pam(foobar at example.com,192.0.1.1,<9zMTUUCGNfHZzMpL>): unknown user
(SHA1 of given password: ff75068c2f4d700a49dae204d56477a5ffa5d23d)
The password is correct, i.e. 'echo -n 'passed' | openssl dgst
-sha1' matches.
The user is setup correctly in /etc/dovecot/users (the /etc/dovecot/users was
copied from another known-good server, so the syntax is correct and appropriate
adjustments have been made for chmod and directory).
doveconf -N follows:
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: Linux 4.12.14-lp150.12.48-default x86_64
# Hostname: foobar
auth_mechanisms = plain login
auth_verbose = yes
auth_verbose_passwords = sha1
doveadm_password = # hidden, use -P to show it
first_valid_uid = 471
imapc_features = rfc822.size fetch-headers
imapc_host = foobar.example.com
imapc_password = # hidden, use -P to show it
imapc_port = 993
imapc_ssl = imaps
imapc_user = %u
mail_location = maildir:~/Maildir
mail_plugin_dir = /usr/lib64/dovecot/modules
mail_prefetch_count = 20
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body environment mailbox date ihave enotify
namespace inbox {
inbox = yes
location mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix }
passdb {
driver = pam
name }
plugin {
sieve = file:~/.dovecot.sieve
}
protocols = imap lmtp
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
process_min_avail = 3
}
service lmtp {
process_min_avail = 5
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
user = my_virtmailuser
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieves {
address port = 5190
ssl = yes
}
}
ssl = required
ssl_ca = </etc/dovecot/ssl/certbot_ca.pem
ssl_cert = </etc/dovecot/ssl/certbot.pem
ssl_cipher_list =
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1.2
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
name }
userdb {
args = scheme=ARGON2ID username_format=%u /etc/dovecot/users
auth_verbose = yes
driver = passwd-file
name }
protocol lmtp {
mail_plugins = sieve
postmaster_address = foobar at example.com
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
protocol imap {
mail_max_userip_connections = 20
}
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
PAM is trying to lookup user@domain while you probably only have user. PAM
driver does not yet support username_format.
</div>
<div>
<br>
</div>
<div>
Aki
</div>
<blockquote type="cite">
<div>
On 11 April 2019 15:36 Laura Smith via dovecot <
<a
href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>>
wrote:
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
pam(
<a
href="mailto:foobar@example.com">foobar@example.com</a>,192.0.1.1,<9zMTUUCGNfHZzMpL>):
unknown user (SHA1 of given password: ff75068c2f4d700a49dae204d56477a5ffa5d23d)
</div>
<div>
<br>
</div>
<div>
<br>
</div>
<div>
The password is correct, i.e. 'echo -n 'passed' | openssl dgst
-sha1' matches.
</div>
<div>
<br>
</div>
<div>
The user is setup correctly in /etc/dovecot/users (the /etc/dovecot/users
was copied from another known-good server, so the syntax is correct and
appropriate adjustments have been made for chmod and directory).
</div>
<div>
<br>
</div>
<div>
doveconf -N follows:
</div>
<div>
<br>
</div>
<div>
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
</div>
<div>
# Pigeonhole version 0.5.3 (f018bbab)
</div>
<div>
# OS: Linux 4.12.14-lp150.12.48-default x86_64
</div>
<div>
# Hostname: foobar
</div>
<div>
auth_mechanisms = plain login
</div>
<div>
auth_verbose = yes
</div>
<div>
auth_verbose_passwords = sha1
</div>
<div>
doveadm_password = # hidden, use -P to show it
</div>
<div>
first_valid_uid = 471
</div>
<div>
imapc_features = rfc822.size fetch-headers
</div>
<div>
imapc_host = foobar.example.com
</div>
<div>
imapc_password = # hidden, use -P to show it
</div>
<div>
imapc_port = 993
</div>
<div>
imapc_ssl = imaps
</div>
<div>
imapc_user = %u
</div>
<div>
mail_location = maildir:~/Maildir
</div>
<div>
mail_plugin_dir = /usr/lib64/dovecot/modules
</div>
<div>
mail_prefetch_count = 20
</div>
<div>
mailbox_list_index = yes
</div>
<div>
managesieve_notify_capability = mailto
</div>
<div>
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body environment mailbox date ihave enotify
</div>
<div>
namespace inbox {
</div>
<div>
inbox = yes
</div>
<div>
location </div>
<div>
mailbox Drafts {
</div>
<div>
special_use = \Drafts
</div>
<div>
}
</div>
<div>
mailbox Junk {
</div>
<div>
special_use = \Junk
</div>
<div>
}
</div>
<div>
mailbox Sent {
</div>
<div>
special_use = \Sent
</div>
<div>
}
</div>
<div>
mailbox "Sent Messages" {
</div>
<div>
special_use = \Sent
</div>
<div>
}
</div>
<div>
mailbox Trash {
</div>
<div>
special_use = \Trash
</div>
<div>
}
</div>
<div>
prefix </div>
<div>
}
</div>
<div>
passdb {
</div>
<div>
driver = pam
</div>
<div>
name </div>
<div>
}
</div>
<div>
plugin {
</div>
<div>
sieve = file:~/.dovecot.sieve
</div>
<div>
}
</div>
<div>
protocols = imap lmtp
</div>
<div>
service auth {
</div>
<div>
unix_listener /var/spool/postfix/private/dovecot-auth {
</div>
<div>
group = postfix
</div>
<div>
mode = 0660
</div>
<div>
user = postfix
</div>
<div>
}
</div>
<div>
}
</div>
<div>
service imap-login {
</div>
<div>
process_min_avail = 3
</div>
<div>
}
</div>
<div>
service lmtp {
</div>
<div>
process_min_avail = 5
</div>
<div>
unix_listener /var/spool/postfix/private/dovecot-lmtp {
</div>
<div>
group = postfix
</div>
<div>
mode = 0660
</div>
<div>
user = postfix
</div>
<div>
}
</div>
<div>
user = my_virtmailuser
</div>
<div>
}
</div>
<div>
service managesieve-login {
</div>
<div>
inet_listener sieve {
</div>
<div>
port = 4190
</div>
<div>
}
</div>
<div>
inet_listener sieves {
</div>
<div>
address </div>
<div>
port = 5190
</div>
<div>
ssl = yes
</div>
<div>
}
</div>
<div>
}
</div>
<div>
ssl = required
</div>
<div>
ssl_ca = </etc/dovecot/ssl/certbot_ca.pem
</div>
<div>
ssl_cert = </etc/dovecot/ssl/certbot.pem
</div>
<div>
ssl_cipher_list =
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
</div>
<div>
ssl_client_ca_dir = /etc/ssl/certs
</div>
<div>
ssl_dh = # hidden, use -P to show it
</div>
<div>
ssl_key = # hidden, use -P to show it
</div>
<div>
ssl_min_protocol = TLSv1.2
</div>
<div>
ssl_options = no_compression
</div>
<div>
ssl_prefer_server_ciphers = yes
</div>
<div>
userdb {
</div>
<div>
driver = passwd
</div>
<div>
name </div>
<div>
}
</div>
<div>
userdb {
</div>
<div>
args = scheme=ARGON2ID username_format=%u /etc/dovecot/users
</div>
<div>
auth_verbose = yes
</div>
<div>
driver = passwd-file
</div>
<div>
name </div>
<div>
}
</div>
<div>
protocol lmtp {
</div>
<div>
mail_plugins = sieve
</div>
<div>
postmaster_address =
<a
href="mailto:foobar@example.com">foobar@example.com</a>
</div>
<div>
}
</div>
<div>
protocol lda {
</div>
<div>
deliver_log_format = msgid=%m: %$
</div>
<div>
mail_plugins = sieve
</div>
<div>
postmaster_address = postmaster
</div>
<div>
quota_full_tempfail = yes
</div>
<div>
rejection_reason = Your message to <%t> was automatically
rejected:%n%r
</div>
<div>
}
</div>
<div>
protocol imap {
</div>
<div>
mail_max_userip_connections = 20
</div>
<div>
}
</div>
</blockquote>
<div>
<br>
</div>
<div class="io-ox-signature">
<pre>---
Aki Tuomi</pre>
</div>
</body>
</html>
On Thursday, April 11, 2019 2:02 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:> PAM is trying to lookup user at domain while you probably only have user. PAM driver does not yet support username_format.? > > AkiBut /etc/dovecot/users file isn't pam ??? I don't need pam if if I'm using /etc/dovecot/users ?? Or am I understanding you wrong?