STARTTLS test (was Re: No AUTH PLAIN with dovecot 2.0.19)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 29 Sep 2014, Reindl Harald wrote: Am 29.09.2014 um 15:21 schrieb Michael Wechner: hence I would assume to see it also for the new version of postfix and dovecot, or do I misunderstand something? if the server is configured in a way it offers AUTH only over a encrypted channel (recommended) then you need to use STARTTLS before you see the capability and for that telnet is just the wrong tool To test STARTTLS try this: a) gnutls-cli -p 587 --starttls smtp STARTTLS ^D The ^D lets gnutls perform the SSL handshake, then you can type again. b) openssl s_client -connect smtp:587 -starttls smtp - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVCpMpnz1H7kL/d9rAQKMWQgAvT1r7TZpGX6kTPne8P/nrKKbGivJZAqo PoET7l/y7Yf/DW1VC1pgQg6pNYBAbUndTnczJz2nRmLMYNjjO7SV9GBWzMIJzZPj F7A5tN5+LV7y+2KDKM2U49E4jSe7ocm6GGFKTxl4gAegKJZU0S2KMZ3YnA8Wessl rKwgVnL8gau8H3SP7lNdi9V2WvuO4YITXt9l/gmKLlYJqly3JGEOYP714kqY5AcW 2R2h3DO9H61Mr//hlSiNslKOlYAMSkNeqjnntzzUxvcSzBub68Yx0wuP0gYROYJ0 CVbpYiAV3sfUdkK9ZG+c2Lfezrm+FicN7LYiMF88pH3EWQsLcCStjA== =isXw -END PGP SIGNATURE-
"doveadm sync/backup" should show some kind of progress meter
Using "-v" with those commands doesn't nothing, aparently. Using "-D" shows complex debug info only useful for debugging. But this comands take a lot of time and should show some kind of progress meter/feedback like network speed, percent, ETA, etc. -- Jesús Cea Avión _/_/ _/_/_/_/_/_/ j...@jcea.es - http://www.jcea.es/ _/_/_/_/ _/_/_/_/ _/_/ Twitter: @jcea_/_/_/_/ _/_/_/_/_/ jabber / xmpp:j...@jabber.org _/_/ _/_/_/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/_/_/ _/_/_/_/ _/_/ "My name is Dump, Core Dump" _/_/_/_/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz signature.asc Description: OpenPGP digital signature
"doveadm sync/backup" and SSH should use "ssh-agent" if available
I use SSH-AGENT in my system, to cache SSH credentials and avoid typing my key every time I connect to a remoto host. But "doveadm sync/backup", when one of the ends is SSH accessed, doesn't use the available SSH-AGENT and forces me to type my password. -- Jesús Cea Avión _/_/ _/_/_/_/_/_/ j...@jcea.es - http://www.jcea.es/ _/_/_/_/ _/_/_/_/ _/_/ Twitter: @jcea_/_/_/_/ _/_/_/_/_/ jabber / xmpp:j...@jabber.org _/_/ _/_/_/_/ _/_/ _/_/ "Things are not so easy" _/_/ _/_/_/_/ _/_/_/_/ _/_/ "My name is Dump, Core Dump" _/_/_/_/_/_/ _/_/ _/_/ "El amor es poner tu felicidad en la felicidad de otro" - Leibniz signature.asc Description: OpenPGP digital signature
Re: No AUTH PLAIN with dovecot 2.0.19
Am 29.09.2014 um 20:45 schrieb Michael Wechner: > thanks very much for your configuration. It seems with dovecot 2.0.19 > the configuration has changed quite a bit > and things have been splitted into several files it's your choice to have one dovecot.conf containing all settings and is independent of the version frankly my self built RPM deletes all config files before the %files section to have no orphaned / unused crap on the production machines and the one and only configuration is "dovecot.conf" signature.asc Description: OpenPGP digital signature
Re: No AUTH PLAIN with dovecot 2.0.19
Hi Robert Thank you for your hint! Michael Am 29.09.14 16:09, schrieb Robert Schetterer: > Am 29.09.2014 um 14:53 schrieb Michael Wechner: >> Hi >> >> I have installed the package dovecot-postfix on Ubuntu 12.04 LTS: >> >> dovecot --version: 2.0.19 >> postconf -d | grep version: 2.9.6 >> >> and receiving email works very fine, but relaying email does not work. >> >> I think the problem is that after STARTTLS the authentication is not >> being executed >> >> 250-AUTH PLAIN >> 250-AUTH=PLAIN >> >> which means using telnet returns >> >> telnet mx2.wyona.com 587 >> Trying 50.116.54.197... >> Connected to node3.wyona.com. >> Escape character is '^]'. >> 220 node3.members.linode.com ESMTP Postfix (Ubuntu) >> EHLO letscallitevil.com >> 250-node3.members.linode.com >> 250-PIPELINING >> 250-SIZE 1024 >> 250-VRFY >> 250-ETRN >> 250-STARTTLS >> 250-ENHANCEDSTATUSCODES >> 250-8BITMIME >> 250 DSN >> >> So far I have used dovecot version 1.2.9, which works very fine, but the >> configuration >> >> /etc/dovecot/dovecot.conf >> >> seems to be very different in the case of dovecot version 2.0.19. >> >> I have checked all kind of tutorials for several days now, like for example >> >> https://help.ubuntu.com/10.04/serverguide/postfix.html >> >> but nothing helped. >> >> Any pointers or help is very much appreciated. >> >> Thanks >> >> Michael >> > However you might fix that problem , it would better go Trusty > which has more recent version > > http://packages.ubuntu.com/trusty/dovecot-core > > 2.2.9 > > > Best Regards > MfG Robert Schetterer >
Re: "doveadm backup/sync" are badly documented (SOLVED AND BUG REPORT!)
On 09/29/2014 12:15 AM, Jesus Cea wrote: > … >> $ doveadm backup -h >> backup: invalid option -- 'h' >> doveadm backup [-u |-A] [-S ] [-dfR] [-l ] [-r >> ] [-m ] [-n | -N] [-x ] [-s >> ] >> >> I can't find any explanation at all about the different parameters of >> "doveadm backup". > > Please, document. > … That's my task. I hope I'll find the time to write the fine manual until this weekend. Regards, Pascal -- The trapper recommends today: beeffeed.1427...@localdomain.org
Re: No AUTH PLAIN with dovecot 2.0.19
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
thanks very much for your configuration. It seems with dovecot 2.0.19
the configuration has changed quite a bit
and things have been splitted into several files
(http://wiki2.dovecot.org/QuickConfiguration)
sudo grep -rl postfix /etc/dovecot/*
/etc/dovecot/conf.d/10-master.conf
/etc/dovecot/conf.d/01-mail-stack-delivery.conf
and included inside dovecot.conf (!include conf.d/*.conf)
I finally found that auth_debug is inside
/etc/dovecot/conf.d/10-logging.conf
I will turn on the logging and hopefully better understand what is
happening.
Thanks
Michael
Am 29.09.14 16:00, schrieb Reindl Harald:
>
> Am 29.09.2014 um 15:51 schrieb Michael Wechner:
>> Am 29.09.14 15:30, schrieb Reindl Harald:
>>
>>> Am 29.09.2014 um 15:21 schrieb Michael Wechner:
Hi Harald
Thanks very much for your quick reply. Please see my answers inline
below
> telnet is worthless because AUTH is likely announced *after STARTTLS*
> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
right, but when requesting for example mail.wyona.com, then I can see
>> AUTH
>>
>>> depends on the servers configuration
>>
hence I would assume to see it also for the new version of postfix
and dovecot, or do I misunderstand something?
>>
>>> yes, you did not read
>> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>>
>>> if the server is configured in a way it offers AUTH only
>>> over a encrypted channel (recommended) then you need to
>>> use STARTTLS before you see the capability and for that
>>> telnet is just the wrong tool
>>
>> the new server config reads (postfix mail_version = 2.7.0):
>>
>> smtpd_sasl_auth_enable = yes
>> smtpd_sasl_type = dovecot
>> smtpd_sasl_path = private/dovecot-auth
>> smtpd_sasl_authenticated_header = yes
>> smtpd_sasl_security_options = noanonymous
>> smtpd_sasl_local_domain = $myhostname
>> broken_sasl_auth_clients = yes
>> smtpd_recipient_restrictions = reject_unknown_sender_domain,
>> reject_unknown_recipient_domain, reject_unauth_pipelining,
>> permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
>> smtpd_sender_restrictions = reject_unknown_sender_domain
>
> * check postfix master.cf for chroot - only explicit "n" disabled it
> * check configuration of the private/dovecot-auth (permissions and so on)
> * look at your logs careful
>
>
> that is my part in dovecot.conf:
>
> service auth {
> unix_listener /var/spool/postfix/private/auth {
> mode = 0660
> user = postfix
> group = postfix
> }
> }
>
>
> that's my part in postfix's main.cf:
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/auth
>
>
> well, both are unchanged for a very long time and survived
> a lot of dist-upgrades (Fedora) as well as Dovecot/Postfix
>
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQEcBAEBCgAGBQJUKaixAAoJECV0ivYw6bPKtjAH/AiMIS4I0+8q8vqJYwzs9Pzr
LgQfe/O9O6HwtL0u63bkZ8SPslxKUxhpl9dmv6HcodfGxHSkaGdlcVS96o6ynjS4
rcWoco6qQ0PsRiJTT1x2IGqO8mPQgH9ovHmI+6ZKAqjWi4S8iFT6G/D6tdtmikME
GqW2p2r0mE4xyn0RwU6IWb+cxEYPq3X/8GuSbQsO3Ux0AcejUBgI1ex9xfHM8xhi
vfxPDNY9M1s/l+lwBiEqAjkwe99cOpuBPr9u9Mg6WS3+fGwa+Di642ZeZAy3SB63
/wYtLProbJ7enHar7t0sEb0/WvpqUvchNunlw3R1KRe/RhMSbxKYY0x4t6WLSGo=
=MLa2
-END PGP SIGNATURE-
Re: No AUTH PLAIN with dovecot 2.0.19
Am 29.09.2014 um 14:53 schrieb Michael Wechner: > Hi > > I have installed the package dovecot-postfix on Ubuntu 12.04 LTS: > > dovecot --version: 2.0.19 > postconf -d | grep version: 2.9.6 > > and receiving email works very fine, but relaying email does not work. > > I think the problem is that after STARTTLS the authentication is not > being executed > > 250-AUTH PLAIN > 250-AUTH=PLAIN > > which means using telnet returns > > telnet mx2.wyona.com 587 > Trying 50.116.54.197... > Connected to node3.wyona.com. > Escape character is '^]'. > 220 node3.members.linode.com ESMTP Postfix (Ubuntu) > EHLO letscallitevil.com > 250-node3.members.linode.com > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN > > So far I have used dovecot version 1.2.9, which works very fine, but the > configuration > > /etc/dovecot/dovecot.conf > > seems to be very different in the case of dovecot version 2.0.19. > > I have checked all kind of tutorials for several days now, like for example > > https://help.ubuntu.com/10.04/serverguide/postfix.html > > but nothing helped. > > Any pointers or help is very much appreciated. > > Thanks > > Michael > However you might fix that problem , it would better go Trusty which has more recent version http://packages.ubuntu.com/trusty/dovecot-core 2.2.9 Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: No AUTH PLAIN with dovecot 2.0.19
Am 29.09.2014 um 15:51 schrieb Michael Wechner:
> Am 29.09.14 15:30, schrieb Reindl Harald:
>
>> Am 29.09.2014 um 15:21 schrieb Michael Wechner:
>>>
>>> Hi Harald
>>>
>>> Thanks very much for your quick reply. Please see my answers inline below
>>>
telnet is worthless because AUTH is likely announced *after STARTTLS*
http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>>>
>>> right, but when requesting for example mail.wyona.com, then I can see
> AUTH
>
>> depends on the servers configuration
>
>>> hence I would assume to see it also for the new version of postfix
>>> and dovecot, or do I misunderstand something?
>
>> yes, you did not read
> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>
>> if the server is configured in a way it offers AUTH only
>> over a encrypted channel (recommended) then you need to
>> use STARTTLS before you see the capability and for that
>> telnet is just the wrong tool
>
> the new server config reads (postfix mail_version = 2.7.0):
>
> smtpd_sasl_auth_enable = yes
> smtpd_sasl_type = dovecot
> smtpd_sasl_path = private/dovecot-auth
> smtpd_sasl_authenticated_header = yes
> smtpd_sasl_security_options = noanonymous
> smtpd_sasl_local_domain = $myhostname
> broken_sasl_auth_clients = yes
> smtpd_recipient_restrictions = reject_unknown_sender_domain,
> reject_unknown_recipient_domain, reject_unauth_pipelining,
> permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
> smtpd_sender_restrictions = reject_unknown_sender_domain
* check postfix master.cf for chroot - only explicit "n" disabled it
* check configuration of the private/dovecot-auth (permissions and so on)
* look at your logs careful
that is my part in dovecot.conf:
service auth {
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}
}
that's my part in postfix's main.cf:
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
well, both are unchanged for a very long time and survived
a lot of dist-upgrades (Fedora) as well as Dovecot/Postfix
signature.asc
Description: OpenPGP digital signature
Re: No AUTH PLAIN with dovecot 2.0.19
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Am 29.09.14 15:30, schrieb Reindl Harald: > > > Am 29.09.2014 um 15:21 schrieb Michael Wechner: >> >> Hi Harald >> >> Thanks very much for your quick reply. Please see my answers inline below >> >>> telnet is worthless because AUTH is likely announced *after STARTTLS* >>> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options >> >> right, but when requesting for example mail.wyona.com, then I can see AUTH > > depends on the servers configuration > >> hence I would assume to see it also for the new version of postfix >> and dovecot, or do I misunderstand something? > > yes, you did not read http://www.postfix.org/postconf.5.html#smtp_sasl_security_options > > if the server is configured in a way it offers AUTH only > over a encrypted channel (recommended) then you need to > use STARTTLS before you see the capability and for that > telnet is just the wrong tool the new server config reads (postfix mail_version = 2.7.0): smtpd_sasl_auth_enable = yes smtpd_sasl_type = dovecot smtpd_sasl_path = private/dovecot-auth smtpd_sasl_authenticated_header = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_local_domain = $myhostname broken_sasl_auth_clients = yes smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sender_restrictions = reject_unknown_sender_domain and the old server config reads: smtpd_sasl_type = dovecot smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_path = private/auth broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_recipient_domain, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_hostname, reject_unknown_sender_domain, reject_rbl_client multi.uribl.com, reject_rbl_client bl.spamcop.net, reject_rbl_client opm.blitzed.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client dnsbl.njabl.org which means both configs are using smtpd_sasl_security_options = noanonymous But also when I am not using telnet, but Thunderbird for example, with the new server I never receive a dialog to enter a password as I do with the old server. This is the reason why I started to have the idea that no authentication is being requested in the first place (and hence the relay was rejected). Thanks Michael -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUKWPtAAoJECV0ivYw6bPK/7YIAOPn+52CYWaC8KJsa6FULKSF SzilCnplLC23mRYLhQ1bnvttOMXq2XpASmh/egmkaYC49SDYfpCzawzSUn2Z3IkK KqQbUOU79t9Qc4lTgINKwuRdWrrmx7pB9iH4IggjLfWsaCOM/1yqo6Ir55A+bm0t VWk/U69rWixv0/QBNMqmcp0snJcgjYPh5HtQUHGk1bWZ4LlYwao3wonPJr4pedTo bcwq3SN7rKWCE4V4DBc6luJhqlSudMI37oCYaIw4FYyNZfYEoi4gUMfjeeHVZHrQ VGCaZPusr61GJDF2WxUw4bfoHTBvxsiBqmmaDKy00QrwJGwESI9Mabs9KJS5Mwc= =QGL9 -END PGP SIGNATURE-
Re: No AUTH PLAIN with dovecot 2.0.19
Am 29.09.2014 um 15:21 schrieb Michael Wechner: > > Hi Harald > > Thanks very much for your quick reply. Please see my answers inline below > >> telnet is worthless because AUTH is likely announced *after STARTTLS* >> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options > > right, but when requesting for example mail.wyona.com, then I can see AUTH depends on the servers configuration > hence I would assume to see it also for the new version of postfix > and dovecot, or do I misunderstand something? yes, you did not read http://www.postfix.org/postconf.5.html#smtp_sasl_security_options if the server is configured in a way it offers AUTH only over a encrypted channel (recommended) then you need to use STARTTLS before you see the capability and for that telnet is just the wrong tool signature.asc Description: OpenPGP digital signature
Re: No AUTH PLAIN with dovecot 2.0.19
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi Harald Thanks very much for your quick reply. Please see my answers inline below Am 29.09.14 15:01, schrieb Reindl Harald: > > Am 29.09.2014 um 14:53 schrieb Michael Wechner: >> I have installed the package dovecot-postfix on Ubuntu 12.04 LTS: >> >> dovecot --version: 2.0.19 >> postconf -d | grep version: 2.9.6 >> >> and receiving email works very fine, but relaying email does not work. >> >> I think the problem is that after STARTTLS the authentication is not >> being executed >> >> 250-AUTH PLAIN >> 250-AUTH=PLAIN >> >> which means using telnet returns > > telnet is worthless because AUTH is likely announced *after STARTTLS* > http://www.postfix.org/postconf.5.html#smtp_sasl_security_options right, but when requesting for example mail.wyona.com, then I can see AUTH telnet mail.wyona.com 587 Trying 195.226.6.75... Connected to mx1.wyona.com. Escape character is '^]'. 220 mail.wyona.com ESMTP Postfix (Ubuntu) EHLO wyona.com 250-mail.wyona.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN 250-AUTH=PLAIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN quit 221 2.0.0 Bye Connection closed by foreign host. or also when using ngrep T 195.226.6.75:587 -> 10.10.1.102:58990 [AP] 250-mail.wyona.com..250-PIPELINING..250-SIZE 1024..250-VRFY..250-ETRN..250-STARTTLS..250-AUTH PLAIN..250-AUTH=PLAIN..250-ENHANCEDSTATUSCODES. .250-8BITMIME..250 DSN.. hence I would assume to see it also for the new version of postfix and dovecot, or do I misunderstand something? > > >> telnet mx2.wyona.com 587 >> Trying 50.116.54.197... >> Connected to node3.wyona.com. >> Escape character is '^]'. >> 220 node3.members.linode.com ESMTP Postfix (Ubuntu) > > oh my god, another server in the linode-zombie network > that's bad neigbourhood and you should avoid a PTR > ending with "members.linode.com" which is generic > and here blocked because i have never seen any legit > mail from Linode but 24 hours each day attacks or > spam delivery attempts > > http://www.mxpolice.com/email-security/importance-of-ptr-records-for-reliable-mail-delivery/ thanks for pointing this out. I have set it now according to https://www.linode.com/docs/networking/dns/adding-dns-records/ and it should work within the next 24 hours (at least that's what linode says). Thanks Michael > > >> EHLO letscallitevil.com >> 250-node3.members.linode.com >> 250-PIPELINING >> 250-SIZE 1024 >> 250-VRFY >> 250-ETRN >> 250-STARTTLS >> 250-ENHANCEDSTATUSCODES >> 250-8BITMIME >> 250 DSN > -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUKVzlAAoJECV0ivYw6bPKk+wIAN/Xkj/GfHmEiCE0bTBxGoAU l9opgJT9f/zIX0hSt9NI0Pj+B12dKiseCCO/dA4GiBCmiODNe4IsNqbqgCYpckHD iSkq7X+93jOoHmtdBjyP2Oo1X9OvRy+AcaFFCFABMr3PqNjF9qMSSJMUOToQFuVv uL2ops2zQX5PaUhZ1z/FhHHVHAyyIQgRG+CWr9GNSsZQodF29wu12bQM7Cf9cO0A 49gjymXKkxDtrnSNrjlWD6DF62iA0O1/Z/xAUcySkxUOY9q0ziRxvARynr3iI/Au W9BVlE88/aYb1CUJORnrEMdj2Whad45n7fF4ui/uGocjCAni58R21wJDVYpWlWw= =/0db -END PGP SIGNATURE-
Re: No AUTH PLAIN with dovecot 2.0.19
Am 29.09.2014 um 15:01 schrieb Reindl Harald:
> Am 29.09.2014 um 14:53 schrieb Michael Wechner:
>> which means using telnet returns
>
> telnet is worthless because AUTH is likely announced *after STARTTLS*
> http://www.postfix.org/postconf.5.html#smtp_sasl_security_options
>
>> telnet mx2.wyona.com 587
>> Trying 50.116.54.197...
>> Connected to node3.wyona.com.
>> Escape character is '^]'.
>> 220 node3.members.linode.com ESMTP Postfix (Ubuntu)
>
> oh my god, another server in the linode-zombie network
> that's bad neigbourhood and you should avoid a PTR
> ending with "members.linode.com" which is generic
> and here blocked because i have never seen any legit
> mail from Linode but 24 hours each day attacks or
> spam delivery attempts
>
> http://www.mxpolice.com/email-security/importance-of-ptr-records-for-reliable-mail-delivery/
errata, with "node" at the begin: luck
/^li[0-9]{1,3}[\.\-][0-9]{1,3}\.members\.linode\.com$/ REJECT Generic
DNS-Reverse-Lookup
>> EHLO letscallitevil.com
>> 250-node3.members.linode.com
>> 250-PIPELINING
>> 250-SIZE 1024
>> 250-VRFY
>> 250-ETRN
>> 250-STARTTLS
>> 250-ENHANCEDSTATUSCODES
>> 250-8BITMIME
>> 250 DSN
signature.asc
Description: OpenPGP digital signature
Re: Master user and invalid credentials dovecot-2.2.13
Hi,
As you are performing the tests?
Would post the debug log?
Cheers,
Clóvis
Em 29-09-2014 05:08, Götz Reinicke - IT Koordinator escreveu:
Hi,
I followed the docs from the dovecot wiki
(http://wiki2.dovecot.org/Authentication/MasterUsers) and still have
some problem:
1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf
2. htpasswd -b -c -s to create user/password for a masteruseruser
3. checked auth-master.conf.ext
When I try to test the login, I always get an "invalid credentials" in
the logs with auth_debug=yes set.
dovecot can read /etc/dovecot/master-users
The users are in ldap.
The example wiki shows the passwords {SHA1}, in my password file
they are {SHA}
The "master user" posting in september gave some clues what might be
wrong, but did not help to solve my problem.
Any suggestions are welcome! Thanks and regards. Götz
--
Clovis Tristao - UNICAMP/Faculdade de Engenharia Agricola
Administrador de Redes - Secao de Informatica (SINFO)
E-mail: clo...@feagri.unicamp.br http://www.feagri.unicamp.br
MSN: clovis_trista...@hotmail.com
Fone: 55(19) 35211031-35211038-35211047-91173116
Re: No AUTH PLAIN with dovecot 2.0.19
Am 29.09.2014 um 14:53 schrieb Michael Wechner: > I have installed the package dovecot-postfix on Ubuntu 12.04 LTS: > > dovecot --version: 2.0.19 > postconf -d | grep version: 2.9.6 > > and receiving email works very fine, but relaying email does not work. > > I think the problem is that after STARTTLS the authentication is not > being executed > > 250-AUTH PLAIN > 250-AUTH=PLAIN > > which means using telnet returns telnet is worthless because AUTH is likely announced *after STARTTLS* http://www.postfix.org/postconf.5.html#smtp_sasl_security_options > telnet mx2.wyona.com 587 > Trying 50.116.54.197... > Connected to node3.wyona.com. > Escape character is '^]'. > 220 node3.members.linode.com ESMTP Postfix (Ubuntu) oh my god, another server in the linode-zombie network that's bad neigbourhood and you should avoid a PTR ending with "members.linode.com" which is generic and here blocked because i have never seen any legit mail from Linode but 24 hours each day attacks or spam delivery attempts http://www.mxpolice.com/email-security/importance-of-ptr-records-for-reliable-mail-delivery/ > EHLO letscallitevil.com > 250-node3.members.linode.com > 250-PIPELINING > 250-SIZE 1024 > 250-VRFY > 250-ETRN > 250-STARTTLS > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN signature.asc Description: OpenPGP digital signature
No AUTH PLAIN with dovecot 2.0.19
Hi I have installed the package dovecot-postfix on Ubuntu 12.04 LTS: dovecot --version: 2.0.19 postconf -d | grep version: 2.9.6 and receiving email works very fine, but relaying email does not work. I think the problem is that after STARTTLS the authentication is not being executed 250-AUTH PLAIN 250-AUTH=PLAIN which means using telnet returns telnet mx2.wyona.com 587 Trying 50.116.54.197... Connected to node3.wyona.com. Escape character is '^]'. 220 node3.members.linode.com ESMTP Postfix (Ubuntu) EHLO letscallitevil.com 250-node3.members.linode.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN So far I have used dovecot version 1.2.9, which works very fine, but the configuration /etc/dovecot/dovecot.conf seems to be very different in the case of dovecot version 2.0.19. I have checked all kind of tutorials for several days now, like for example https://help.ubuntu.com/10.04/serverguide/postfix.html but nothing helped. Any pointers or help is very much appreciated. Thanks Michael
Re: Master user and invalid credentials dovecot-2.2.13
Am 29.09.2014 um 10:08 schrieb Götz Reinicke - IT Koordinator:
> Hi,
>
> I followed the docs from the dovecot wiki
> (http://wiki2.dovecot.org/Authentication/MasterUsers) and still have
> some problem:
>
> 1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf
> 2. htpasswd -b -c -s to create user/password for a masteruseruser
> 3. checked auth-master.conf.ext
>
> When I try to test the login, I always get an "invalid credentials" in
> the logs with auth_debug=yes set.
>
> dovecot can read /etc/dovecot/master-users
>
> The users are in ldap.
>
> The example wiki shows the passwords {SHA1}, in my password file
> they are {SHA}
>
> The "master user" posting in september gave some clues what might be
> wrong, but did not help to solve my problem.
>
>
> Any suggestions are welcome! Thanks and regards. Götz
>
hm perhaps this helps
https://sys4.de/de/blog/2013/02/11/master-user-dovecot-isp-layout-mit-postfixadmin/
but looks like some password problem what do you use plain/login etc ?
http://wiki2.dovecot.org/Authentication/Mechanisms
http://wiki2.dovecot.org/Authentication/PasswordSchemes
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Master user and invalid credentials dovecot-2.2.13
Hi,
I followed the docs from the dovecot wiki
(http://wiki2.dovecot.org/Authentication/MasterUsers) and still have
some problem:
1. uncommented "!include auth-ldap.conf.ext" in 10-auth.conf
2. htpasswd -b -c -s to create user/password for a masteruseruser
3. checked auth-master.conf.ext
When I try to test the login, I always get an "invalid credentials" in
the logs with auth_debug=yes set.
dovecot can read /etc/dovecot/master-users
The users are in ldap.
The example wiki shows the passwords {SHA1}, in my password file
they are {SHA}
The "master user" posting in september gave some clues what might be
wrong, but did not help to solve my problem.
Any suggestions are welcome! Thanks and regards. Götz
--
Götz Reinicke
IT-Koordinator
Tel. +49 7141 969 82 420
E-Mail goetz.reini...@filmakademie.de
Filmakademie Baden-Württemberg GmbH
Akademiehof 10
71638 Ludwigsburg
www.filmakademie.de
Eintragung Amtsgericht Stuttgart HRB 205016
Vorsitzender des Aufsichtsrats: Jürgen Walter MdL
Staatssekretär im Ministerium für Wissenschaft,
Forschung und Kunst Baden-Württemberg
Geschäftsführer: Prof. Thomas Schadt
smime.p7s
Description: S/MIME Cryptographic Signature
Imap: Panic: UID 13737 lost unexpectedly from INBOX
Hi,
today I got an panic in imap proccess.
Details are:
Dovecot Version:
ii dovecot-core2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - core files
ii dovecot-dbg 2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - debug symbols
ii dovecot-imapd 2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - IMAP daemon
ii dovecot-lmtpd 2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - LMTP server
ii dovecot-managesieved2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - ManageSieve server
ii dovecot-mysql 2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - MySQL support
ii dovecot-pop3d 2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - POP3 daemon
ii dovecot-sieve 2:2.2.13-1~auto+74amd64
secure POP3/IMAP server - Sieve filters support
Logs:
Sep 29 08:41:16 mailstoreul. dovecot: imap(sys@domain pid:15160
session:<4ccaeS4EYgDD/uGI>): Panic: UID 13737 lost unexpectedly from INBOX
Sep 29 08:41:16 mailstoreul. dovecot: imap(sys@domain pid:15160
session:<4ccaeS4EYgDD/uGI>): Error: Raw backtrace:
/usr/lib/dovecot/libdovecot.so.0(+0x6cc1f) [0x7f14d02aac1f] ->
/usr/lib/dovecot/libdovecot.so.0(+0x6cc7e) [0x7f14d02aac7e] ->
/usr/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f14d026389e] ->
/usr/lib/dovecot/modules/lib20_virtual_plugin.so(+0xa12e) [0x7f14cea4c12e] ->
/usr/lib/dovecot/modules/lib20_virtual_plugin.so(virtual_storage_sync_init+0x8db)
[0x7f14cea4d07b] ->
/usr/lib/dovecot/libdovecot-storage.so.0(mailbox_sync_init+0x33)
[0x7f14d05982a3] -> dovecot/imap(imap_sync_init+0x7a) [0x41f92a] ->
dovecot/imap()
[0x41032e] -> dovecot/imap() [0x410531] ->
/usr/lib/dovecot/libdovecot-storage.so.0(+0xa577e) [0x7f14d05bb77e] ->
/usr/lib/dovecot/libdovecot.so.0(io_loop_handle_timeouts+0xc6) [0x7f14d02bbfa6]
-> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run_internal+0x93)
[0x7f14d02bcd63] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x9)
[0x7f14d02bbe09] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x38)
[0x7f14d02bbe88] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13)
[0x7f14d0268d03] -> dovecot/imap(main+0x298) [0x40c238] ->
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f14cfed1eed] ->
dovecot/imap() [0x40c39d]
Sep 29 08:41:16 mailstoreul. dovecot: imap(sys@domain pid:15160
session:<4ccaeS4EYgDD/uGI>): Fatal: master: service(imap): child 15160 killed
with
signal 6 (core dumped)
The core dump:
(gdb) bt full
#0 0x7f14cfee51a5 in raise () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x7f14cfee8420 in abort () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#2 0x7f14d02aac15 in default_fatal_finish (type=,
status=status@entry=0) at failures.c:193
backtrace = 0x253b380 "/usr/lib/dovecot/libdovecot.so.0(+0x6cc1f)
[0x7f14d02aac1f] -> /usr/lib/dovecot/libdovecot.so.0(+0x6cc7e)
[0x7f14d02aac7e] -> /usr/lib/dovecot/libdovecot.so.0(i_fatal+0)
[0x7f14d026389e] -> /usr/lib/d"...
#3 0x7f14d02aac7e in i_internal_fatal_handler (ctx=0x7fff0f69d7f0,
format=, args=) at failures.c:657
status = 0
#4 0x7f14d026389e in i_panic (format=format@entry=0x7f14cea4f528 "UID %u
lost unexpectedly from %s") at failures.c:267
ctx = {type = LOG_TYPE_PANIC, exit_status = 0, timestamp = 0x0}
args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area =
0x7fff0f69d8e0, reg_save_area = 0x7fff0f69d820}}
#5 0x7f14cea4c12e in virtual_sync_external_flags (vseq=1250,
real_uid=13737, bbox=, bbox=,
ctx=,
ctx=) at
virtual-sync.c:67
flags =
kw_names =
keywords =
#6 0x7f14cea4d07b in virtual_sync_backend_box_sync (sync_flags=, bbox=0x26071f0, ctx=0x261f200) at virtual-sync.c:975
sync_rec = {seq1 = 5, seq2 = 7, type = MAILBOX_SYNC_TYPE_FLAGS}
idx1 = 5
vuid =
sync_ctx = 0x268a640
sync_status = {sync_delayed_expunges = 1}
idx2 = 11
vseq = 1250
#7 virtual_sync_backend_box (bbox=0x26071f0, ctx=0x261f200) at
virtual-sync.c:1106
status = {messages = 0, recent = 0, unseen = 3491983296, uidvalidity =
32532, uidnext = 0, first_unseen_seq = 0, first_recent_uid =
3456139202, last_cached_seq = 32532, highest_modseq = 80, highest_pvt_modseq =
140733451983700,
keywords = 0x7, permanent_flags = 3495924087, permanent_keywords = 0,
allow_new_keywords = 0, nonpermanent_modseqs = 1, no_modseq_tracking =
0, have_guids = 1, have_save_guids = 0, have_only_guid128 = 0}
ret =
sync_flags =
bbox_index_opened =
#8 virtual_sync_backend_boxes (ctx=0x261f200) at virtual-sync.c:1444
bboxes = 0x6
i =
count =
#9 virtual_sync (flags=0, mbox=0x2611de0) at virtual-sync.c:1542
