Sure :) thanks
cat /var/log/dovecot/[...]
Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured session=JK0Bfm9YuqfAqAFk
lip=192.168.1.100 rip=192.168.1.100 lport=143
rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA==
(previous base64 data may contain sensitive data)
Sep 05 13:26:02 auth-worker(30088): Debug:
pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup
service=username_format=user00
Sep 05 13:26:02 auth-worker(30088): Debug:
pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1
style=1 msg=Password:
==> /var/log/dovecot.info <=Sep 05 13:26:04 auth-worker(30088): Info:
pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
pam_authenticate() failed: Authentication failure (password mismatch?)
(given password: pass)
==> /var/log/dovecot.debug <=Sep 05 13:26:04 auth: Debug:
passwd-file(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
lookup: user=user00 at realsystem.org file=/etc/dovecot/users
==> /var/log/dovecot.info <=Sep 05 13:26:04 auth: Info:
passwd-file(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
unknown user (given password: pass)
==> /var/log/dovecot.debug <=Sep 05 13:26:06 auth: Debug: client passdb
out: FAIL 1
user=user00 at realsystem.org
==> /var/log/dovecot.info <=Sep 05 13:26:06 imap-login: Info: Disconnected
(auth failed, 1 attempts
in 4 secs): user=<user00 at realsystem.org>, method=PLAIN,
rip=192.168.1.100, lip=192.168.1.100, secured
doveconf -n
# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = login plain
auth_verbose = yes
auth_verbose_passwords = yes
debug_log_path = /var/log/dovecot.debug
disable_plaintext_auth = no
info_log_path = /var/log/dovecot.info
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
mail_debug = yes
mail_home = /home/vmail/%d/%n/Maildir
mail_location = maildir:~/Maildir
mail_plugins = " quota quota"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapflags notify
namespace inbox {
inbox = yes
location mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix subscriptions = yes
type = private
}
passdb {
args = username_format=%n
driver = pam
}
passdb {
args = scheme=SHA256 username_format=%u /etc/dovecot/users
driver = passwd-file
}
plugin {
mail_log_events = delete undelete expunge copy mailbox_delete
mailbox_rename append flag_change
mail_log_fields = uid box msgid size from subject vsize
quota = maildir:User quota
quota_rule = *:storage=10000M
quota_rule2 = Junk:storage=+100M
quota_rule3 = SPAM:storage=+100M
quota_warning = storage=90%% quota-warning 90 %u
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_extensions = +notify +imapflags
}
protocols = " imap sieve pop3 sieve"
quota_full_tempfail = yes
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 143
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
vsz_limit = 64 M
}
service pop3-login {
inet_listener pop3 {
port = 110
}
inet_listener pop3s {
port = 995
ssl = yes
}
}
service quota-warning {
executable = script /root/bin/quota-warning.sh
unix_listener quota-warning {
mode = 0666
user = vmail
}
user = root
}
ssl_cert = </etc/dovecot/dovecot.pem
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
userdb {
driver = passwd
}
userdb {
args = scheme=SHA256 username_format=%u /etc/dovecot/users
driver = passwd-file
}
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%d/%n
driver = static
}
verbose_proctitle = yes
protocol lda {
mail_plugins = " quota quota sieve quota"
}
protocol imap {
mail_plugins = " quota quota imap_quota"
}
On 2017-09-05 13:01, Aki Tuomi wrote:
> Can you provide
>
> doveconf -n (with the new config)
>
> enable auth_debug=yes, auth_verbose=yes and provide logs from
> authentication attempt?
>
> Aki
>
> On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your
> advices I've same problem: in the logs
> always I see the authentication with user and domain name, so dovecot
> doesn't accept it
>
> any idea?
>
> thanks!
>
> Pol
>
> On 2017-09-05 10:58, Aki Tuomi wrote:
>
> Oh right, you need to do it like this...
>
> after the passwd-file drivers add
>
> passdb {
> driver = static
> args = username=%n noauthenticate
> }
>
> Aki
>
> On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
>
> I already tried with:
>
> username_format=%n or auth_username_format=%n but I've same problem
>
> Pol
>
> passdb {
> driver = pam
> args = username_format=%n
> }
>
> also you probably want to consider using driver=passwd instead, if you
> really don't need pam due to some special plugins.
>
> Aki
--
Pol
Try configuring like this:
passdb {
args = scheme=SHA256 username_format=%u /etc/dovecot/users
driver = passwd-file
}
passdb {
driver = static
args = username=%n noauthenticate
skip = authenticated
}
passdb {
driver = pam
skip = authenticated
}
On 05.09.2017 14:29, Pol Hallen wrote:> Sure :) thanks
>
> cat /var/log/dovecot/[...]
>
> Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
> Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN
> service=imap secured session=JK0Bfm9YuqfAqAFk
> lip=192.168.1.100 rip=192.168.1.100 lport=143
> rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA=>
(previous base64 data may contain sensitive data)
> Sep 05 13:26:02 auth-worker(30088): Debug:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
lookup
> service=username_format=user00
> Sep 05 13:26:02 auth-worker(30088): Debug:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1
> style=1 msg=Password:
> ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth-worker(30088):
Info:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> pam_authenticate() failed: Authentication failure (password mismatch?)
> (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:26:04 auth: Debug:
> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> lookup: user=user00 at realsystem.org file=/etc/dovecot/users
> ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth: Info:
> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> unknown user (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:26:06 auth: Debug: client
passdb out: FAIL 1
> user=user00 at realsystem.org
> ==> /var/log/dovecot.info <=> Sep 05 13:26:06 imap-login: Info:
Disconnected (auth failed, 1
> attempts in 4 secs): user=<user00 at realsystem.org>, method=PLAIN,
> rip=192.168.1.100, lip=192.168.1.100, secured
>
> doveconf -n
>
> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.16 (fed8554)
> # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = login plain
> auth_verbose = yes
> auth_verbose_passwords = yes
> debug_log_path = /var/log/dovecot.debug
> disable_plaintext_auth = no
> info_log_path = /var/log/dovecot.info
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
%c
> mail_debug = yes
> mail_home = /home/vmail/%d/%n/Maildir
> mail_location = maildir:~/Maildir
> mail_plugins = " quota quota"
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext imapflags notify
> namespace inbox {
> inbox = yes
> location > mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix > subscriptions = yes
> type = private
> }
> passdb {
> args = username_format=%n
> driver = pam
> }
> passdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> plugin {
> mail_log_events = delete undelete expunge copy mailbox_delete
> mailbox_rename append flag_change
> mail_log_fields = uid box msgid size from subject vsize
> quota = maildir:User quota
> quota_rule = *:storage=10000M
> quota_rule2 = Junk:storage=+100M
> quota_rule3 = SPAM:storage=+100M
> quota_warning = storage=90%% quota-warning 90 %u
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_extensions = +notify +imapflags
> }
> protocols = " imap sieve pop3 sieve"
> quota_full_tempfail = yes
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> service_count = 1
> vsz_limit = 64 M
> }
> service pop3-login {
> inet_listener pop3 {
> port = 110
> }
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> service quota-warning {
> executable = script /root/bin/quota-warning.sh
> unix_listener quota-warning {
> mode = 0666
> user = vmail
> }
> user = root
> }
> ssl_cert = </etc/dovecot/dovecot.pem
> ssl_dh_parameters_length = 2048
> ssl_key = # hidden, use -P to show it
> userdb {
> driver = passwd
> }
> userdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> userdb {
> args = uid=vmail gid=vmail home=/home/vmail/%d/%n
> driver = static
> }
> verbose_proctitle = yes
> protocol lda {
> mail_plugins = " quota quota sieve quota"
> }
> protocol imap {
> mail_plugins = " quota quota imap_quota"
> }
>
>
>
>
> On 2017-09-05 13:01, Aki Tuomi wrote:
>
>> Can you provide
>>
>> doveconf -n (with the new config)
>>
>> enable auth_debug=yes, auth_verbose=yes and provide logs from
>> authentication attempt?
>>
>> Aki
>>
>> On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your
>> advices I've same problem: in the logs
>> always I see the authentication with user and domain name, so dovecot
>> doesn't accept it
>>
>> any idea?
>>
>> thanks!
>>
>> Pol
>>
>> On 2017-09-05 10:58, Aki Tuomi wrote:
>>
>> Oh right, you need to do it like this...
>>
>> after the passwd-file drivers add
>>
>> passdb {
>> driver = static
>> args = username=%n noauthenticate
>> }
>>
>> Aki
>>
>> On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
>>
>> I already tried with:
>>
>> username_format=%n or auth_username_format=%n but I've same problem
>>
>> Pol
>>
>> passdb {
>> driver = pam
>> args = username_format=%n
>> }
>>
>> also you probably want to consider using driver=passwd instead, if you
>> really don't need pam due to some special plugins.
>>
>> Aki
>
>
Do I modify auth-system.conf.ext only (sorry for the question) if yes, I've same problem Pol On 2017-09-05 13:34, Aki Tuomi wrote:> Try configuring like this: > > passdb { > args = scheme=SHA256 username_format=%u /etc/dovecot/users > driver = passwd-file > } > > passdb { > driver = static > args = username=%n noauthenticate > skip = authenticated > } > > passdb { > driver = pam > skip = authenticated > } > > On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks > > cat /var/log/dovecot/[...] > > Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131) > Sep 05 13:26:02 auth: Debug: client in: AUTH 1 PLAIN > service=imap secured session=JK0Bfm9YuqfAqAFk > lip=192.168.1.100 rip=192.168.1.100 lport=143 > rport=42938 resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA=> (previous base64 data may contain sensitive data) > Sep 05 13:26:02 auth-worker(30088): Debug: > pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup > service=username_format=user00 > Sep 05 13:26:02 auth-worker(30088): Debug: > pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1 > style=1 msg=Password: > ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth-worker(30088): Info: > pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): > pam_authenticate() failed: Authentication failure (password mismatch?) > (given password: pass) > ==> /var/log/dovecot.debug <=> Sep 05 13:26:04 auth: Debug: > passwd-file(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): > lookup: user=user00 at realsystem.org file=/etc/dovecot/users > ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth: Info: > passwd-file(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): > unknown user (given password: pass) > ==> /var/log/dovecot.debug <=> Sep 05 13:26:06 auth: Debug: client passdb out: FAIL 1 > user=user00 at realsystem.org > ==> /var/log/dovecot.info <=> Sep 05 13:26:06 imap-login: Info: Disconnected (auth failed, 1 > attempts in 4 secs): user=<user00 at realsystem.org>, method=PLAIN, > rip=192.168.1.100, lip=192.168.1.100, secured > > doveconf -n > > # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.4.16 (fed8554) > # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1 > auth_debug = yes > auth_debug_passwords = yes > auth_mechanisms = login plain > auth_verbose = yes > auth_verbose_passwords = yes > debug_log_path = /var/log/dovecot.debug > disable_plaintext_auth = no > info_log_path = /var/log/dovecot.info > login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c > mail_debug = yes > mail_home = /home/vmail/%d/%n/Maildir > mail_location = maildir:~/Maildir > mail_plugins = " quota quota" > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext imapflags notify > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix > subscriptions = yes > type = private > } > passdb { > args = username_format=%n > driver = pam > } > passdb { > args = scheme=SHA256 username_format=%u /etc/dovecot/users > driver = passwd-file > } > plugin { > mail_log_events = delete undelete expunge copy mailbox_delete > mailbox_rename append flag_change > mail_log_fields = uid box msgid size from subject vsize > quota = maildir:User quota > quota_rule = *:storage=10000M > quota_rule2 = Junk:storage=+100M > quota_rule3 = SPAM:storage=+100M > quota_warning = storage=90%% quota-warning 90 %u > sieve = file:~/sieve;active=~/.dovecot.sieve > sieve_extensions = +notify +imapflags > } > protocols = " imap sieve pop3 sieve" > quota_full_tempfail = yes > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 143 > } > inet_listener imaps { > port = 993 > ssl = yes > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 1 > vsz_limit = 64 M > } > service pop3-login { > inet_listener pop3 { > port = 110 > } > inet_listener pop3s { > port = 995 > ssl = yes > } > } > service quota-warning { > executable = script /root/bin/quota-warning.sh > unix_listener quota-warning { > mode = 0666 > user = vmail > } > user = root > } > ssl_cert = </etc/dovecot/dovecot.pem > ssl_dh_parameters_length = 2048 > ssl_key = # hidden, use -P to show it > userdb { > driver = passwd > } > userdb { > args = scheme=SHA256 username_format=%u /etc/dovecot/users > driver = passwd-file > } > userdb { > args = uid=vmail gid=vmail home=/home/vmail/%d/%n > driver = static > } > verbose_proctitle = yes > protocol lda { > mail_plugins = " quota quota sieve quota" > } > protocol imap { > mail_plugins = " quota quota imap_quota" > } > > On 2017-09-05 13:01, Aki Tuomi wrote: > > Can you provide > > doveconf -n (with the new config) > > enable auth_debug=yes, auth_verbose=yes and provide logs from > authentication attempt? > > Aki > > On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your > advices I've same problem: in the logs > always I see the authentication with user and domain name, so dovecot > doesn't accept it > > any idea? > > thanks! > > Pol > > On 2017-09-05 10:58, Aki Tuomi wrote: > > Oh right, you need to do it like this... > > after the passwd-file drivers add > > passdb { > driver = static > args = username=%n noauthenticate > } > > Aki > > On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply > > I already tried with: > > username_format=%n or auth_username_format=%n but I've same problem > > Pol > > passdb { > driver = pam > args = username_format=%n > } > > also you probably want to consider using driver=passwd instead, if you > really don't need pam due to some special plugins. > > Aki-- Pol