David Koski
2022-Jan-23 00:22 UTC
NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
After upgrading Debian to 11 I found Dovecot at version 2.3.13
(89f716dc2).? Now auth method NTLM fails and is not even listed:
# doveadm pw -l
SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA
DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1
SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2 SHA256
CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5
/var/log/dovecot.log
Jan 22 16:20:32 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:32 master: Error: service(auth): command startup failed,
throttling for 2.000 secs
Jan 22 16:20:34 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:34 master: Error: service(auth): command startup failed,
throttling for 4.000 secs
Jan 22 16:20:38 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:38 master: Error: service(auth): command startup failed,
throttling for 8.000 secs
Jan 22 16:20:46 auth: Fatal: Unknown authentication mechanism 'NTLM'
Jan 22 16:20:46 master: Error: service(auth): command startup failed,
throttling for 16.000 secs
# doveconf -n
# 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.13 (cdd19fe3)
# OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2
# Hostname: imail.khmfdbyekekelj1rmytwnfh1bc.dx.internal.cloudapp.net
auth_mechanisms = plain login ntlm
debug_log_path = /var/log/dovecot-debug.log
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
maildir_stat_dirs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace compat {
? alias_for ? hidden = yes
? inbox = no
? list = no
? location ? prefix = INBOX.
? separator = .
}
namespace inbox {
? inbox = yes
? location ? mailbox Drafts {
??? special_use = \Drafts
? }
? mailbox Junk {
??? special_use = \Junk
? }
? mailbox Sent {
??? special_use = \Sent
? }
? mailbox "Sent Messages" {
??? special_use = \Sent
? }
? mailbox Trash {
??? special_use = \Trash
? }
? prefix ? separator = .
}
passdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
plugin {
? mail_plugins = " quota trash sieve"
? sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap sieve"
service auth {
? unix_listener /var/spool/postfix/private/auth {
??? group = postfix
??? mode = 0666
??? user = postfix
? }
? unix_listener auth-client {
??? mode = 0660
? }
}
service stats {
? unix_listener stats-reader {
??? group = vmail
??? mode = 0660
??? user = vmail
? }
? unix_listener stats-writer {
??? group = vmail
??? mode = 0660
??? user = vmail
? }
}
ssl_cert = </etc/letsencrypt/live/imail1.sutinen.com/fullchain.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
protocol lmtp {
? mail_plugins = " quota trash sieve"
? postmaster_address = admin-kosmosisland.com at kosmosisland.com
}
protocol lda {
? mail_plugins = " quota trash sieve"
}
Regards,
David Koski
David Koski
2022-Jan-23 01:29 UTC
NTLM fails: dovecot: auth: Fatal: Unknown authentication mechanism 'NTLM'
Is NTLM now dead?? The Readme says: 2020-10-23 16:24:09 -0400 Josef 'Jeff' Sipek <jeff.sipek at open-xchange.com> (48d6f7282) ??? auth: Remove ntlm mechanism & the LANMAN and NTLM password schemes M?????? COPYING M?????? configure.ac M?????? src/Makefile.am M?????? src/auth/Makefile.am D?????? src/auth/mech-ntlm.c M?????? src/auth/mech.c M?????? src/auth/password-scheme.c M?????? src/auth/test-libpassword.c M?????? src/auth/test-mech.c M?????? src/doveadm/Makefile.am D?????? src/lib-ntlm/Makefile.am D?????? src/lib-ntlm/ntlm-des.c D?????? src/lib-ntlm/ntlm-des.h D?????? src/lib-ntlm/ntlm-encrypt.c D?????? src/lib-ntlm/ntlm-encrypt.h D?????? src/lib-ntlm/ntlm-flags.h D?????? src/lib-ntlm/ntlm-message.c D?????? src/lib-ntlm/ntlm-message.h D?????? src/lib-ntlm/ntlm-types.h D?????? src/lib-ntlm/ntlm.h David On 1/22/22 4:22 PM, David Koski wrote:> After upgrading Debian to 11 I found Dovecot at version 2.3.13 > (89f716dc2).? Now auth method NTLM fails and is not even listed: > > # doveadm pw -l > SHA1 SSHA512 SCRAM-SHA-256 BLF-CRYPT PLAIN HMAC-MD5 OTP SHA512 SHA > DES-CRYPT CRYPT SSHA MD5-CRYPT PLAIN-MD4 PLAIN-MD5 SCRAM-SHA-1 > SHA512-CRYPT CLEAR CLEARTEXT ARGON2I ARGON2ID SSHA256 MD5 PBKDF2 > SHA256 CRAM-MD5 PLAIN-TRUNC SHA256-CRYPT SMD5 DIGEST-MD5 LDAP-MD5 > > /var/log/dovecot.log > Jan 22 16:20:32 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:32 master: Error: service(auth): command startup failed, > throttling for 2.000 secs > Jan 22 16:20:34 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:34 master: Error: service(auth): command startup failed, > throttling for 4.000 secs > Jan 22 16:20:38 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:38 master: Error: service(auth): command startup failed, > throttling for 8.000 secs > Jan 22 16:20:46 auth: Fatal: Unknown authentication mechanism 'NTLM' > Jan 22 16:20:46 master: Error: service(auth): command startup failed, > throttling for 16.000 secs > > # doveconf -n > # 2.3.13 (89f716dc2): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.13 (cdd19fe3) > # OS: Linux 5.10.0-11-amd64 x86_64 Debian 11.2 > # Hostname: imail.khmfdbyekekelj1rmytwnfh1bc.dx.internal.cloudapp.net > auth_mechanisms = plain login ntlm > debug_log_path = /var/log/dovecot-debug.log > info_log_path = /var/log/dovecot-info.log > log_path = /var/log/dovecot.log > maildir_stat_dirs = yes > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext > namespace compat { > ? alias_for > ? hidden = yes > ? inbox = no > ? list = no > ? location > ? prefix = INBOX. > ? separator = . > } > namespace inbox { > ? inbox = yes > ? location > ? mailbox Drafts { > ??? special_use = \Drafts > ? } > ? mailbox Junk { > ??? special_use = \Junk > ? } > ? mailbox Sent { > ??? special_use = \Sent > ? } > ? mailbox "Sent Messages" { > ??? special_use = \Sent > ? } > ? mailbox Trash { > ??? special_use = \Trash > ? } > ? prefix > ? separator = . > } > passdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } > plugin { > ? mail_plugins = " quota trash sieve" > ? sieve = file:~/sieve;active=~/.dovecot.sieve > } > protocols = " imap sieve" > service auth { > ? unix_listener /var/spool/postfix/private/auth { > ??? group = postfix > ??? mode = 0666 > ??? user = postfix > ? } > ? unix_listener auth-client { > ??? mode = 0660 > ? } > } > service stats { > ? unix_listener stats-reader { > ??? group = vmail > ??? mode = 0660 > ??? user = vmail > ? } > ? unix_listener stats-writer { > ??? group = vmail > ??? mode = 0660 > ??? user = vmail > ? } > } > ssl_cert = </etc/letsencrypt/live/imail1.sutinen.com/fullchain.pem > ssl_client_ca_dir = /etc/ssl/certs > ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > userdb { > ? args = /etc/dovecot/dovecot-sql.conf.ext > ? driver = sql > } > protocol lmtp { > ? mail_plugins = " quota trash sieve" > ? postmaster_address = admin-kosmosisland.com at kosmosisland.com > } > protocol lda { > ? mail_plugins = " quota trash sieve" > } > > Regards, > David Koski >