dovecot - Sep 2017 - pam authentication

does not work :-/

Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115)
Sep 05 13:49:41 auth: Debug: client in: AUTH    1       PLAIN   
service=imap    secured session=IFCT0m9Y0KjAqAFk        
lip=192.168.1.100       rip=192.168.1.100       lport=143       
rport=43216   resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== 
(previous base64 data may contain sensitive data)
Sep 05 13:49:41 auth: Debug: 
passwd-file(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): 
lookup: user=user00 at realdomain.org file=/etc/dovecot/users
Sep 05 13:49:41 auth: Debug: 
static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
Sep 05 13:49:41 auth: Debug: 
static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
Allowing
any password
Sep 05 13:49:41 auth: Debug: 
static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Not 
performing authentication (noauthenticate set)
==> /var/log/dovecot.info <=Sep 05 13:49:41 auth: Info: 
passwd-file(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): 
unknown user (given password: pass) - trying the next passdb
==> /var/log/dovecot.debug <=Sep 05 13:49:41 auth-worker(31116): Debug:
Loading modules from
directory: /usr/lib/dovecot/modules/auth
Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file 
/etc/dovecot/users: Read 4 users in 0 secs
Sep 05 13:49:41 auth-worker(31116): Debug: 
pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup 
service=dovecot
Sep 05 13:49:41 auth-worker(31116): Debug: 
pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 
style=1 msg=Password:
==> /var/log/dovecot.info <=Sep 05 13:49:42 auth-worker(31116): Info: 
pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): 
pam_authenticate() failed: Authentication failure (password mismatch?) 
(given password: pass)
==> /var/log/dovecot.debug <=Sep 05 13:49:42 auth-worker(31116): Debug: 
pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup 
service=dovecot
Sep 05 13:49:42 auth-worker(31116): Debug: 
pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1 
style=1 msg=Password:
==> /var/log/dovecot.info <=Sep 05 13:49:45 auth-worker(31116): Info: 
pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): 
pam_authenticate() failed: Authentication failure (password mismatch?) 
(given password: pass)
==> /var/log/dovecot.debug <=Sep 05 13:49:45 auth: Debug: 
passwd-file(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): 
lookup: user=user00 at realdomain.org file=/etc/dovecot/users
==> /var/log/dovecot.info <=Sep 05 13:49:45 auth: Info: 
passwd-file(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): 
unknown user (given password: pass)
==> /var/log/dovecot.debug <=Sep 05 13:49:47 auth: Debug: client passdb
out: FAIL    1
user=user00 at realdomain.org
Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field:
==> /var/log/dovecot.info <=Sep 05 13:49:47 imap-login: Info: Disconnected
(auth failed, 1 attempts
in 6 secs): user=<user00 at realdomain.org>, method=PLAIN, 
rip=192.168.1.100, lip=192.168.1.100, secured



On 2017-09-05 13:41, Aki Tuomi wrote:
> No, you modify dovecot.conf
> 
> Aki
> 
> On 05.09.2017 14:40, Pol Hallen wrote: Do I modify auth-system.conf.ext 
> only (sorry for the question)
> 
> if yes, I've same problem
> 
> Pol
> 
> On 2017-09-05 13:34, Aki Tuomi wrote:
> 
> Try configuring like this:
> 
> passdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> 
> passdb {
> driver = static
> args = username=%n noauthenticate
> skip = authenticated
> }
> 
> passdb {
> driver = pam
> skip = authenticated
> }
> 
> On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
> 
> cat /var/log/dovecot/[...]
> 
> Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
> Sep 05 13:26:02 auth: Debug: client in: AUTH    1       PLAIN
> service=imap    secured session=JK0Bfm9YuqfAqAFk
> lip=192.168.1.100       rip=192.168.1.100       lport=143
> rport=42938   resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA=>
(previous base64 data may contain sensitive data)
> Sep 05 13:26:02 auth-worker(30088): Debug:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
lookup
> service=username_format=user00
> Sep 05 13:26:02 auth-worker(30088): Debug:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1
> style=1 msg=Password:
> ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth-worker(30088):
Info:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> pam_authenticate() failed: Authentication failure (password mismatch?)
> (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:26:04 auth: Debug:
> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> lookup: user=user00 at realsystem.org file=/etc/dovecot/users
> ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth: Info:
> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> unknown user (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:26:06 auth: Debug: client
passdb out: FAIL    1
> user=user00 at realsystem.org
> ==> /var/log/dovecot.info <=> Sep 05 13:26:06 imap-login: Info:
Disconnected (auth failed, 1
> attempts in 4 secs): user=<user00 at realsystem.org>, method=PLAIN,
> rip=192.168.1.100, lip=192.168.1.100, secured
> 
> doveconf -n
> 
> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.16 (fed8554)
> # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = login plain
> auth_verbose = yes
> auth_verbose_passwords = yes
> debug_log_path = /var/log/dovecot.debug
> disable_plaintext_auth = no
> info_log_path = /var/log/dovecot.info
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
> %c
> mail_debug = yes
> mail_home = /home/vmail/%d/%n/Maildir
> mail_location = maildir:~/Maildir
> mail_plugins = " quota quota"
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext imapflags notify
> namespace inbox {
> inbox = yes
> location > mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix > subscriptions = yes
> type = private
> }
> passdb {
> args = username_format=%n
> driver = pam
> }
> passdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> plugin {
> mail_log_events = delete undelete expunge copy mailbox_delete
> mailbox_rename append flag_change
> mail_log_fields = uid box msgid size from subject vsize
> quota = maildir:User quota
> quota_rule = *:storage=10000M
> quota_rule2 = Junk:storage=+100M
> quota_rule3 = SPAM:storage=+100M
> quota_warning = storage=90%% quota-warning 90 %u
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_extensions = +notify +imapflags
> }
> protocols = " imap sieve pop3 sieve"
> quota_full_tempfail = yes
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> service_count = 1
> vsz_limit = 64 M
> }
> service pop3-login {
> inet_listener pop3 {
> port = 110
> }
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> service quota-warning {
> executable = script /root/bin/quota-warning.sh
> unix_listener quota-warning {
> mode = 0666
> user = vmail
> }
> user = root
> }
> ssl_cert = </etc/dovecot/dovecot.pem
> ssl_dh_parameters_length = 2048
> ssl_key =  # hidden, use -P to show it
> userdb {
> driver = passwd
> }
> userdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> userdb {
> args = uid=vmail gid=vmail home=/home/vmail/%d/%n
> driver = static
> }
> verbose_proctitle = yes
> protocol lda {
> mail_plugins = " quota quota sieve quota"
> }
> protocol imap {
> mail_plugins = " quota quota imap_quota"
> }
> 
> On 2017-09-05 13:01, Aki Tuomi wrote:
> 
> Can you provide
> 
> doveconf -n  (with the new config)
> 
> enable auth_debug=yes, auth_verbose=yes and provide logs from
> authentication attempt?
> 
> Aki
> 
> On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your
> advices I've same problem: in the logs
> always I see the authentication with user and domain name, so dovecot
> doesn't accept it
> 
> any idea?
> 
> thanks!
> 
> Pol
> 
> On 2017-09-05 10:58, Aki Tuomi wrote:
> 
> Oh right, you need to do it like this...
> 
> after the passwd-file drivers add
> 
> passdb {
> driver = static
> args = username=%n noauthenticate
> }
> 
> Aki
> 
> On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
> 
> I already tried with:
> 
> username_format=%n or auth_username_format=%n but I've same problem
> 
> Pol
> 
> passdb {
> driver = pam
> args = username_format=%n
> }
> 
> also you probably want to consider using driver=passwd instead, if you
> really don't need pam due to some special plugins.
> 
> Aki

-- 
Pol

Sorry, small typo

passdb {
 driver = static
 args = user=%n noauthenticate
}

Aki


On 05.09.2017 14:51, Pol Hallen wrote:
> does not work :-/
>
> Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115)
> Sep 05 13:49:41 auth: Debug: client in: AUTH    1       PLAIN  
> service=imap    secured session=IFCT0m9Y0KjAqAFk       
> lip=192.168.1.100       rip=192.168.1.100       lport=143      
> rport=43216  
> resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous
> base64 data may contain sensitive data)
> Sep 05 13:49:41 auth: Debug:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> lookup: user=user00 at realdomain.org file=/etc/dovecot/users
> Sep 05 13:49:41 auth: Debug:
> static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
> Sep 05 13:49:41 auth: Debug:
> static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> Allowing any password
> Sep 05 13:49:41 auth: Debug:
> static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
Not
> performing authentication (noauthenticate set)
> ==> /var/log/dovecot.info <=> Sep 05 13:49:41 auth: Info:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> unknown user (given password: pass) - trying the next passdb
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:41 auth-worker(31116):
Debug: Loading modules from
> directory: /usr/lib/dovecot/modules/auth
> Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file
> /etc/dovecot/users: Read 4 users in 0 secs
> Sep 05 13:49:41 auth-worker(31116): Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
> service=dovecot
> Sep 05 13:49:41 auth-worker(31116): Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
> style=1 msg=Password:
> ==> /var/log/dovecot.info <=> Sep 05 13:49:42 auth-worker(31116):
Info:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> pam_authenticate() failed: Authentication failure (password mismatch?)
> (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:42 auth-worker(31116):
Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
> service=dovecot
> Sep 05 13:49:42 auth-worker(31116): Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
> style=1 msg=Password:
> ==> /var/log/dovecot.info <=> Sep 05 13:49:45 auth-worker(31116):
Info:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> pam_authenticate() failed: Authentication failure (password mismatch?)
> (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:45 auth: Debug:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> lookup: user=user00 at realdomain.org file=/etc/dovecot/users
> ==> /var/log/dovecot.info <=> Sep 05 13:49:45 auth: Info:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> unknown user (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:47 auth: Debug: client
passdb out: FAIL    1
> user=user00 at realdomain.org
> Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field:
> ==> /var/log/dovecot.info <=> Sep 05 13:49:47 imap-login: Info:
Disconnected (auth failed, 1
> attempts in 6 secs): user=<user00 at realdomain.org>, method=PLAIN,
> rip=192.168.1.100, lip=192.168.1.100, secured
>
>
>
> On 2017-09-05 13:41, Aki Tuomi wrote:
>
>> No, you modify dovecot.conf
>>
>> Aki
>>
>> On 05.09.2017 14:40, Pol Hallen wrote: Do I modify
>> auth-system.conf.ext only (sorry for the question)
>>
>> if yes, I've same problem
>>
>> Pol
>>
>> On 2017-09-05 13:34, Aki Tuomi wrote:
>>
>> Try configuring like this:
>>
>> passdb {
>> args = scheme=SHA256 username_format=%u /etc/dovecot/users
>> driver = passwd-file
>> }
>>
>> passdb {
>> driver = static
>> args = username=%n noauthenticate
>> skip = authenticated
>> }
>>
>> passdb {
>> driver = pam
>> skip = authenticated
>> }
>>
>> On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
>>
>> cat /var/log/dovecot/[...]
>>
>> Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
>> Sep 05 13:26:02 auth: Debug: client in: AUTH    1       PLAIN
>> service=imap    secured session=JK0Bfm9YuqfAqAFk
>> lip=192.168.1.100       rip=192.168.1.100       lport=143
>> rport=42938   resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA=>>
(previous base64 data may contain sensitive data)
>> Sep 05 13:26:02 auth-worker(30088): Debug:
>> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
lookup
>> service=username_format=user00
>> Sep 05 13:26:02 auth-worker(30088): Debug:
>> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
#1/1
>> style=1 msg=Password:
>> ==> /var/log/dovecot.info <=>> Sep 05 13:26:04
auth-worker(30088): Info:
>> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
>> pam_authenticate() failed: Authentication failure (password mismatch?)
>> (given password: pass)
>> ==> /var/log/dovecot.debug <=>> Sep 05 13:26:04 auth:
Debug:
>> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
>> lookup: user=user00 at realsystem.org file=/etc/dovecot/users
>> ==> /var/log/dovecot.info <=>> Sep 05 13:26:04 auth: Info:
>> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
>> unknown user (given password: pass)
>> ==> /var/log/dovecot.debug <=>> Sep 05 13:26:06 auth:
Debug: client passdb out: FAIL    1
>> user=user00 at realsystem.org
>> ==> /var/log/dovecot.info <=>> Sep 05 13:26:06 imap-login:
Info: Disconnected (auth failed, 1
>> attempts in 4 secs): user=<user00 at realsystem.org>,
method=PLAIN,
>> rip=192.168.1.100, lip=192.168.1.100, secured
>>
>> doveconf -n
>>
>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
>> # Pigeonhole version 0.4.16 (fed8554)
>> # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1
>> auth_debug = yes
>> auth_debug_passwords = yes
>> auth_mechanisms = login plain
>> auth_verbose = yes
>> auth_verbose_passwords = yes
>> debug_log_path = /var/log/dovecot.debug
>> disable_plaintext_auth = no
>> info_log_path = /var/log/dovecot.info
>> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l
mpid=%e %c
>> mail_debug = yes
>> mail_home = /home/vmail/%d/%n/Maildir
>> mail_location = maildir:~/Maildir
>> mail_plugins = " quota quota"
>> managesieve_notify_capability = mailto
>> managesieve_sieve_capability = fileinto reject envelope
>> encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify
>> environment mailbox date index ihave duplicate mime foreverypart
>> extracttext imapflags notify
>> namespace inbox {
>> inbox = yes
>> location >> mailbox Drafts {
>> special_use = \Drafts
>> }
>> mailbox Junk {
>> special_use = \Junk
>> }
>> mailbox Sent {
>> special_use = \Sent
>> }
>> mailbox "Sent Messages" {
>> special_use = \Sent
>> }
>> mailbox Trash {
>> special_use = \Trash
>> }
>> prefix >> subscriptions = yes
>> type = private
>> }
>> passdb {
>> args = username_format=%n
>> driver = pam
>> }
>> passdb {
>> args = scheme=SHA256 username_format=%u /etc/dovecot/users
>> driver = passwd-file
>> }
>> plugin {
>> mail_log_events = delete undelete expunge copy mailbox_delete
>> mailbox_rename append flag_change
>> mail_log_fields = uid box msgid size from subject vsize
>> quota = maildir:User quota
>> quota_rule = *:storage=10000M
>> quota_rule2 = Junk:storage=+100M
>> quota_rule3 = SPAM:storage=+100M
>> quota_warning = storage=90%% quota-warning 90 %u
>> sieve = file:~/sieve;active=~/.dovecot.sieve
>> sieve_extensions = +notify +imapflags
>> }
>> protocols = " imap sieve pop3 sieve"
>> quota_full_tempfail = yes
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0666
>> user = postfix
>> }
>> }
>> service imap-login {
>> inet_listener imap {
>> port = 143
>> }
>> inet_listener imaps {
>> port = 993
>> ssl = yes
>> }
>> }
>> service managesieve-login {
>> inet_listener sieve {
>> port = 4190
>> }
>> service_count = 1
>> vsz_limit = 64 M
>> }
>> service pop3-login {
>> inet_listener pop3 {
>> port = 110
>> }
>> inet_listener pop3s {
>> port = 995
>> ssl = yes
>> }
>> }
>> service quota-warning {
>> executable = script /root/bin/quota-warning.sh
>> unix_listener quota-warning {
>> mode = 0666
>> user = vmail
>> }
>> user = root
>> }
>> ssl_cert = </etc/dovecot/dovecot.pem
>> ssl_dh_parameters_length = 2048
>> ssl_key =  # hidden, use -P to show it
>> userdb {
>> driver = passwd
>> }
>> userdb {
>> args = scheme=SHA256 username_format=%u /etc/dovecot/users
>> driver = passwd-file
>> }
>> userdb {
>> args = uid=vmail gid=vmail home=/home/vmail/%d/%n
>> driver = static
>> }
>> verbose_proctitle = yes
>> protocol lda {
>> mail_plugins = " quota quota sieve quota"
>> }
>> protocol imap {
>> mail_plugins = " quota quota imap_quota"
>> }
>>
>> On 2017-09-05 13:01, Aki Tuomi wrote:
>>
>> Can you provide
>>
>> doveconf -n  (with the new config)
>>
>> enable auth_debug=yes, auth_verbose=yes and provide logs from
>> authentication attempt?
>>
>> Aki
>>
>> On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your
>> advices I've same problem: in the logs
>> always I see the authentication with user and domain name, so dovecot
>> doesn't accept it
>>
>> any idea?
>>
>> thanks!
>>
>> Pol
>>
>> On 2017-09-05 10:58, Aki Tuomi wrote:
>>
>> Oh right, you need to do it like this...
>>
>> after the passwd-file drivers add
>>
>> passdb {
>> driver = static
>> args = username=%n noauthenticate
>> }
>>
>> Aki
>>
>> On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
>>
>> I already tried with:
>>
>> username_format=%n or auth_username_format=%n but I've same problem
>>
>> Pol
>>
>> passdb {
>> driver = pam
>> args = username_format=%n
>> }
>>
>> also you probably want to consider using driver=passwd instead, if you
>> really don't need pam due to some special plugins.
>>
>> Aki
>
>

How cooool!!! Works! :-)))

Very very thanks for your help!!!

Pol :)


On 2017-09-05 13:54, Aki Tuomi wrote:
> Sorry, small typo
> 
> passdb {
>  driver = static
>  args = user=%n noauthenticate
> }
> 
> Aki
> 
> 
> On 05.09.2017 14:51, Pol Hallen wrote:
>> does not work :-/
>> 
>> Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115)
>> Sep 05 13:49:41 auth: Debug: client in: AUTH    1       PLAIN
>> service=imap    secured session=IFCT0m9Y0KjAqAFk
>> lip=192.168.1.100       rip=192.168.1.100       lport=143
>> rport=43216
>> resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous
>> base64 data may contain sensitive data)
>> Sep 05 13:49:41 auth: Debug:
>> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
>> lookup: user=user00 at realdomain.org file=/etc/dovecot/users
>> Sep 05 13:49:41 auth: Debug:
>> static(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): lookup
>> Sep 05 13:49:41 auth: Debug:
>> static(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
>> Allowing any password
>> Sep 05 13:49:41 auth: Debug:
>> static(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): Not
>> performing authentication (noauthenticate set)
>> ==> /var/log/dovecot.info <=>> Sep 05 13:49:41 auth: Info:
>> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
>> unknown user (given password: pass) - trying the next passdb
>> ==> /var/log/dovecot.debug <=>> Sep 05 13:49:41
auth-worker(31116): Debug: Loading modules from
>> directory: /usr/lib/dovecot/modules/auth
>> Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file
>> /etc/dovecot/users: Read 4 users in 0 secs
>> Sep 05 13:49:41 auth-worker(31116): Debug:
>> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
>> service=dovecot
>> Sep 05 13:49:41 auth-worker(31116): Debug:
>> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
#1/1
>> style=1 msg=Password:
>> ==> /var/log/dovecot.info <=>> Sep 05 13:49:42
auth-worker(31116): Info:
>> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
>> pam_authenticate() failed: Authentication failure (password mismatch?)
>> (given password: pass)
>> ==> /var/log/dovecot.debug <=>> Sep 05 13:49:42
auth-worker(31116): Debug:
>> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
>> service=dovecot
>> Sep 05 13:49:42 auth-worker(31116): Debug:
>> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
#1/1
>> style=1 msg=Password:
>> ==> /var/log/dovecot.info <=>> Sep 05 13:49:45
auth-worker(31116): Info:
>> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
>> pam_authenticate() failed: Authentication failure (password mismatch?)
>> (given password: pass)
>> ==> /var/log/dovecot.debug <=>> Sep 05 13:49:45 auth:
Debug:
>> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
>> lookup: user=user00 at realdomain.org file=/etc/dovecot/users
>> ==> /var/log/dovecot.info <=>> Sep 05 13:49:45 auth: Info:
>> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
>> unknown user (given password: pass)
>> ==> /var/log/dovecot.debug <=>> Sep 05 13:49:47 auth:
Debug: client passdb out: FAIL    1
>> user=user00 at realdomain.org
>> Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra 
>> field:
>> ==> /var/log/dovecot.info <=>> Sep 05 13:49:47 imap-login:
Info: Disconnected (auth failed, 1
>> attempts in 6 secs): user=<user00 at realdomain.org>,
method=PLAIN,
>> rip=192.168.1.100, lip=192.168.1.100, secured
>> 
>> 
>> 
>> On 2017-09-05 13:41, Aki Tuomi wrote:
>> 
>>> No, you modify dovecot.conf
>>> 
>>> Aki
>>> 
>>> On 05.09.2017 14:40, Pol Hallen wrote: Do I modify
>>> auth-system.conf.ext only (sorry for the question)
>>> 
>>> if yes, I've same problem
>>> 
>>> Pol
>>> 
>>> On 2017-09-05 13:34, Aki Tuomi wrote:
>>> 
>>> Try configuring like this:
>>> 
>>> passdb {
>>> args = scheme=SHA256 username_format=%u /etc/dovecot/users
>>> driver = passwd-file
>>> }
>>> 
>>> passdb {
>>> driver = static
>>> args = username=%n noauthenticate
>>> skip = authenticated
>>> }
>>> 
>>> passdb {
>>> driver = pam
>>> skip = authenticated
>>> }
>>> 
>>> On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
>>> 
>>> cat /var/log/dovecot/[...]
>>> 
>>> Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
>>> Sep 05 13:26:02 auth: Debug: client in: AUTH    1       PLAIN
>>> service=imap    secured session=JK0Bfm9YuqfAqAFk
>>> lip=192.168.1.100       rip=192.168.1.100       lport=143
>>> rport=42938  
resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA=>>> (previous base64
data may contain sensitive data)
>>> Sep 05 13:26:02 auth-worker(30088): Debug:
>>> pam(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): lookup
>>> service=username_format=user00
>>> Sep 05 13:26:02 auth-worker(30088): Debug:
>>> pam(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1
>>> style=1 msg=Password:
>>> ==> /var/log/dovecot.info <=>>> Sep 05 13:26:04
auth-worker(30088): Info:
>>> pam(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
>>> pam_authenticate() failed: Authentication failure (password 
>>> mismatch?)
>>> (given password: pass)
>>> ==> /var/log/dovecot.debug <=>>> Sep 05 13:26:04
auth: Debug:
>>> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
>>> lookup: user=user00 at realsystem.org file=/etc/dovecot/users
>>> ==> /var/log/dovecot.info <=>>> Sep 05 13:26:04
auth: Info:
>>> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
>>> unknown user (given password: pass)
>>> ==> /var/log/dovecot.debug <=>>> Sep 05 13:26:06
auth: Debug: client passdb out: FAIL    1
>>> user=user00 at realsystem.org
>>> ==> /var/log/dovecot.info <=>>> Sep 05 13:26:06
imap-login: Info: Disconnected (auth failed, 1
>>> attempts in 4 secs): user=<user00 at realsystem.org>,
method=PLAIN,
>>> rip=192.168.1.100, lip=192.168.1.100, secured
>>> 
>>> doveconf -n
>>> 
>>> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
>>> # Pigeonhole version 0.4.16 (fed8554)
>>> # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1
>>> auth_debug = yes
>>> auth_debug_passwords = yes
>>> auth_mechanisms = login plain
>>> auth_verbose = yes
>>> auth_verbose_passwords = yes
>>> debug_log_path = /var/log/dovecot.debug
>>> disable_plaintext_auth = no
>>> info_log_path = /var/log/dovecot.info
>>> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l
mpid=%e
>>> %c
>>> mail_debug = yes
>>> mail_home = /home/vmail/%d/%n/Maildir
>>> mail_location = maildir:~/Maildir
>>> mail_plugins = " quota quota"
>>> managesieve_notify_capability = mailto
>>> managesieve_sieve_capability = fileinto reject envelope
>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>> relational regex imap4flags copy include variables body enotify
>>> environment mailbox date index ihave duplicate mime foreverypart
>>> extracttext imapflags notify
>>> namespace inbox {
>>> inbox = yes
>>> location >>> mailbox Drafts {
>>> special_use = \Drafts
>>> }
>>> mailbox Junk {
>>> special_use = \Junk
>>> }
>>> mailbox Sent {
>>> special_use = \Sent
>>> }
>>> mailbox "Sent Messages" {
>>> special_use = \Sent
>>> }
>>> mailbox Trash {
>>> special_use = \Trash
>>> }
>>> prefix >>> subscriptions = yes
>>> type = private
>>> }
>>> passdb {
>>> args = username_format=%n
>>> driver = pam
>>> }
>>> passdb {
>>> args = scheme=SHA256 username_format=%u /etc/dovecot/users
>>> driver = passwd-file
>>> }
>>> plugin {
>>> mail_log_events = delete undelete expunge copy mailbox_delete
>>> mailbox_rename append flag_change
>>> mail_log_fields = uid box msgid size from subject vsize
>>> quota = maildir:User quota
>>> quota_rule = *:storage=10000M
>>> quota_rule2 = Junk:storage=+100M
>>> quota_rule3 = SPAM:storage=+100M
>>> quota_warning = storage=90%% quota-warning 90 %u
>>> sieve = file:~/sieve;active=~/.dovecot.sieve
>>> sieve_extensions = +notify +imapflags
>>> }
>>> protocols = " imap sieve pop3 sieve"
>>> quota_full_tempfail = yes
>>> service auth {
>>> unix_listener /var/spool/postfix/private/auth {
>>> group = postfix
>>> mode = 0666
>>> user = postfix
>>> }
>>> }
>>> service imap-login {
>>> inet_listener imap {
>>> port = 143
>>> }
>>> inet_listener imaps {
>>> port = 993
>>> ssl = yes
>>> }
>>> }
>>> service managesieve-login {
>>> inet_listener sieve {
>>> port = 4190
>>> }
>>> service_count = 1
>>> vsz_limit = 64 M
>>> }
>>> service pop3-login {
>>> inet_listener pop3 {
>>> port = 110
>>> }
>>> inet_listener pop3s {
>>> port = 995
>>> ssl = yes
>>> }
>>> }
>>> service quota-warning {
>>> executable = script /root/bin/quota-warning.sh
>>> unix_listener quota-warning {
>>> mode = 0666
>>> user = vmail
>>> }
>>> user = root
>>> }
>>> ssl_cert = </etc/dovecot/dovecot.pem
>>> ssl_dh_parameters_length = 2048
>>> ssl_key =  # hidden, use -P to show it
>>> userdb {
>>> driver = passwd
>>> }
>>> userdb {
>>> args = scheme=SHA256 username_format=%u /etc/dovecot/users
>>> driver = passwd-file
>>> }
>>> userdb {
>>> args = uid=vmail gid=vmail home=/home/vmail/%d/%n
>>> driver = static
>>> }
>>> verbose_proctitle = yes
>>> protocol lda {
>>> mail_plugins = " quota quota sieve quota"
>>> }
>>> protocol imap {
>>> mail_plugins = " quota quota imap_quota"
>>> }
>>> 
>>> On 2017-09-05 13:01, Aki Tuomi wrote:
>>> 
>>> Can you provide
>>> 
>>> doveconf -n  (with the new config)
>>> 
>>> enable auth_debug=yes, auth_verbose=yes and provide logs from
>>> authentication attempt?
>>> 
>>> Aki
>>> 
>>> On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all
your
>>> advices I've same problem: in the logs
>>> always I see the authentication with user and domain name, so
dovecot
>>> doesn't accept it
>>> 
>>> any idea?
>>> 
>>> thanks!
>>> 
>>> Pol
>>> 
>>> On 2017-09-05 10:58, Aki Tuomi wrote:
>>> 
>>> Oh right, you need to do it like this...
>>> 
>>> after the passwd-file drivers add
>>> 
>>> passdb {
>>> driver = static
>>> args = username=%n noauthenticate
>>> }
>>> 
>>> Aki
>>> 
>>> On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
>>> 
>>> I already tried with:
>>> 
>>> username_format=%n or auth_username_format=%n but I've same
problem
>>> 
>>> Pol
>>> 
>>> passdb {
>>> driver = pam
>>> args = username_format=%n
>>> }
>>> 
>>> also you probably want to consider using driver=passwd instead, if 
>>> you
>>> really don't need pam due to some special plugins.
>>> 
>>> Aki
>> 
>> 
-- 
Pol

I'm sorry but there's a problem with virtual users: seems that dovecot 
processes first part of domain, for example: testdomain.org, and 
testdomain.com for dovecot are the same

I can login using user00 at testdomain

well if I've

user00 at testdomain.com and user00 at testdomain.org

an user can login using: user00 at testdomain and dovecot check first 
domain

it's strange (!)

how to solve?

Pol

On 2017-09-05 13:54, Aki Tuomi wrote:
> Sorry, small typo
> 
> passdb {
> driver = static
> args = user=%n noauthenticate
> }
> 
> Aki
> 
> On 05.09.2017 14:51, Pol Hallen wrote: does not work :-/
> 
> Sep 05 13:49:41 auth: Debug: auth client connected (pid=31115)
> Sep 05 13:49:41 auth: Debug: client in: AUTH    1       PLAIN
> service=imap    secured session=IFCT0m9Y0KjAqAFk
> lip=192.168.1.100       rip=192.168.1.100       lport=143
> rport=43216
> resp=AHBvbGhhbGxlbkBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA== (previous
> base64 data may contain sensitive data)
> Sep 05 13:49:41 auth: Debug:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> lookup: user=user00 at realdomain.org file=/etc/dovecot/users
> Sep 05 13:49:41 auth: Debug:
> static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
> Sep 05 13:49:41 auth: Debug:
> static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> Allowing any password
> Sep 05 13:49:41 auth: Debug:
> static(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
Not
> performing authentication (noauthenticate set)
> ==> /var/log/dovecot.info <=> Sep 05 13:49:41 auth: Info:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> unknown user (given password: pass) - trying the next passdb
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:41 auth-worker(31116):
Debug: Loading modules from
> directory: /usr/lib/dovecot/modules/auth
> Sep 05 13:49:41 auth-worker(31116): Debug: passwd-file
> /etc/dovecot/users: Read 4 users in 0 secs
> Sep 05 13:49:41 auth-worker(31116): Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
> service=dovecot
> Sep 05 13:49:41 auth-worker(31116): Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
> style=1 msg=Password:
> ==> /var/log/dovecot.info <=> Sep 05 13:49:42 auth-worker(31116):
Info:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> pam_authenticate() failed: Authentication failure (password mismatch?)
> (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:42 auth-worker(31116):
Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
lookup
> service=dovecot
> Sep 05 13:49:42 auth-worker(31116): Debug:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>): #1/1
> style=1 msg=Password:
> ==> /var/log/dovecot.info <=> Sep 05 13:49:45 auth-worker(31116):
Info:
> pam(user00 at realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> pam_authenticate() failed: Authentication failure (password mismatch?)
> (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:45 auth: Debug:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> lookup: user=user00 at realdomain.org file=/etc/dovecot/users
> ==> /var/log/dovecot.info <=> Sep 05 13:49:45 auth: Info:
> passwd-file(user00 at
realdomain.org,192.168.1.100,<IFCT0m9Y0KjAqAFk>):
> unknown user (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:49:47 auth: Debug: client
passdb out: FAIL    1
> user=user00 at realdomain.org
> Sep 05 13:49:47 imap-login: Debug: Ignoring unknown passdb extra field:
> ==> /var/log/dovecot.info <=> Sep 05 13:49:47 imap-login: Info:
Disconnected (auth failed, 1
> attempts in 6 secs): user=<user00 at realdomain.org>, method=PLAIN,
> rip=192.168.1.100, lip=192.168.1.100, secured
> 
> On 2017-09-05 13:41, Aki Tuomi wrote:
> 
> No, you modify dovecot.conf
> 
> Aki
> 
> On 05.09.2017 14:40, Pol Hallen wrote: Do I modify
> auth-system.conf.ext only (sorry for the question)
> 
> if yes, I've same problem
> 
> Pol
> 
> On 2017-09-05 13:34, Aki Tuomi wrote:
> 
> Try configuring like this:
> 
> passdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> 
> passdb {
> driver = static
> args = username=%n noauthenticate
> skip = authenticated
> }
> 
> passdb {
> driver = pam
> skip = authenticated
> }
> 
> On 05.09.2017 14:29, Pol Hallen wrote: Sure :) thanks
> 
> cat /var/log/dovecot/[...]
> 
> Sep 05 13:26:02 auth: Debug: auth client connected (pid=30131)
> Sep 05 13:26:02 auth: Debug: client in: AUTH    1       PLAIN
> service=imap    secured session=JK0Bfm9YuqfAqAFk
> lip=192.168.1.100       rip=192.168.1.100       lport=143
> rport=42938   resp=AG1heEBmdWNrYXJvdW5kLm9yZwBQYW5kb3JhMjAwMA=>
(previous base64 data may contain sensitive data)
> Sep 05 13:26:02 auth-worker(30088): Debug:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
lookup
> service=username_format=user00
> Sep 05 13:26:02 auth-worker(30088): Debug:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>): #1/1
> style=1 msg=Password:
> ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth-worker(30088):
Info:
> pam(user00 at realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> pam_authenticate() failed: Authentication failure (password mismatch?)
> (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:26:04 auth: Debug:
> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> lookup: user=user00 at realsystem.org file=/etc/dovecot/users
> ==> /var/log/dovecot.info <=> Sep 05 13:26:04 auth: Info:
> passwd-file(user00 at
realsystem.org,192.168.1.100,<JK0Bfm9YuqfAqAFk>):
> unknown user (given password: pass)
> ==> /var/log/dovecot.debug <=> Sep 05 13:26:06 auth: Debug: client
passdb out: FAIL    1
> user=user00 at realsystem.org
> ==> /var/log/dovecot.info <=> Sep 05 13:26:06 imap-login: Info:
Disconnected (auth failed, 1
> attempts in 4 secs): user=<user00 at realsystem.org>, method=PLAIN,
> rip=192.168.1.100, lip=192.168.1.100, secured
> 
> doveconf -n
> 
> # 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.16 (fed8554)
> # OS: Linux 4.9.0-3-amd64 x86_64 Debian 9.1
> auth_debug = yes
> auth_debug_passwords = yes
> auth_mechanisms = login plain
> auth_verbose = yes
> auth_verbose_passwords = yes
> debug_log_path = /var/log/dovecot.debug
> disable_plaintext_auth = no
> info_log_path = /var/log/dovecot.info
> login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e
> %c
> mail_debug = yes
> mail_home = /home/vmail/%d/%n/Maildir
> mail_location = maildir:~/Maildir
> mail_plugins = " quota quota"
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
> encoded-character vacation subaddress comparator-i;ascii-numeric
> relational regex imap4flags copy include variables body enotify
> environment mailbox date index ihave duplicate mime foreverypart
> extracttext imapflags notify
> namespace inbox {
> inbox = yes
> location > mailbox Drafts {
> special_use = \Drafts
> }
> mailbox Junk {
> special_use = \Junk
> }
> mailbox Sent {
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> special_use = \Sent
> }
> mailbox Trash {
> special_use = \Trash
> }
> prefix > subscriptions = yes
> type = private
> }
> passdb {
> args = username_format=%n
> driver = pam
> }
> passdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> plugin {
> mail_log_events = delete undelete expunge copy mailbox_delete
> mailbox_rename append flag_change
> mail_log_fields = uid box msgid size from subject vsize
> quota = maildir:User quota
> quota_rule = *:storage=10000M
> quota_rule2 = Junk:storage=+100M
> quota_rule3 = SPAM:storage=+100M
> quota_warning = storage=90%% quota-warning 90 %u
> sieve = file:~/sieve;active=~/.dovecot.sieve
> sieve_extensions = +notify +imapflags
> }
> protocols = " imap sieve pop3 sieve"
> quota_full_tempfail = yes
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0666
> user = postfix
> }
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
> service_count = 1
> vsz_limit = 64 M
> }
> service pop3-login {
> inet_listener pop3 {
> port = 110
> }
> inet_listener pop3s {
> port = 995
> ssl = yes
> }
> }
> service quota-warning {
> executable = script /root/bin/quota-warning.sh
> unix_listener quota-warning {
> mode = 0666
> user = vmail
> }
> user = root
> }
> ssl_cert = </etc/dovecot/dovecot.pem
> ssl_dh_parameters_length = 2048
> ssl_key =  # hidden, use -P to show it
> userdb {
> driver = passwd
> }
> userdb {
> args = scheme=SHA256 username_format=%u /etc/dovecot/users
> driver = passwd-file
> }
> userdb {
> args = uid=vmail gid=vmail home=/home/vmail/%d/%n
> driver = static
> }
> verbose_proctitle = yes
> protocol lda {
> mail_plugins = " quota quota sieve quota"
> }
> protocol imap {
> mail_plugins = " quota quota imap_quota"
> }
> 
> On 2017-09-05 13:01, Aki Tuomi wrote:
> 
> Can you provide
> 
> doveconf -n  (with the new config)
> 
> enable auth_debug=yes, auth_verbose=yes and provide logs from
> authentication attempt?
> 
> Aki
> 
> On 05.09.2017 13:37, Pol Hallen wrote: thanks Aki, but with all your
> advices I've same problem: in the logs
> always I see the authentication with user and domain name, so dovecot
> doesn't accept it
> 
> any idea?
> 
> thanks!
> 
> Pol
> 
> On 2017-09-05 10:58, Aki Tuomi wrote:
> 
> Oh right, you need to do it like this...
> 
> after the passwd-file drivers add
> 
> passdb {
> driver = static
> args = username=%n noauthenticate
> }
> 
> Aki
> 
> On 05.09.2017 11:03, Pol Hallen wrote: Hello, thanks for your reply
> 
> I already tried with:
> 
> username_format=%n or auth_username_format=%n but I've same problem
> 
> Pol
> 
> passdb {
> driver = pam
> args = username_format=%n
> }
> 
> also you probably want to consider using driver=passwd instead, if you
> really don't need pam due to some special plugins.
> 
> Aki