>>>>> You are probably wanting to do > >>>>>> passdb { > >>>>>> driver = passwd-file > >>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>> } > >>>>>> > >>>>>> passdb { > >>>>>> driver = sql > >>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>> } > >>>>>> > >>>>>> Why you want to use cram-md5 is beyond me, because using SSL is much > >>>>>> more safer. > >>>>>> > >>>>>> Aki > >>>>>> > >>>>>> On 01.02.2017 09:41, Poliman - Serwis wrote: > >>>>>>> Default it was: "auth_mechanisms = plain login" and I added > >> cram-md5. > >>>>>>> After restart all work perfectly. But after I added: > >>>>>>> driver = passwd-file > >>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>> I can't set default lines because I got error. Please tell me which > >>>> lines > >>>>>>> should be changed to resolve this issue. Should I remove "login" > from > >>>>>>> auth_mechanism ("login" was default setting and I would like to > move > >>>> back > >>>>>>> to default settings)? > >>>>>>> > >>>>>>> 2017-02-01 8:36 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>>>> > >>>>>>>> Because cram-md5 needs the user's password for calculating > >> responses, > >>>> it > >>>>>>>> cannot work with hashed passwords (one-way encrypted). The only > >>>>>>>> supported password schemes are PLAIN and CRAM-MD5. > >>>>>>>> > >>>>>>>> Aki > >>>>>>>> > >>>>>>>> On 01.02.2017 09:33, Poliman - Serwis wrote: > >>>>>>>>> I always restart dovecot after change config. ;) Sure, I > commented > >>>> out > >>>>>>>>> added two lines by me, restarted dovecot and here it is: > >>>>>>>>> > >>>>>>>>> # 2.2.9: /etc/dovecot/dovecot.conf > >>>>>>>>> # OS: Linux 3.13.0-100-generic x86_64 Ubuntu 14.04.5 LTS > >>>>>>>>> auth_mechanisms = plain login cram-md5 > >>>>>>>>> listen = *,[::] > >>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " > >>>>>>>>> mail_max_userip_connections = 100 > >>>>>>>>> mail_plugins = " quota" > >>>>>>>>> mail_privileged_group = vmail > >>>>>>>>> passdb { > >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>> driver = sql > >>>>>>>>> } > >>>>>>>>> plugin { > >>>>>>>>> quota = dict:user::file:/var/vmail/%d/%n/.quotausage > >>>>>>>>> sieve = /var/vmail/%d/%n/.sieve > >>>>>>>>> sieve_max_redirects = 25 > >>>>>>>>> } > >>>>>>>>> postmaster_address = postmaster at example.com > >>>>>>>>> protocols = imap pop3 > >>>>>>>>> service auth { > >>>>>>>>> unix_listener /var/spool/postfix/private/auth { > >>>>>>>>> group = postfix > >>>>>>>>> mode = 0660 > >>>>>>>>> user = postfix > >>>>>>>>> } > >>>>>>>>> unix_listener auth-userdb { > >>>>>>>>> group = vmail > >>>>>>>>> mode = 0600 > >>>>>>>>> user = vmail > >>>>>>>>> } > >>>>>>>>> user = root > >>>>>>>>> } > >>>>>>>>> service imap-login { > >>>>>>>>> client_limit = 1000 > >>>>>>>>> process_limit = 512 > >>>>>>>>> } > >>>>>>>>> service lmtp { > >>>>>>>>> unix_listener /var/spool/postfix/private/dovecot-lmtp { > >>>>>>>>> group = postfix > >>>>>>>>> mode = 0600 > >>>>>>>>> user = postfix > >>>>>>>>> } > >>>>>>>>> } > >>>>>>>>> ssl = required > >>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert > >>>>>>>>> ssl_cipher_list > >>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > >>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384: > >>>>>>>> DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+ > >>>>>>>> AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128- > >>>>>>>> SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE- > >>>>>>>> RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA- > >>>>>>>> AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE- > >>>>>>>> RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256: > >>>>>>>> DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256: > >>>>>>>> AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128- > >>>>>>>> SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:! > >>>>>>>> EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:! > >>>>>>>> EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA > >>>>>>>>> ssl_dh_parameters_length = 2048 > >>>>>>>>> ssl_key = </etc/postfix/smtpd.key > >>>>>>>>> ssl_prefer_server_ciphers = yes > >>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > >>>>>>>>> userdb { > >>>>>>>>> driver = prefetch > >>>>>>>>> } > >>>>>>>>> userdb { > >>>>>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>> driver = sql > >>>>>>>>> } > >>>>>>>>> protocol imap { > >>>>>>>>> mail_plugins = quota imap_quota > >>>>>>>>> } > >>>>>>>>> protocol pop3 { > >>>>>>>>> mail_plugins = quota > >>>>>>>>> pop3_uidl_format = %08Xu%08Xv > >>>>>>>>> } > >>>>>>>>> protocol lda { > >>>>>>>>> mail_plugins = sieve quota > >>>>>>>>> postmaster_address = webmaster at localhost > >>>>>>>>> } > >>>>>>>>> protocol lmtp { > >>>>>>>>> mail_plugins = quota sieve > >>>>>>>>> postmaster_address = webmaster at localhost > >>>>>>>>> } > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> 2017-02-01 8:27 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>>>>>> > >>>>>>>>>> On 01.02.2017 08:18, Poliman - Serwis wrote: > >>>>>>>>>>> This is debug log files in syslog: > >>>>>>>>>>> Feb 1 07:10:25 vps342401 dovecot: auth: Debug: client passdb > >> out: > >>>>>>>>>>> CONT#0112#011PDAxODg3ODIzMTUwMzgxNzMuMTQ > >>>>>> 4NTkyOTQyNUB2cHMzNDI0MDEub3ZoL > >>>>>>>>>> m5ldD4> >>>>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth: Debug: client in: > >>>>>> CONT<hidden> > >>>>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): Debug: > >> sql( > >>>>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email > as > >>>>>> user, > >>>>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > >>>>>> maildir, > >>>>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > >>>>>>>>>> userdb_mail, > >>>>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', > quota, > >>>>>> 'B') > >>>>>>>> AS > >>>>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve > >> FROM > >>>>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email > = ' > >>>>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND > >> server_id > >>>>>> '1' > >>>>>>>>>>> Feb 1 07:10:26 vps342401 dovecot: auth-worker(27069): > password( > >>>>>>>>>>> do_not_reply at example.com, 12.173.211.32): Requested CRAM-MD5 > >>>> scheme, > >>>>>>>>>> but we > >>>>>>>>>>> have only CRYPT > >>>>>>>>>>> Feb 1 07:10:28 vps342401 dovecot: auth: Debug: client passdb > >> out: > >>>>>>>>>>> FAIL#0112#011user=do_not_reply at example.com > >>>>>>>>>>> Feb 1 07:10:28 vps342401 postfix/smtps/smtpd[27067]: warning: > >>>>>>>>>>> host23131.internet.3s.com[12.173.211.32]: SASL CRAM-MD5 > >>>>>> authentication > >>>>>>>>>>> failed: PDAxODg3ODIzMTUwMzgxNzMuMTQ4NT > >>>> kyOTQyNUB2cHMzNDI0MDEub3ZoLm5l > >>>>>>>> dD4> >>>>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27074]: (root) CMD > >>>>>>>>>>> (/usr/local/ispconfig/server/server.sh 2>&1 | while read line; > >> do > >>>>>> echo > >>>>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) > >>>>>>>>>>> Feb 1 07:11:02 vps342401 CRON[27075]: (root) CMD > >>>>>>>>>>> (/usr/local/ispconfig/server/cron.sh 2>&1 | while read line; > do > >>>> echo > >>>>>>>>>>> `/bin/date` "$line" >> /var/log/ispconfig/cron.log; done) > >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > >>>>>>>>>>> AUTH#0113#011CRAM-MD5#011service=smtp#011nologin# > >>>>>>>>>> 011lip=173.72.31.7#011rip=12.173.211.32#011secured > >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client passdb > >> out: > >>>>>>>>>>> CONT#0113#011PDE3NDg1NjE4MTgxNTk2OTAuMTQ > >>>>>> 4NTkyOTQ3MUB2cHMzNDI0MDEub3ZoL > >>>>>>>>>> m5ldD4> >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth: Debug: client in: > >>>>>> CONT<hidden> > >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): Debug: > >> sql( > >>>>>>>>>>> do_not_reply at example.com,12.173.211.32): query: SELECT email > as > >>>>>> user, > >>>>>>>>>>> password, maildir as userdb_home, CONCAT( maildir_format, ':', > >>>>>> maildir, > >>>>>>>>>>> '/', IF(maildir_format='maildir','Maildir',maildir_format)) as > >>>>>>>>>> userdb_mail, > >>>>>>>>>>> uid as userdb_uid, gid as userdb_gid, CONCAT('*:storage=', > quota, > >>>>>> 'B') > >>>>>>>> AS > >>>>>>>>>>> userdb_quota_rule, CONCAT(maildir, '/.sieve') as userdb_sieve > >> FROM > >>>>>>>>>>> mail_user WHERE (login = 'do_not_reply at example.com' OR email > = ' > >>>>>>>>>>> do_not_reply at example.com') AND `disablesmtp` = 'n' AND > >> server_id > >>>>>> '1' > >>>>>>>>>>> Feb 1 07:11:11 vps342401 dovecot: auth-worker(27069): > password( > >>>>>>>>>>> do_not_reply at example.com,12.173.211.32): Requested CRAM-MD5 > >>>> scheme, > >>>>>>>> but > >>>>>>>>>> we > >>>>>>>>>>> have only CRYPT > >>>>>>>>>>> Feb 1 07:11:13 vps342401 dovecot: auth: Debug: client passdb > >> out: > >>>>>>>>>>> FAIL#0113#011user=do_not_reply at example.com > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> ##################### > >>>>>>>>>>> I added in dovecot.conf lines in passdb block: > >>>>>>>>>>> driver = passwd-file > >>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>>>>>> and commented out default lines > >>>>>>>>>>> #args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>>>> #driver = sql > >>>>>>>>>>> When I try set again default lines I got above error > >>>>>>>>>> Can you run doveconf -n with the configuration that causes the > >> above > >>>>>>>>>> error? Also it clearly does SQL lookup, so that error is > happening > >>>>>> with > >>>>>>>>>> SQL passdb. You need to remember to restart dovecot between > >>>>>>>>>> configuration changes. > >>>>>>>>>> > >>>>>>>>>> Aki > >>>>>>>>>> > >>>>>>>>>>> 2017-01-31 8:08 GMT+01:00 Aki Tuomi <aki.tuomi at dovecot.fi>: > >>>>>>>>>>> > >>>>>>>>>>>> On 31.01.2017 09:06, Poliman - Serwis wrote: > >>>>>>>>>>>>> I set up cram-md5 using this tutorial > >>>>>>>>>>>>> https://wiki2.dovecot.org/HowTo/CRAM-MD5 in > >>>>>>>> /etc/dovecot/dovecot.conf > >>>>>>>>>> in > >>>>>>>>>>>>> passdb code block: > >>>>>>>>>>>>> listen = *,[::] > >>>>>>>>>>>>> protocols = imap pop3 > >>>>>>>>>>>>> #auth_mechanisms = plain login cram-md5 > >>>>>>>>>>>>> auth_mechanisms = cram-md5 plain login > >>>>>>>>>>>>> #dodana nizej linia > >>>>>>>>>>>>> ssl = required > >>>>>>>>>>>>> disable_plaintext_auth = yes > >>>>>>>>>>>>> log_timestamp = "%Y-%m-%d %H:%M:%S " > >>>>>>>>>>>>> mail_privileged_group = vmail > >>>>>>>>>>>>> postmaster_address = postmaster at vps342401.ovh.net > >>>>>>>>>>>>> ssl_cert = </etc/postfix/smtpd.cert > >>>>>>>>>>>>> ssl_key = </etc/postfix/smtpd.key > >>>>>>>>>>>>> ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > >>>>>>>>>>>>> ssl_cipher_list > >>>>>>>>>>>>> ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > >>>>>>>>>>>> ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[ > >> image: > >>>>>>>>>>>>> :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > >>>>>>>>>>>>> ssl_prefer_server_ciphers = yes > >>>>>>>>>>>>> ssl_dh_parameters_length = 2048 > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> mail_max_userip_connections = 100 > >>>>>>>>>>>>> passdb { > >>>>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>>>>>> # driver = sql > >>>>>>>>>>>>> driver = passwd-file > >>>>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>>>>>>>> } > >>>>>>>>>>>>> userdb { > >>>>>>>>>>>>> driver = prefetch > >>>>>>>>>>>>> } > >>>>>>>>>>>>> userdb { > >>>>>>>>>>>>> args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>>>>>> driver = sql > >>>>>>>>>>>>> } > >>>>>>>>>>>>> Of course I created cram-md5.pwd file. All mails go out and > >> come > >>>>>>>>>> nicely. > >>>>>>>>>>>>> But after I want to do default settings by commented out > these > >>>> two > >>>>>>>>>> lines: > >>>>>>>>>>>>> driver = passwd-file > >>>>>>>>>>>>> args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > >>>>>>>>>>>>> and uncomment > >>>>>>>>>>>>> # args = /etc/dovecot/dovecot-sql.conf > >>>>>>>>>>>>> # driver = sql > >>>>>>>>>>>>> I can't send emails - I use Thunderbird - get error "logging > on > >>>>>>>> server > >>>>>>>>>>>>> mail.example.com not work out". Error in logs: > >>>>>>>>>>>>> dovecot: auth-worker(22698): Error: Auth worker sees > different > >>>>>>>>>>>>> passdbs/userdbs than auth server. > >>>>>>>>>>>>> dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > >>>>>>>>>>>>> > >>>>>>>>>>>>> Is it possible that hashed password from cram-md5.pwd file > was > >>>>>>>> written > >>>>>>>>>> to > >>>>>>>>>>>>> database (if yes then where - I have ISPconfig)? I wasn't > >> change > >>>>>> any > >>>>>>>>>>>> userdb > >>>>>>>>>>>>> {} block and this second userdb block has this same lines > like > >>>>>>>> default > >>>>>>>>>>>>> settings in passdb block. > >>>>>>>>>>>>> > >>>>>>>>>>>> Try > >>>>>>>>>>>> > >>>>>>>>>>>> auth_debug=yes > >>>>>>>>>>>> auth_verbose=yes > >>>>>>>>>>>> > >>>>>>>>>>>> and see if it gives any more reasonable messages. > >>>>>>>>>>>> > >>>>>>>>>>>> Aki > >>>>>>>>>>>> > >>> > > > > >-- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *serwis at poliman.pl <serwis at poliman.pl>*