pam(foobar at example.com,192.0.1.1,<9zMTUUCGNfHZzMpL>): unknown user (SHA1 of given password: ff75068c2f4d700a49dae204d56477a5ffa5d23d) The password is correct, i.e. 'echo -n 'passed' | openssl dgst -sha1' matches. The user is setup correctly in /etc/dovecot/users (the /etc/dovecot/users was copied from another known-good server, so the syntax is correct and appropriate adjustments have been made for chmod and directory). doveconf -N follows: # 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.3 (f018bbab) # OS: Linux 4.12.14-lp150.12.48-default x86_64 # Hostname: foobar auth_mechanisms = plain login auth_verbose = yes auth_verbose_passwords = sha1 doveadm_password = # hidden, use -P to show it first_valid_uid = 471 imapc_features = rfc822.size fetch-headers imapc_host = foobar.example.com imapc_password = # hidden, use -P to show it imapc_port = 993 imapc_ssl = imaps imapc_user = %u mail_location = maildir:~/Maildir mail_plugin_dir = /usr/lib64/dovecot/modules mail_prefetch_count = 20 mailbox_list_index = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body environment mailbox date ihave enotify namespace inbox { inbox = yes location mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix } passdb { driver = pam name } plugin { sieve = file:~/.dovecot.sieve } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } service imap-login { process_min_avail = 3 } service lmtp { process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } user = my_virtmailuser } service managesieve-login { inet_listener sieve { port = 4190 } inet_listener sieves { address port = 5190 ssl = yes } } ssl = required ssl_ca = </etc/dovecot/ssl/certbot_ca.pem ssl_cert = </etc/dovecot/ssl/certbot.pem ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_min_protocol = TLSv1.2 ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd name } userdb { args = scheme=ARGON2ID username_format=%u /etc/dovecot/users auth_verbose = yes driver = passwd-file name } protocol lmtp { mail_plugins = sieve postmaster_address = foobar at example.com } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to <%t> was automatically rejected:%n%r } protocol imap { mail_max_userip_connections = 20 }
<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> PAM is trying to lookup user@domain while you probably only have user. PAM driver does not yet support username_format. </div> <div> <br> </div> <div> Aki </div> <blockquote type="cite"> <div> On 11 April 2019 15:36 Laura Smith via dovecot < <a href="mailto:dovecot@dovecot.org">dovecot@dovecot.org</a>> wrote: </div> <div> <br> </div> <div> <br> </div> <div> pam( <a href="mailto:foobar@example.com">foobar@example.com</a>,192.0.1.1,<9zMTUUCGNfHZzMpL>): unknown user (SHA1 of given password: ff75068c2f4d700a49dae204d56477a5ffa5d23d) </div> <div> <br> </div> <div> <br> </div> <div> The password is correct, i.e. 'echo -n 'passed' | openssl dgst -sha1' matches. </div> <div> <br> </div> <div> The user is setup correctly in /etc/dovecot/users (the /etc/dovecot/users was copied from another known-good server, so the syntax is correct and appropriate adjustments have been made for chmod and directory). </div> <div> <br> </div> <div> doveconf -N follows: </div> <div> <br> </div> <div> # 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf </div> <div> # Pigeonhole version 0.5.3 (f018bbab) </div> <div> # OS: Linux 4.12.14-lp150.12.48-default x86_64 </div> <div> # Hostname: foobar </div> <div> auth_mechanisms = plain login </div> <div> auth_verbose = yes </div> <div> auth_verbose_passwords = sha1 </div> <div> doveadm_password = # hidden, use -P to show it </div> <div> first_valid_uid = 471 </div> <div> imapc_features = rfc822.size fetch-headers </div> <div> imapc_host = foobar.example.com </div> <div> imapc_password = # hidden, use -P to show it </div> <div> imapc_port = 993 </div> <div> imapc_ssl = imaps </div> <div> imapc_user = %u </div> <div> mail_location = maildir:~/Maildir </div> <div> mail_plugin_dir = /usr/lib64/dovecot/modules </div> <div> mail_prefetch_count = 20 </div> <div> mailbox_list_index = yes </div> <div> managesieve_notify_capability = mailto </div> <div> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body environment mailbox date ihave enotify </div> <div> namespace inbox { </div> <div> inbox = yes </div> <div> location </div> <div> mailbox Drafts { </div> <div> special_use = \Drafts </div> <div> } </div> <div> mailbox Junk { </div> <div> special_use = \Junk </div> <div> } </div> <div> mailbox Sent { </div> <div> special_use = \Sent </div> <div> } </div> <div> mailbox "Sent Messages" { </div> <div> special_use = \Sent </div> <div> } </div> <div> mailbox Trash { </div> <div> special_use = \Trash </div> <div> } </div> <div> prefix </div> <div> } </div> <div> passdb { </div> <div> driver = pam </div> <div> name </div> <div> } </div> <div> plugin { </div> <div> sieve = file:~/.dovecot.sieve </div> <div> } </div> <div> protocols = imap lmtp </div> <div> service auth { </div> <div> unix_listener /var/spool/postfix/private/dovecot-auth { </div> <div> group = postfix </div> <div> mode = 0660 </div> <div> user = postfix </div> <div> } </div> <div> } </div> <div> service imap-login { </div> <div> process_min_avail = 3 </div> <div> } </div> <div> service lmtp { </div> <div> process_min_avail = 5 </div> <div> unix_listener /var/spool/postfix/private/dovecot-lmtp { </div> <div> group = postfix </div> <div> mode = 0660 </div> <div> user = postfix </div> <div> } </div> <div> user = my_virtmailuser </div> <div> } </div> <div> service managesieve-login { </div> <div> inet_listener sieve { </div> <div> port = 4190 </div> <div> } </div> <div> inet_listener sieves { </div> <div> address </div> <div> port = 5190 </div> <div> ssl = yes </div> <div> } </div> <div> } </div> <div> ssl = required </div> <div> ssl_ca = </etc/dovecot/ssl/certbot_ca.pem </div> <div> ssl_cert = </etc/dovecot/ssl/certbot.pem </div> <div> ssl_cipher_list = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS </div> <div> ssl_client_ca_dir = /etc/ssl/certs </div> <div> ssl_dh = # hidden, use -P to show it </div> <div> ssl_key = # hidden, use -P to show it </div> <div> ssl_min_protocol = TLSv1.2 </div> <div> ssl_options = no_compression </div> <div> ssl_prefer_server_ciphers = yes </div> <div> userdb { </div> <div> driver = passwd </div> <div> name </div> <div> } </div> <div> userdb { </div> <div> args = scheme=ARGON2ID username_format=%u /etc/dovecot/users </div> <div> auth_verbose = yes </div> <div> driver = passwd-file </div> <div> name </div> <div> } </div> <div> protocol lmtp { </div> <div> mail_plugins = sieve </div> <div> postmaster_address = <a href="mailto:foobar@example.com">foobar@example.com</a> </div> <div> } </div> <div> protocol lda { </div> <div> deliver_log_format = msgid=%m: %$ </div> <div> mail_plugins = sieve </div> <div> postmaster_address = postmaster </div> <div> quota_full_tempfail = yes </div> <div> rejection_reason = Your message to <%t> was automatically rejected:%n%r </div> <div> } </div> <div> protocol imap { </div> <div> mail_max_userip_connections = 20 </div> <div> } </div> </blockquote> <div> <br> </div> <div class="io-ox-signature"> <pre>--- Aki Tuomi</pre> </div> </body> </html>
On Thursday, April 11, 2019 2:02 PM, Aki Tuomi <aki.tuomi at open-xchange.com> wrote:> PAM is trying to lookup user at domain while you probably only have user. PAM driver does not yet support username_format.? > > AkiBut /etc/dovecot/users file isn't pam ??? I don't need pam if if I'm using /etc/dovecot/users ?? Or am I understanding you wrong?