Re: [exim] Exim auth driver dovecot 'LOGIN' fails?

2023-01-30 Thread Jeremy Harris via Exim-users 

On 25/01/2023 16:25, Sander Smeenk via Exim-users wrote:

Is Exim's dovecot driver for LOGIN auth broken or am i doing something
wrong?


It's working fine for me in test, though I don't see you doing
anything wrong.  The debug shows the "OK" response from dovecot;
it's not clear where the temporary-error creeps in, between there
and the SMTP response.
--
Cheers,
  Jeremy


--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

[exim] Exim auth driver dovecot 'LOGIN' fails?

2023-01-25 Thread Sander Smeenk via Exim-users 
Hello list,

Is Exim's dovecot driver for LOGIN auth broken or am i doing something
wrong? The PLAIN auth variant is working fine. Attached is the relevant
debug logging from both Dovecot auth as well as Exim.

This is Exim 4.95-4ubuntu2.2 & Dovecot 1:2.3.16+dfsg1-3ubuntu2.1 from
Ubuntu 22.04 Jammy stock packages.

When using AUTH LOGIN method, Exim tells me '435 Unable to authenticate
at present', but Dovecot auth seems to log the authentication as
successful?

The exact same user/pass combo works fine for PLAIN, also included in
the attached debug log file.

Exim config:

| begin authenticators
| dovecot_plain:
| driver = dovecot
| public_name = PLAIN
| server_socket = /run/dovecot/auth-client
| server_set_id = $auth1
| 
| dovecot_login:
| driver = dovecot
| public_name = LOGIN
| server_socket = /run/dovecot/auth-client
| server_set_id = $auth1

Dovecot config has:

| auth_mechanisms = plain login
| disable_plaintext_auth = no

As can be seen in the debug logging.

Authentication using 'doveadm' and other methods succeeds fine, so i
doubt this is Dovecot configuration related and why i'm asking here
first. ;)

Thanks!
-Sndr.
-- 
| I entered 10 puns in a pun contest hoping one would win, but no pun in ten 
did.
| 4096R/20CC6CD2 - 6D40 1A20 B9AA 87D4 84C7  FBD6 F3A9 9442 20CC 6CD2
31823 SMTP<< AUTH LOGIN
31823 dovecot authentication
31823 auth_dovecot_server 297
31823 auth_dovecot_server 300
31823 received: 'VERSION1   2'
31823 105 read but unreturned bytes; strcut() gave 3 results:  {VERSION} {1} 
{2} last is 
31823 auth_dovecot_server 297
31823 auth_dovecot_server 300
31823 received: 'MECH   PLAIN   plaintext'
31823 84 read but unreturned bytes; strcut() gave 3 results:  {MECH} {PLAIN} 
{plaintext} last is 
31823 auth_dovecot_server 297
31823 auth_dovecot_server 300
31823 received: 'MECH   LOGIN   plaintext'
31823 63 read but unreturned bytes; strcut() gave 3 results:  {MECH} {LOGIN} 
{plaintext} last is 
31823 auth_dovecot_server 297
31823 auth_dovecot_server 300
31823 received: 'SPID   31824'
31823 52 read but unreturned bytes; strcut() gave 2 results:  {SPID} {31824} 
last is 
31823 auth_dovecot_server 297
31823 auth_dovecot_server 300
31823 received: 'CUID   1'
31823 45 read but unreturned bytes; strcut() gave 2 results:  {CUID} {1} last 
is 
31823 auth_dovecot_server 297
31823 auth_dovecot_server 300
31823 received: 'COOKIE 0c348b5a483a3ec81f1898119d034807'
31823 5 read but unreturned bytes; strcut() gave 2 results:  {COOKIE} 
{0c348b5a483a3ec81f1898119d034807} last is 
31823 auth_dovecot_server 297
31823 auth_dovecot_server 300
31823 received: 'DONE'
31823 0 read but unreturned bytes; strcut() gave 1 results:  {DONE} last is 

31823 sent: 'VERSION1   0
31823 CPID  31823
31823 AUTH  1   LOGIN   service=smtpsecured rip=[CLIENTADDR]
lip=[SERVERADDR]nologin resp=
31823 '
31823 received: 'CONT   1   VXNlcm5hbWU6'
31823 0 read but unreturned bytes; strcut() gave 3 results:  {CONT} {1} 
{VXNlcm5hbWU6} last is 
31823 SMTP>> 334 VXNlcm5hbWU6
31823 tls_write(0x56338111d7d8, 18)
31823 gnutls_record_send(session=0x563381404ac0, buffer=0x56338111d7d8, left=18)
31823 outbytes=18
31823 Calling gnutls_record_recv(session=0x563381404ac0, buffer=0x56338140c7c8, 
buffersize=4096)
31823 received: 'CONT   1   UGFzc3dvcmQ6'
31823 0 read but unreturned bytes; strcut() gave 3 results:  {CONT} {1} 
{UGFzc3dvcmQ6} last is 
31823 SMTP>> 334 UGFzc3dvcmQ6
31823 tls_write(0x56338111d7d8, 18)
31823 gnutls_record_send(session=0x563381404ac0, buffer=0x56338111d7d8, left=18)
31823 outbytes=18
31823 Calling gnutls_record_recv(session=0x563381404ac0, buffer=0x56338140c7c8, 
buffersize=4096)
31823 received: 'OK 1   user=s.smeenk@[REDACTED]'
31823 0 read but unreturned bytes; strcut() gave 4 results:  {OK} {1} 
{user=s.smeenk@[REDACTED]} {} last is 
31823 dovecot_login authenticator server_condition:
31823   $auth1 = s.smeenk@[REDACTED]
31823   $1 = s.smeenk@[REDACTED]
31823 SMTP>> 435 Unable to authenticate at present

dovecot: auth: Debug: auth client connected (pid=0)
dovecot: auth: Debug: client in: 
AUTH#0111#011LOGIN#011service=smtp#011secured#011rip=[CLIENTADDR]#011lip=[SERVERADDR]#011nologin#011resp=
dovecot: auth: Debug: client passdb out: CONT#0111#011VXNlcm5hbWU6
dovecot: auth: Debug: client in: CONT
dovecot: auth: Debug: client passdb out: CONT#0111#011UGFzc3dvcmQ6
dovecot: auth: Debug: client in: CONT
dovecot: auth: Debug: ldap(s.smeenk@[REDACTED],[CLIENTADDR]): Performing passdb 
lookup
dovecot: auth: Debug: ldap(s.smeenk@[REDACTED],[CLIENTADDR]): pass search: 
base=ou=mailboxen [REDACTED]
dovecot: auth: Debug: ldap(s.smeenk@[REDACTED],[CLIENTADDR]): result: 
MailAdres=s.smeenk@[REDACTED] MailboxPassword={CRYPT}$6$TcU0mG1NHxdX9FV[..]; 
MailAdres,MailboxPassword unused
dovecot: auth: Debug: ldap(s.smeenk@[REDACTED],[CLIENTADDR]): Finished passdb 
lookup
dovecot: auth: Debug: auth(s.smeenk@[REDACTED],[CLIENTADDR]):