Re: [Dovecot] zlib plugin bug?
El 08/03/13 14:13, Jan Phillip Greimann escribió: Hi there, got a problem with the zlib plugin, just wanted to test it on a test-mailserver, configured like in the wiki (http://wiki2.dovecot.org/Plugins/Zlib) and restarted the server. I've send an email to a blank maildir++ mailbox, the file is saved as gzip compressed file, but the Z flag is missing in the filename. zlib plugin doesn't put any flag in messages. The Z flag mentioned in the wiki is one you could put if your are compressing an existing mailbox in order to know which files you have previously compressed. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337
[Dovecot] 2.2rc2 core dump
Hi, using dovecot 2.2rc2 I got core dumps during IMAP subscription change if the CONTROL directory (specified in mail_location) does not exists. userdb_mail: mbox:~/Test:INBOX=~/Test/heiko:INDEX=~/.imap/index:CONTROL=~/.imap/control If ~/.imap/control does not exists, dovecot crashes. See below for log msg, full backtrace and configuration. Heiko Heiko SchlichtingFreie Universität Berlin heiko.schlicht...@fu-berlin.de Zentraleinrichtung für Datenverarbeitung Telefon +49 30 838-54327 Fabeckstraße 32 Telefax +49 30 838454327 14195 Berlin --- Mar 11 13:57:42 12:island dovecot: imap(heiko): Panic: file mailbox-list.c: line 1066 (mailbox_list_try_mkdir_root): assertion failed: (strncmp(root_dir, path, strlen(root_dir)) == 0) Mar 11 13:57:42 13:island dovecot: imap(heiko): Error: Raw backtrace: /home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60c8a) [0x7f12ad342c8a] - /home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60cd6) [0x7f12ad342cd6] - /home/dovecot/server/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f12ad303faf] - /home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(mailbox_list_try_mkdir_root+0x573) [0x7f12ad61db43] - /home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(mailbox_list_mkdir_root+0x12) [0x7f12ad61db92] - /home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(subsfile_set_subscribed+0x346) [0x7f12ad62ff66] - /home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(mailbox_list_set_subscribed+0x1b) [0x7f12ad61aebb] - /home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(index_storage_set_subscribed+0x48) [0x7f12ad63f3c8] - dovecot/imap [heiko 130.133.5.5 subscribe](cmd_subscribe_full+0xd8) [0x4129c8] - dovecot/imap [heiko 130.133.5.5 subscribe](command_exec+0x3d) [0x41604d] - dovecot/imap [heiko 130.133.5.5 subscribe]() [0x4151a0] - dovecot/imap [heiko 130.133.5.5 subscribe]() [0x41528d] - dovecot/imap [heiko 130.133.5.5 subscribe](client_handle_input+0x11d) [0x41550d] - dovecot/imap [heiko 130.133.5.5 subscribe](client_input+0x6f) [0x41588f] - /home/dovecot/server/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36) [0x7f12ad3518f6] - /home/dovecot/server/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf) [0x7f12ad35296f] - /home/dovecot/server/lib/dovecot/libdovecot.so.0(io_loop_run+0x28) [0x7f12ad351898] - /home/dovecot/server/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f12ad308c03] - dovecot/imap [heiko 130.133.5.5 subscribe](main+0x2a7) [0x41eb17] - /lib/libc.so.6(__libc_start_main+0xfd) [0x7f12acf9ec8d] - dovecot/imap [heiko 130.133.5.5 subscribe]() [0x40b559] Mar 11 13:57:42 12:island dovecot: imap(heiko): Fatal: master: service(imap): child 387120 killed with signal 6 (core dumped) --- Core was generated by `dovecot/imap'. Program terminated with signal 6, Aborted. #0 0x7f12acfb21b5 in *__GI_raise (sig=value optimized out) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 in ../nptl/sysdeps/unix/sysv/linux/raise.c #0 0x7f12acfb21b5 in *__GI_raise (sig=value optimized out) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 pid = value optimized out selftid = value optimized out #1 0x7f12acfb4fc0 in *__GI_abort () at abort.c:92 act = {__sigaction_handler = {sa_handler = 0x2, sa_sigaction = 0x2}, sa_mask = {__val = {139718192212334, 140734208616120, 140734208615824, 15504224, 139718192015737, 139718188100360, 139718199721984, 206158430224, 4294967295, 140734208615136, 1, 2826480, 0, 140734208615824, 15504224, 139718191620096}}, sa_flags = -1383389422, sa_restorer = 0x1} sigs = {__val = {32, 0 repeats 15 times}} #2 0x7f12ad342c9d in default_fatal_finish (type=value optimized out, status=0) at failures.c:191 backtrace = 0xec93d0 /home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60c8a) [0x7f12ad342c8a] - /home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60cd6) [0x7f12ad342cd6] - /home/dovecot/server/lib/dovecot/libdoveco... #3 0x7f12ad342cd6 in i_internal_fatal_handler (ctx=0x7fff3c832420, format=value optimized out, args=value optimized out) at failures.c:652 status = 0 #4 0x7f12ad303faf in i_panic (format=0x5e830 Address 0x5e830 out of bounds) at failures.c:263 ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0} args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7fff3c8324f0, reg_save_area = 0x7fff3c832430}} #5 0x7f12ad61db43 in mailbox_list_try_mkdir_root (list=0xedfa30, path=0xec9340 /home/heiko/.imap/control, type=MAILBOX_LIST_PATH_TYPE_CONTROL, error_r=0x7fff3c8326b8) at mailbox-list.c:1066 root_dir = 0xec9360 /home/heiko/.imap/control/.imap error = value optimized out st = {st_dev = 0, st_ino = 139718191603264, st_nlink = 6471272, st_mode = 63, st_uid = 0, st_gid =
Re: [Dovecot] zlib plugin bug?
Am 11.03.2013 08:05, schrieb Angel L. Mateo: zlib plugin doesn't put any flag in messages. The Z flag mentioned in the wiki is one you could put if your are compressing an existing mailbox in order to know which files you have previously compressed. Thank you. I noticed later that there is no Z-flag by default for compressed mails. I think it should be added to the plugin, but maybe it isn't possible. Greetings, Jan
[Dovecot] Random questions on backing up Dovecot
Hi, I've read a few threads about the subject, but I am hoping someone can comment on a few misunderstandings that I might have? It seems like doing a tar of the mail folder location then rsyncing it over to the backup location is the general idea. I plan to have dovecot create 6 virtual users using Maildir, located at /var/mail. A few specifics I am unclear on: 1) Someone here gave a descriptive outline on this here: http://www.dovecot.org/list/dovecot/2011-August/060368.html It's a bit silly, but does anyone have any comments about his suggestion on doing a 'tar cvf' first, then doing a gzip on that archive? Are the benefits really that great? 2) My lack of understanding of control files and index files contribute to this question. If I want to move to a new server and I only tar'd my /var/mail, how does this affect control files? Is it as simple as just copying pasting back into /var/mail on the new server, and then Dovecot will create new UUIDs for the messages? 3) How do I handle the case where the script is currently tarring/gzipping the entire /var/mail, but I receive a new mail during that period? What happens if I use thunderbird to delete a mail during the archiving process?
[Dovecot] Integrating with Drupal SQL db
Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
Re: [Dovecot] Integrating with Drupal SQL db
On 3/11/13 11:57 AM, i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix# As far as I understand Drupal uses salted passwords, so you would need to return the password + salt in the sql query. I am not sure what position the salt is offset for a password with Drupal, but that should be simple to determine looking at the source.
Re: [Dovecot] Integrating with Drupal SQL db
i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU This is not CRAM-MD5, is it? Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. This is what I get connecting to your server: Connected to stos.se. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 NAMESPACE ID AUTH=PLAIN AUTH=LOGIN UIDPLUS STARTTLS ACL METADATA] Debian-60-squeeze-64-minimal IMAP4rev1 Citadel 7.83 ready This is what I get connecting to mine: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready. I see no AUTH=CRAM-MD5 in capabilites of your server. Andreas
[Dovecot] doveadm password check
Hi, I want to write some php code that users can change there dovecot password via a roundcube plugin. I'm using php function crypt(...) to generate the hashes and everything works well so far. I'm using doveadm pw to generate testhashes e.g.: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc {BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y I expected an ok when using -t the hash when entering abc as a password, but I got: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -t \{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y Enter password to verify: doveadm(root): Fatal: reverse password verification check failed: Password mismatch What went wrong? Kind Regards Thomas
Re: [Dovecot] Integrating with Drupal SQL db
Hello! I took the thread back to the list. Tobias Rådenholt tobias.radenh...@stos.se wrote: I think it is ssha512 hashing. It's not stos.se that's affected. It's swedishschoolinsydney.org.au Just found this: capabilities are 'IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED' meaning you can log in via STARTTLS but not via plaintext authentication. Does it have something to do woth your problem? Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Thanks! /Tobias Andreas i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU This is not CRAM-MD5, is it? Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. This is what I get connecting to your server: Connected to stos.se. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 NAMESPACE ID AUTH=PLAIN AUTH=LOGIN UIDPLUS STARTTLS ACL METADATA] Debian-60-squeeze-64-minimal IMAP4rev1 Citadel 7.83 ready This is what I get connecting to mine: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready. I see no AUTH=CRAM-MD5 in capabilites of your server. Andreas
Re: [Dovecot] doveadm password check
On 3/11/2013 12:20 PM, Thomas Pries wrote: Hi, I want to write some php code that users can change there dovecot password via a roundcube plugin. I'm using php function crypt(...) to generate the hashes and everything works well so far. I'm using doveadm pw to generate testhashes e.g.: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc {BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y I expected an ok when using -t the hash when entering abc as a password, but I got: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -t \{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y Enter password to verify: doveadm(root): Fatal: reverse password verification check failed: Password mismatch There are several bugs dealing with what you are doing. They are currently in the works and will be fixed in a future release of Dovecot. 1) Crypt hashes should not have the {...} prefix. The $2a$ is the prefix that specifies the Eksblowfish crypt hash, just like $1$ specifies the MD5 crypt hash. doveadm blindly puts the {...} in front of all hashes, which is a bug. When the program goes to verify the hash, it passes the entire string including the {...} part to crypt, which fails, since it does not know what to do with it. 2) The Eksblowfish hash (the $2a$) was originally written on OpenBSD by Niels Provos and David Mazières and was called Bcrypt (Bcrypt is the correct name, not BLF-CRYPT as is used in Dovecot). It was rewritten by Alexander Peslyak. This rewritten version became more popular with Linux distros. This version, however, turned out to have a bug, which Peslyak later fixed, but it means that $2a$ hashes were incompatible based on which library they used: the original OpenBSD, or the buggy Peslyak one. A new hash type, $2y was used to specify the correct hash. Even OpenBSD switched to the new system to maintain compatibility, even though their original libraries were correct. Depending on whether your Eksblowfish (Bcrypt) libraries have been updated or not, there could be a problem with the $2a$ hash. First try to remove the {BLF-CRYPT} from your hash. It is not needed, and may be enough for it to verify. If it still does not verify, then you may have an issue with your crypt libraries. You might, then try changing the $2a$ to $2y$ and see if that makes the Eksblowfish libraries happy. Dem
Re: [Dovecot] doveadm password check
On 03/11/2013 08:20 PM Thomas Pries wrote: Hi, I want to write some php code that users can change there dovecot password via a roundcube plugin. I'm using php function crypt(...) to generate the hashes and everything works well so far. I'm using doveadm pw to generate testhashes e.g.: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc {BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y I expected an ok when using -t the hash when entering abc as a password, but I got: srv:~ # doveadm pw -r 5 -s BLF-CRYPT -t \{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y Enter password to verify: doveadm(root): Fatal: reverse password verification check failed: Password mismatch What went wrong? Usage would be: doveadm pw -t '{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y' Your shell expands $2a and $05$W8… to empty strings. Therefore you should single quotes around strings that contains the dollar sign. Regards, Pascal -- The trapper recommends today: cafebabe.1307...@localdomain.org
Re: [Dovecot] doveadm password check
Hi, On 11.03.2013 22:41, Pascal Volk wrote: On 03/11/2013 08:20 PM Thomas Pries wrote: I expected an ok ... Usage would be: doveadm pw -t '{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y' Your shell expands $2a and $05$W8… to empty strings Thanks, sometimes it is hard to see the wood for the trees :-).
Re: [Dovecot] Integrating with Drupal SQL db
The issue is, drupal uses a custom password format. You could rewrite the password hashs that drupal uses, into a normal crypt ssha256 version, that dovecot will understand, but it will probably going be much easier, to just program it into dovecot to support it. http://joncave.co.uk/2011/01/password-storage-in-drupal-and-wordpress/ Quoting i...@stos.se: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
[Dovecot] dovecot virtual user 'unknown'...
Hi I have a problem whereby Dovecot 1.0.7 is reporting that a recently setup virtual user in /etc/dovecot_passdb is 'unknown'. I have been trying to setup the user 'info' in a plaintext passwd-file /etc/dovecot_passdb as a virtual user, ie non system user. I suspect I have not properly setup 'info' as a virtual imap user... if so, how should I do this? Existing system users are in '/etc/passdb' and authenticate without problems. System users have their home directory in /home/system_user1/mail/.imap eg /home/system_user1/mail/.imap/INBOX ...file is /var/spool/mail/systemuser1 /home/system_user1/mail/.imap/Sent ... file is in /home/system_user1/mail/Sent /home/system_user1/mail/.imap/Drafts... file is in /home/system_user1/mail/Drafts whereas the postfix virtual user's (username is 'info') mailbox is configured as... call it /var/spool/mail/virtualusersdomain1/info Postfix's virtual_mailbox_base = /var/spool/mail. The virtual_mailbox_domains, including that of user 'info', are a subdirectory of /var/spool/mail This is the log entry produced when user 'info' attempts to login via squirrelmail: PLAIN service=IMAPsecured lip=:::127.0.0.1 rip=:::127.0.0.1resp=hidden dovecot: Mar 12 00:32:40 Info: auth(default): passwd-file(info,:::127.0.0.1): lookup: user=info file=/etc/dovecot_passdb dovecot: Mar 12 00:32:40 Info: auth(default): passwd-file(info,:::127.0.0.1): unknown user dovecot: Mar 12 00:32:40 Info: auth(default): pam(info,:::127.0.0.1): lookup service=dovecot dovecot: Mar 12 00:32:40 Info: auth(default): new auth connection: pid=569 dovecot: Mar 12 00:32:42 Info: auth(default): pam(info,:::127.0.0.1): pam_authenticate() failed: Authentication failure dovecot: Mar 12 00:32:42 Info: imap-login: Aborted login: user=info, method=PLAIN, rip=:::127.0.0.1, lip=:::127.0.0.1, secured dovecot: Mar 12 00:32:42 Info: auth(default): client out: FAIL 1 user=info So, /etc/dovecot_passdb has ownership root:root, permissions 644 and only the contents: info:{PLAIN}Myplaintextpassword I have tried logging in both as info and also as info@virtualusersdomain1 dovecot -n shows: # 1.0.7: /etc/dovecot.conf log_path: /var/log/dovecot.log login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_processes_count: 2 mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: verbose: yes debug: yes passdb: driver: passwd-file args: /etc/dovecot_passdb passdb: driver: pam userdb: driver: passwd-file args: home=/var/spool/mail/%d/%n mail=mbox:~/mail /etc/dovecot_passdb userdb: driver: passwd args: /etc/passwd This is all that was in orginally in /etc/dovecot.conf: protocols = imap imaps pop3 pop3s disable_plaintext_auth = no protocol imap { } protocol pop3 { } protocol lda { } auth default { mechanisms = plain } passdb pam { } userdb passwd { } user = root dict { } Dovecot runs as root. Anyway, any advice would be great! Thanks
Re: [Dovecot] Integrating with Drupal SQL db
Do you have any clue on how to rewrite Dovecot to support Drupal 7 hashes? I have a feeling this is going to become over my head. Regards Tobias On Mon, 11 Mar 2013 20:40:16 -0400, Patrick Domack patric...@patrickdk.com wrote: The issue is, drupal uses a custom password format. You could rewrite the password hashs that drupal uses, into a normal crypt ssha256 version, that dovecot will understand, but it will probably going be much easier, to just program it into dovecot to support it. http://joncave.co.uk/2011/01/password-storage-in-drupal-and-wordpress/ Quoting i...@stos.se: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
Re: [Dovecot] Integrating with Drupal SQL db
Hi! I dont know if thats related. The specific error message in the log is that the hash is not a valid one. Regards Tobias On Mon, 11 Mar 2013 20:38:39 +0100, Andreas Meyer anme...@anup.de wrote: Hello! I took the thread back to the list. Tobias Rådenholt tobias.radenh...@stos.se wrote: I think it is ssha512 hashing. It's not stos.se that's affected. It's swedishschoolinsydney.org.au Just found this: capabilities are 'IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED' meaning you can log in via STARTTLS but not via plaintext authentication. Does it have something to do woth your problem? Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Thanks! /Tobias Andreas i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU This is not CRAM-MD5, is it? Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. This is what I get connecting to your server: Connected to stos.se. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 NAMESPACE ID AUTH=PLAIN AUTH=LOGIN UIDPLUS STARTTLS ACL METADATA] Debian-60-squeeze-64-minimal IMAP4rev1 Citadel 7.83 ready This is what I get connecting to mine: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready. I see no AUTH=CRAM-MD5 in capabilites of your server. Andreas
Re: [Dovecot] Integrating with Drupal SQL db
Hi again, this is what I've found regarding how Drupal 7 hashes. $hash = md5($salt . $password, TRUE); do { $hash = md5($hash . $password, TRUE); } while (--$count); The whole final hash value is encoded into 16 base64 characters and prepended by an identifying string, the standard phpass MD5 mode uses $P$ (Drupal’s modified version uses $S$ to indicate SHA-512) and a single base64 character to indicate the number of MD5 iterations used. Examples of a hashed password are: # Drupal 7 hash $S$CgwilRJS4VIF1.2y0R7B4qkXJ8F8SJPcuvXRKGlMWESVXMST.5n4 WordPress 3.0.4 uses the phpass default of 8193 iterations ($count being 8192) and Drupal 7 uses 16385 — notice that the Drupal password has C after the identifier whereas WordPress has B, converted from crypt style base64 (character set [./0-9A-Za-z]) these are 14 and 13 respectively, then take 214 + 1 = 16385. A John the Ripper benchmark, after patching and enabling the usage of phpass portable passwords (WordPress style, 8193 iterations), quotes approximately 700 passwords checked per second. Can I use this inforamtion to make Dovecot understand how to interpret the hash? Thanks! Regards Tobias On Mon, 11 Mar 2013 14:00:22 -0500, l...@airstreamcomm.net l...@airstreamcomm.net wrote: On 3/11/13 11:57 AM, i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix# As far as I understand Drupal uses salted passwords, so you would need to return the password + salt in the sql query. I am not sure what position the salt is offset for a password with Drupal, but that
[Dovecot] stats plugins causing dns lookup per connection
I noticed our imap servers were generating a lot of A record lookups for their own IP's the other day and just got around to tracking down the source. Seems like they are all being caused by guid_128_generate() - perhaps the lookup could be cached at start up or it could just use make use of the hostname rather than spending the effort to get the IP via gethostbyname() calls. The function is used in a few other places too, so this might help more than just the stats plugin. nscd and/or host entries mitigate the total time spent on the lookup of course, but it seems unnecessary. -- Kelsey Cummings - k...@corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407