Re: [Dovecot] zlib plugin bug?
El 08/03/13 14:13, Jan Phillip Greimann escribió: Hi there, got a problem with the zlib plugin, just wanted to test it on a test-mailserver, configured like in the wiki (http://wiki2.dovecot.org/Plugins/Zlib) and restarted the server. I've send an email to a blank maildir++ mailbox, the file is saved as gzip compressed file, but the Z flag is missing in the filename. zlib plugin doesn't put any flag in messages. The Z flag mentioned in the wiki is one you could put if your are compressing an existing mailbox in order to know which files you have previously compressed. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información y las Comunicaciones Aplicadas (ATICA) http://www.um.es/atica Tfo: 868889150 Fax: 86337
[Dovecot] 2.2rc2 core dump
Hi,
using dovecot 2.2rc2 I got core dumps during IMAP subscription change if
the CONTROL directory (specified in mail_location) does not exists.
userdb_mail:
mbox:~/Test:INBOX=~/Test/heiko:INDEX=~/.imap/index:CONTROL=~/.imap/control
If ~/.imap/control does not exists, dovecot crashes. See below for log msg,
full backtrace and configuration.
Heiko
Heiko SchlichtingFreie Universität Berlin
heiko.schlicht...@fu-berlin.de Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstraße 32
Telefax +49 30 838454327 14195 Berlin
---
Mar 11 13:57:42 12:island dovecot: imap(heiko): Panic: file mailbox-list.c:
line 1066 (mailbox_list_try_mkdir_root): assertion failed: (strncmp(root_dir,
path, strlen(root_dir)) == 0)
Mar 11 13:57:42 13:island dovecot: imap(heiko): Error: Raw backtrace:
/home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60c8a) [0x7f12ad342c8a] -
/home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60cd6) [0x7f12ad342cd6] -
/home/dovecot/server/lib/dovecot/libdovecot.so.0(i_error+0) [0x7f12ad303faf] -
/home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(mailbox_list_try_mkdir_root+0x573)
[0x7f12ad61db43] -
/home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(mailbox_list_mkdir_root+0x12)
[0x7f12ad61db92] -
/home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(subsfile_set_subscribed+0x346)
[0x7f12ad62ff66] -
/home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(mailbox_list_set_subscribed+0x1b)
[0x7f12ad61aebb] -
/home/dovecot/server/lib/dovecot/libdovecot-storage.so.0(index_storage_set_subscribed+0x48)
[0x7f12ad63f3c8] - dovecot/imap [heiko 130.133.5.5
subscribe](cmd_subscribe_full+0xd8) [0x4129c8] - dovecot/imap [heiko
130.133.5.5 subscribe](command_exec+0x3d) [0x41604d] - dovecot/imap [heiko
130.133.5.5 subscribe]() [0x4151a0] - dovecot/imap [heiko 130.133.5.5
subscribe]() [0x41528d] - dovecot/imap [heiko 130.133.5.5
subscribe](client_handle_input+0x11d) [0x41550d] - dovecot/imap [heiko
130.133.5.5 subscribe](client_input+0x6f) [0x41588f] -
/home/dovecot/server/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x36)
[0x7f12ad3518f6] -
/home/dovecot/server/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0xaf)
[0x7f12ad35296f] -
/home/dovecot/server/lib/dovecot/libdovecot.so.0(io_loop_run+0x28)
[0x7f12ad351898] -
/home/dovecot/server/lib/dovecot/libdovecot.so.0(master_service_run+0x13)
[0x7f12ad308c03] - dovecot/imap [heiko 130.133.5.5 subscribe](main+0x2a7)
[0x41eb17] - /lib/libc.so.6(__libc_start_main+0xfd) [0x7f12acf9ec8d] -
dovecot/imap [heiko 130.133.5.5 subscribe]() [0x40b559]
Mar 11 13:57:42 12:island dovecot: imap(heiko): Fatal: master: service(imap):
child 387120 killed with signal 6 (core dumped)
---
Core was generated by `dovecot/imap'.
Program terminated with signal 6, Aborted.
#0 0x7f12acfb21b5 in *__GI_raise (sig=value optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
in ../nptl/sysdeps/unix/sysv/linux/raise.c
#0 0x7f12acfb21b5 in *__GI_raise (sig=value optimized out) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64
pid = value optimized out
selftid = value optimized out
#1 0x7f12acfb4fc0 in *__GI_abort () at abort.c:92
act = {__sigaction_handler = {sa_handler = 0x2, sa_sigaction = 0x2},
sa_mask = {__val = {139718192212334, 140734208616120, 140734208615824,
15504224, 139718192015737, 139718188100360, 139718199721984, 206158430224,
4294967295,
140734208615136, 1, 2826480, 0, 140734208615824, 15504224,
139718191620096}}, sa_flags = -1383389422, sa_restorer = 0x1}
sigs = {__val = {32, 0 repeats 15 times}}
#2 0x7f12ad342c9d in default_fatal_finish (type=value optimized out,
status=0) at failures.c:191
backtrace = 0xec93d0
/home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60c8a) [0x7f12ad342c8a] -
/home/dovecot/server/lib/dovecot/libdovecot.so.0(+0x60cd6) [0x7f12ad342cd6] -
/home/dovecot/server/lib/dovecot/libdoveco...
#3 0x7f12ad342cd6 in i_internal_fatal_handler (ctx=0x7fff3c832420,
format=value optimized out, args=value optimized out) at failures.c:652
status = 0
#4 0x7f12ad303faf in i_panic (format=0x5e830 Address 0x5e830 out of
bounds) at failures.c:263
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0}
args = {{gp_offset = 40, fp_offset = 48, overflow_arg_area =
0x7fff3c8324f0, reg_save_area = 0x7fff3c832430}}
#5 0x7f12ad61db43 in mailbox_list_try_mkdir_root (list=0xedfa30,
path=0xec9340 /home/heiko/.imap/control, type=MAILBOX_LIST_PATH_TYPE_CONTROL,
error_r=0x7fff3c8326b8) at mailbox-list.c:1066
root_dir = 0xec9360 /home/heiko/.imap/control/.imap
error = value optimized out
st = {st_dev = 0, st_ino = 139718191603264, st_nlink = 6471272, st_mode
= 63, st_uid = 0, st_gid =
Re: [Dovecot] zlib plugin bug?
Am 11.03.2013 08:05, schrieb Angel L. Mateo: zlib plugin doesn't put any flag in messages. The Z flag mentioned in the wiki is one you could put if your are compressing an existing mailbox in order to know which files you have previously compressed. Thank you. I noticed later that there is no Z-flag by default for compressed mails. I think it should be added to the plugin, but maybe it isn't possible. Greetings, Jan
[Dovecot] Random questions on backing up Dovecot
Hi, I've read a few threads about the subject, but I am hoping someone can comment on a few misunderstandings that I might have? It seems like doing a tar of the mail folder location then rsyncing it over to the backup location is the general idea. I plan to have dovecot create 6 virtual users using Maildir, located at /var/mail. A few specifics I am unclear on: 1) Someone here gave a descriptive outline on this here: http://www.dovecot.org/list/dovecot/2011-August/060368.html It's a bit silly, but does anyone have any comments about his suggestion on doing a 'tar cvf' first, then doing a gzip on that archive? Are the benefits really that great? 2) My lack of understanding of control files and index files contribute to this question. If I want to move to a new server and I only tar'd my /var/mail, how does this affect control files? Is it as simple as just copying pasting back into /var/mail on the new server, and then Dovecot will create new UUIDs for the messages? 3) How do I handle the case where the script is currently tarring/gzipping the entire /var/mail, but I receive a new mail during that period? What happens if I use thunderbird to delete a mail during the archiving process?
[Dovecot] Integrating with Drupal SQL db
Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
Re: [Dovecot] Integrating with Drupal SQL db
On 3/11/13 11:57 AM, i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix# As far as I understand Drupal uses salted passwords, so you would need to return the password + salt in the sql query. I am not sure what position the salt is offset for a password with Drupal, but that should be simple to determine looking at the source.
Re: [Dovecot] Integrating with Drupal SQL db
i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU This is not CRAM-MD5, is it? Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. This is what I get connecting to your server: Connected to stos.se. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 NAMESPACE ID AUTH=PLAIN AUTH=LOGIN UIDPLUS STARTTLS ACL METADATA] Debian-60-squeeze-64-minimal IMAP4rev1 Citadel 7.83 ready This is what I get connecting to mine: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready. I see no AUTH=CRAM-MD5 in capabilites of your server. Andreas
[Dovecot] doveadm password check
Hi,
I want to write some php code that users can change there dovecot
password via a roundcube plugin. I'm using php function crypt(...) to
generate the hashes and everything works well so far.
I'm using doveadm pw to generate testhashes e.g.:
srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc
{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y
I expected an ok when using -t the hash when entering abc as a
password, but I got:
srv:~ # doveadm pw -r 5 -s BLF-CRYPT -t
\{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y
Enter password to verify:
doveadm(root): Fatal: reverse password verification check failed:
Password mismatch
What went wrong?
Kind Regards
Thomas
Re: [Dovecot] Integrating with Drupal SQL db
Hello! I took the thread back to the list. Tobias Rådenholt tobias.radenh...@stos.se wrote: I think it is ssha512 hashing. It's not stos.se that's affected. It's swedishschoolinsydney.org.au Just found this: capabilities are 'IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED' meaning you can log in via STARTTLS but not via plaintext authentication. Does it have something to do woth your problem? Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Thanks! /Tobias Andreas i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU This is not CRAM-MD5, is it? Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. This is what I get connecting to your server: Connected to stos.se. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 NAMESPACE ID AUTH=PLAIN AUTH=LOGIN UIDPLUS STARTTLS ACL METADATA] Debian-60-squeeze-64-minimal IMAP4rev1 Citadel 7.83 ready This is what I get connecting to mine: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready. I see no AUTH=CRAM-MD5 in capabilites of your server. Andreas
Re: [Dovecot] doveadm password check
On 3/11/2013 12:20 PM, Thomas Pries wrote:
Hi,
I want to write some php code that users can change there dovecot
password via a roundcube plugin. I'm using php function crypt(...) to
generate the hashes and everything works well so far.
I'm using doveadm pw to generate testhashes e.g.:
srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc
{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y
I expected an ok when using -t the hash when entering abc as a
password, but I got:
srv:~ # doveadm pw -r 5 -s BLF-CRYPT -t
\{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y
Enter password to verify:
doveadm(root): Fatal: reverse password verification check failed:
Password mismatch
There are several bugs dealing with what you are doing. They are
currently in the works and will be fixed in a future release of Dovecot.
1) Crypt hashes should not have the {...} prefix. The $2a$ is the
prefix that specifies the Eksblowfish crypt hash, just like $1$
specifies the MD5 crypt hash. doveadm blindly puts the {...} in front
of all hashes, which is a bug. When the program goes to verify the
hash, it passes the entire string including the {...} part to crypt,
which fails, since it does not know what to do with it.
2) The Eksblowfish hash (the $2a$) was originally written on OpenBSD by
Niels Provos and David Mazières and was called Bcrypt (Bcrypt is the
correct name, not BLF-CRYPT as is used in Dovecot). It was rewritten by
Alexander Peslyak. This rewritten version became more popular with
Linux distros. This version, however, turned out to have a bug, which
Peslyak later fixed, but it means that $2a$ hashes were incompatible
based on which library they used: the original OpenBSD, or the buggy
Peslyak one. A new hash type, $2y was used to specify the correct hash.
Even OpenBSD switched to the new system to maintain compatibility,
even though their original libraries were correct.
Depending on whether your Eksblowfish (Bcrypt) libraries have been
updated or not, there could be a problem with the $2a$ hash.
First try to remove the {BLF-CRYPT} from your hash. It is not needed,
and may be enough for it to verify. If it still does not verify, then
you may have an issue with your crypt libraries. You might, then try
changing the $2a$ to $2y$ and see if that makes the Eksblowfish
libraries happy.
Dem
Re: [Dovecot] doveadm password check
On 03/11/2013 08:20 PM Thomas Pries wrote:
Hi,
I want to write some php code that users can change there dovecot
password via a roundcube plugin. I'm using php function crypt(...) to
generate the hashes and everything works well so far.
I'm using doveadm pw to generate testhashes e.g.:
srv:~ # doveadm pw -r 5 -s BLF-CRYPT -p abc
{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y
I expected an ok when using -t the hash when entering abc as a
password, but I got:
srv:~ # doveadm pw -r 5 -s BLF-CRYPT -t
\{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y
Enter password to verify:
doveadm(root): Fatal: reverse password verification check failed:
Password mismatch
What went wrong?
Usage would be:
doveadm pw -t
'{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y'
Your shell expands $2a and $05$W8… to empty strings. Therefore you
should single quotes around strings that contains the dollar sign.
Regards,
Pascal
--
The trapper recommends today: cafebabe.1307...@localdomain.org
Re: [Dovecot] doveadm password check
Hi,
On 11.03.2013 22:41, Pascal Volk wrote:
On 03/11/2013 08:20 PM Thomas Pries wrote:
I expected an ok ...
Usage would be:
doveadm pw -t
'{BLF-CRYPT}$2a$05$W82/Vw4ZEcHBC00M8cNwe.g8fOHuAeV7L5Q/q4W6VWl9V5kjoiz8y'
Your shell expands $2a and $05$W8… to empty strings
Thanks, sometimes it is hard to see the wood for the trees :-).
Re: [Dovecot] Integrating with Drupal SQL db
The issue is, drupal uses a custom password format. You could rewrite the password hashs that drupal uses, into a normal crypt ssha256 version, that dovecot will understand, but it will probably going be much easier, to just program it into dovecot to support it. http://joncave.co.uk/2011/01/password-storage-in-drupal-and-wordpress/ Quoting i...@stos.se: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
[Dovecot] dovecot virtual user 'unknown'...
Hi
I have a problem whereby Dovecot 1.0.7 is reporting that a recently setup
virtual user in /etc/dovecot_passdb is 'unknown'. I have been trying to
setup the user 'info' in a plaintext passwd-file /etc/dovecot_passdb as a
virtual user, ie non system user. I suspect I have not properly setup
'info' as a virtual imap user... if so, how should I do this?
Existing system users are in '/etc/passdb' and authenticate without
problems. System users have their home directory in
/home/system_user1/mail/.imap eg
/home/system_user1/mail/.imap/INBOX ...file is /var/spool/mail/systemuser1
/home/system_user1/mail/.imap/Sent ... file is in
/home/system_user1/mail/Sent
/home/system_user1/mail/.imap/Drafts... file is in
/home/system_user1/mail/Drafts
whereas the postfix virtual user's (username is 'info') mailbox is
configured as... call it /var/spool/mail/virtualusersdomain1/info
Postfix's virtual_mailbox_base = /var/spool/mail. The
virtual_mailbox_domains, including that of user 'info', are a subdirectory
of /var/spool/mail
This is the log entry produced when user 'info' attempts to login via
squirrelmail:
PLAIN service=IMAPsecured lip=:::127.0.0.1
rip=:::127.0.0.1resp=hidden
dovecot: Mar 12 00:32:40 Info: auth(default):
passwd-file(info,:::127.0.0.1): lookup: user=info
file=/etc/dovecot_passdb
dovecot: Mar 12 00:32:40 Info: auth(default):
passwd-file(info,:::127.0.0.1): unknown user
dovecot: Mar 12 00:32:40 Info: auth(default): pam(info,:::127.0.0.1):
lookup service=dovecot
dovecot: Mar 12 00:32:40 Info: auth(default): new auth connection: pid=569
dovecot: Mar 12 00:32:42 Info: auth(default): pam(info,:::127.0.0.1):
pam_authenticate() failed: Authentication failure
dovecot: Mar 12 00:32:42 Info: imap-login: Aborted login: user=info,
method=PLAIN, rip=:::127.0.0.1, lip=:::127.0.0.1, secured
dovecot: Mar 12 00:32:42 Info: auth(default): client out: FAIL 1
user=info
So, /etc/dovecot_passdb has ownership root:root, permissions 644 and only
the contents:
info:{PLAIN}Myplaintextpassword
I have tried logging in both as info and also as info@virtualusersdomain1
dovecot -n shows:
# 1.0.7: /etc/dovecot.conf
log_path: /var/log/dovecot.log
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_processes_count: 2
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
verbose: yes
debug: yes
passdb:
driver: passwd-file
args: /etc/dovecot_passdb
passdb:
driver: pam
userdb:
driver: passwd-file
args: home=/var/spool/mail/%d/%n mail=mbox:~/mail /etc/dovecot_passdb
userdb:
driver: passwd
args: /etc/passwd
This is all that was in orginally in /etc/dovecot.conf:
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
protocol imap {
}
protocol pop3 {
}
protocol lda {
}
auth default {
mechanisms = plain
}
passdb pam {
}
userdb passwd {
}
user = root
dict {
}
Dovecot runs as root.
Anyway, any advice would be great!
Thanks
Re: [Dovecot] Integrating with Drupal SQL db
Do you have any clue on how to rewrite Dovecot to support Drupal 7 hashes? I have a feeling this is going to become over my head. Regards Tobias On Mon, 11 Mar 2013 20:40:16 -0400, Patrick Domack patric...@patrickdk.com wrote: The issue is, drupal uses a custom password format. You could rewrite the password hashs that drupal uses, into a normal crypt ssha256 version, that dovecot will understand, but it will probably going be much easier, to just program it into dovecot to support it. http://joncave.co.uk/2011/01/password-storage-in-drupal-and-wordpress/ Quoting i...@stos.se: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. root@SSiS:/etc/postfix# dovecot --version 1.2.15 root@SSiS:/etc/postfix# dovecot -n # 1.2.15: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs log_timestamp: %Y-%m-%d %H:%M:%S login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: maildir:/home/vmail/ mbox_write_locks: fcntl dotlock auth default: verbose: yes debug: yes debug_passwords: yes passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd root@SSiS:/etc/postfix# root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$' /etc/dovecot/dovecot-sql.conf driver = mysql connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu default_pass_scheme = CRYPT password_query = SELECT name AS user, pass AS password FROM users WHERE name='%n' user_query = SELECT CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/') AS mail FROM users WHERE name='%n' root@SSiS:/etc/postfix# tail /var/log/mail.log Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection: pid=8593 Mar 11 16:17:51 SSiS dovecot: auth(default): client in: AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): lookup service=dovecot Mar 11 16:17:51 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password: Mar 11 16:17:54 SSiS dovecot: auth-worker(default): pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: Teacher1) Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password FROM users WHERE name='Teacher1' Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): Password mismatch Mar 11 16:17:54 SSiS dovecot: auth-worker(default): md5_verify(Teacher1): Not a valid MD5-CRYPT or PLAIN-MD5 password Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in passdb Mar 11 16:17:54 SSiS dovecot: auth-worker(default): sql(Teacher1,127.0.0.1): CRYPT(Teacher1) != '$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU' Mar 11 16:17:56 SSiS dovecot: auth(default): client out: FAIL#0111#011user=Teacher1 Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection: pid=9075 Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured root@SSiS:/etc/postfix#
Re: [Dovecot] Integrating with Drupal SQL db
Hi! I dont know if thats related. The specific error message in the log is that the hash is not a valid one. Regards Tobias On Mon, 11 Mar 2013 20:38:39 +0100, Andreas Meyer anme...@anup.de wrote: Hello! I took the thread back to the list. Tobias Rådenholt tobias.radenh...@stos.se wrote: I think it is ssha512 hashing. It's not stos.se that's affected. It's swedishschoolinsydney.org.au Just found this: capabilities are 'IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS LOGINDISABLED' meaning you can log in via STARTTLS but not via plaintext authentication. Does it have something to do woth your problem? Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Thanks! /Tobias Andreas i...@stos.se wrote: Hi I'm trying to get Dovecot to use Drupal users password for authenticating IMAP users. But I just cant figure out how to make Dovecot understand the password hash type that Drupal 7 is using. My example user with password Teacher1 looks like this in Drupal database: $S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU This is not CRAM-MD5, is it? Dovecot retrieves this hash but complains that its not a recognized hash type, or that the hash is wrong, depending on if I change the default hash type in Dovecot config. Any help appreciated. This is what I get connecting to your server: Connected to stos.se. Escape character is '^]'. * OK [CAPABILITY IMAP4REV1 NAMESPACE ID AUTH=PLAIN AUTH=LOGIN UIDPLUS STARTTLS ACL METADATA] Debian-60-squeeze-64-minimal IMAP4rev1 Citadel 7.83 ready This is what I get connecting to mine: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5] Dovecot ready. I see no AUTH=CRAM-MD5 in capabilites of your server. Andreas
Re: [Dovecot] Integrating with Drupal SQL db
Hi again,
this is what I've found regarding how Drupal 7 hashes.
$hash = md5($salt . $password, TRUE);
do {
$hash = md5($hash . $password, TRUE);
} while (--$count);
The whole final hash value is encoded into 16 base64 characters and
prepended by an identifying string, the standard phpass MD5 mode uses $P$
(Drupal’s modified version uses $S$ to indicate SHA-512) and a single
base64 character to indicate the number of MD5 iterations used. Examples of
a hashed password are:
# Drupal 7 hash
$S$CgwilRJS4VIF1.2y0R7B4qkXJ8F8SJPcuvXRKGlMWESVXMST.5n4
WordPress 3.0.4 uses the phpass default of 8193 iterations ($count being
8192) and Drupal 7 uses 16385 — notice that the Drupal password has C
after the identifier whereas WordPress has B, converted from crypt style
base64 (character set [./0-9A-Za-z]) these are 14 and 13 respectively, then
take 214 + 1 = 16385. A John the Ripper benchmark, after patching and
enabling the usage of phpass portable passwords (WordPress style, 8193
iterations), quotes approximately 700 passwords checked per second.
Can I use this inforamtion to make Dovecot understand how to interpret the
hash?
Thanks!
Regards
Tobias
On Mon, 11 Mar 2013 14:00:22 -0500, l...@airstreamcomm.net
l...@airstreamcomm.net wrote:
On 3/11/13 11:57 AM, i...@stos.se wrote:
Hi
I'm trying to get Dovecot to use Drupal users password for
authenticating
IMAP users. But I just cant figure out how to make Dovecot understand
the
password hash type that Drupal 7 is using.
My example user with password Teacher1 looks like this in Drupal
database:
$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU
Dovecot retrieves this hash but complains that its not a recognized hash
type, or that the hash is wrong, depending on if I change the default
hash
type in Dovecot config.
Any help appreciated.
root@SSiS:/etc/postfix# dovecot --version
1.2.15
root@SSiS:/etc/postfix# dovecot -n
# 1.2.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-12-pve i686 Debian 6.0.7 simfs
log_timestamp: %Y-%m-%d %H:%M:%S
login_dir: /var/run/dovecot/login
login_executable: /usr/lib/dovecot/imap-login
mail_privileged_group: mail
mail_location: maildir:/home/vmail/
mbox_write_locks: fcntl dotlock
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: pam
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: passwd
root@SSiS:/etc/postfix#
root@SSiS:/etc/postfix# grep -v '^ *\(#.*\)\?$'
/etc/dovecot/dovecot-sql.conf
driver = mysql
connect = host=127.0.0.1 dbname=Drupal user=Dru_Adm password=localu
default_pass_scheme = CRYPT
password_query = SELECT name AS user, pass AS password FROM users WHERE
name='%n'
user_query = SELECT
CONCAT(SUBSTRING_INDEX(mail,'@',-1),'/',SUBSTRING_INDEX(mail,'@',1),'/')
AS
mail FROM users WHERE name='%n'
root@SSiS:/etc/postfix# tail /var/log/mail.log
Mar 11 16:17:42 SSiS dovecot: auth(default): new auth connection:
pid=8593
Mar 11 16:17:51 SSiS dovecot: auth(default): client in:
AUTH#0111#011PLAIN#011service=imap#011secured#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=52316#011resp=AFRlYWNoZXIxAFRlYWNoZXIx
Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): lookup service=dovecot
Mar 11 16:17:51 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): #1/1 style=1 msg=Password:
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
pam(Teacher1,127.0.0.1): pam_authenticate() failed: Authentication
failure
(password mismatch?) (given password: Teacher1)
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): query: SELECT name AS user, pass AS password
FROM
users WHERE name='Teacher1'
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): Password mismatch
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
md5_verify(Teacher1):
Not a valid MD5-CRYPT or PLAIN-MD5 password
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default): Invalid OTP data in
passdb
Mar 11 16:17:54 SSiS dovecot: auth-worker(default):
sql(Teacher1,127.0.0.1): CRYPT(Teacher1) !=
'$S$DZwJa.U8HXT2PvTmwCK13rGEYEvnx5DB6/hlqnfCBum4s4U7MVWU'
Mar 11 16:17:56 SSiS dovecot: auth(default): client out:
FAIL#0111#011user=Teacher1
Mar 11 16:18:01 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (auth failed, 1 attempts): user=Teacher1, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, secured
Mar 11 16:32:36 SSiS dovecot: auth(default): new auth connection:
pid=9075
Mar 11 16:32:41 SSiS dovecot: imap-login: Disconnected: Too many invalid
commands (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
root@SSiS:/etc/postfix#
As far as I understand Drupal uses salted passwords, so you would need
to return the password + salt in the sql query. I am not sure what
position the salt is offset for a password with Drupal, but that
[Dovecot] stats plugins causing dns lookup per connection
I noticed our imap servers were generating a lot of A record lookups for their own IP's the other day and just got around to tracking down the source. Seems like they are all being caused by guid_128_generate() - perhaps the lookup could be cached at start up or it could just use make use of the hostname rather than spending the effort to get the IP via gethostbyname() calls. The function is used in a few other places too, so this might help more than just the stats plugin. nscd and/or host entries mitigate the total time spent on the lookup of course, but it seems unnecessary. -- Kelsey Cummings - k...@corp.sonic.net sonic.net, inc. System Architect 2260 Apollo Way 707.522.1000 Santa Rosa, CA 95407
