absolutely_free at libero.it
2021-Dec-01 16:09 UTC
Requested CRAM-MD5 scheme, but we have only CRYPT
Hi,
I use dovecot-2.3.15 with MySQL backend for authentication.
I just converted cleartext credentials in SSHA512. Authentication
(POP3/IMAP/Roundcube webmail) is working fine.
I got a few users complianing about login issues with Thunderbird.
Logs show this:
Dec 1 16:34:52 mailserver dovecot[72554] auth-worker(72559): conn
unix:auth-worker (uid=143): auth-worker<5294>: sql(user at
domain.net,xx.yy.ww.zz,<g+jCZhfS/N1dKskw>): Requested CRAM-MD5 scheme, but
we have only CRYPT
I don't understand this error. It seems I still support CRAM-MD5:
telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+
STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
This is my conf:
doveconf -n
# 2.3.15 (0503334ab1): /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 13.0-RELEASE-p4 amd64 zfs
# Hostname: server.domain.net
doveconf: Warning: please set ssl_dh=</usr/local/etc/dovecot/dh.pem
doveconf: Warning: You can generate it with: dd
if=/var/db/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der
> /usr/local/etc/dovecot/dh.pem
auth_debug = yes
auth_mechanisms = plain login digest-md5 cram-md5
auth_verbose = yes
default_client_limit = 2000
default_process_limit = 500
default_vsz_limit = 512 M
disable_plaintext_auth = no
first_valid_gid = 125
first_valid_uid = 125
imap_id_log = *
mail_gid = 1003
mail_location = maildir:/mail/domains
mail_privileged_group = postfix
mail_uid = 1003
namespace inbox {
inbox = yes
location mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix }
passdb {
args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
driver = sql
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = postfix
mode = 0600
user = postfix
}
}
service imap {
process_limit = 1024
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
ssl_cert = </etc/ssl/wildcard.domain.net_bundle.crt
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
driver = sql
}
protocol imap {
mail_max_userip_connections = 100
}
this is my dovecot-sql-crypt.conf.ext:
# cat /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext
driver=mysql
default_pass_scheme=CRYPT
connect= host=db.domain.net port=3306 dbname=mail user=user
password=xxxxxxxxxxxxxxxxxxxx
#password_query = SELECT case when crypt is not null then crypt else password
end as password FROM `mailbox` WHERE username='%u' AND
suspended='N'
password_query = SELECT case when crypt is not null then crypt else
password_crypt end as password FROM `mailbox` WHERE username='%u' AND
suspended='N'
user_query = SELECT concat('maildir:',home) as mail, 125 AS uid, 125 AS
gid FROM mailbox WHERE username='%u' AND suspended='N'
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20211201/c747f0cd/attachment.htm>
auth_mechanisms = plain login digest-md5 cram-md5 You still advertise them though. Aki> On 01/12/2021 18:09 absolutely_free at libero.it wrote: > > > Hi, > I use dovecot-2.3.15 with MySQL backend for authentication. > I just converted cleartext credentials in SSHA512. Authentication (POP3/IMAP/Roundcube webmail) is working fine. > I got a few users complianing about login issues with Thunderbird. > Logs show this: > Dec 1 16:34:52 mailserver dovecot[72554] auth-worker(72559): conn unix:auth-worker (uid=143): auth-worker<5294>: sql(user at domain.net,xx.yy.ww.zz,<g+jCZhfS/N1dKskw>): Requested CRAM-MD5 scheme, but we have only CRYPT > I don't understand this error. It seems I still support CRAM-MD5: > telnet localhost 143 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready. > > This is my conf: > > doveconf -n > # 2.3.15 (0503334ab1): /usr/local/etc/dovecot/dovecot.conf > # OS: FreeBSD 13.0-RELEASE-p4 amd64 zfs > # Hostname: server.domain.net > doveconf: Warning: please set ssl_dh=</usr/local/etc/dovecot/dh.pem > doveconf: Warning: You can generate it with: dd if=/var/db/dovecot/ssl-parameters.dat bs=1 skip=88 | openssl dhparam -inform der > /usr/local/etc/dovecot/dh.pem > auth_debug = yes > auth_mechanisms = plain login digest-md5 cram-md5 > auth_verbose = yes > default_client_limit = 2000 > default_process_limit = 500 > default_vsz_limit = 512 M > disable_plaintext_auth = no > first_valid_gid = 125 > first_valid_uid = 125 > imap_id_log = * > mail_gid = 1003 > mail_location = maildir:/mail/domains > mail_privileged_group = postfix > mail_uid = 1003 > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Trash { > special_use = \Trash > } > prefix > } > passdb { > args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext > driver = sql > } > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0666 > user = postfix > } > unix_listener auth-userdb { > group = postfix > mode = 0600 > user = postfix > } > } > service imap { > process_limit = 1024 > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > ssl_cert = </etc/ssl/wildcard.domain.net_bundle.crt > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > userdb { > args = /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext > driver = sql > } > protocol imap { > mail_max_userip_connections = 100 > } > > this is my dovecot-sql-crypt.conf.ext: > > # cat /usr/local/etc/dovecot/dovecot-sql-crypt.conf.ext > driver=mysql > default_pass_scheme=CRYPT > connect= host=db.domain.net port=3306 dbname=mail user=user password=xxxxxxxxxxxxxxxxxxxx > #password_query = SELECT case when crypt is not null then crypt else password end as password FROM `mailbox` WHERE username='%u' AND suspended='N' > password_query = SELECT case when crypt is not null then crypt else password_crypt end as password FROM `mailbox` WHERE username='%u' AND suspended='N' > user_query = SELECT concat('maildir:',home) as mail, 125 AS uid, 125 AS gid FROM mailbox WHERE username='%u' AND suspended='N' > Thank you