Re: Dovecot auth-worker error after cram-md5 auth
On 31.01.2017 09:47, Poliman - Serwis wrote: > Output will be in console or in some king of log file? > > 2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev: > >> - Исходное сообщение - >>> От: "Poliman - Serwis" >>> Кому: "Aki Tuomi" >>> Копия: "dovecot" >>> Отправленные: Вторник, 31 Январь 2017 г 10:16:48 >>> Тема: Re: Dovecot auth-worker error after cram-md5 auth >>> Thank You for answer. Where could I setup these two lines? >> dovecot.conf? >> >> -- >> WBR, >> BaseALT/ALTLinux Team >> > > That depends on your logging settings, but it will emit them into whatever your debug_log_path is. Default is syslog. Aki
Re: Dovecot auth-worker error after cram-md5 auth
Output will be in console or in some king of log file? 2017-01-31 8:27 GMT+01:00 Evgeniy Korneechev: > - Исходное сообщение - > > От: "Poliman - Serwis" > > Кому: "Aki Tuomi" > > Копия: "dovecot" > > Отправленные: Вторник, 31 Январь 2017 г 10:16:48 > > Тема: Re: Dovecot auth-worker error after cram-md5 auth > > > Thank You for answer. Where could I setup these two lines? > > dovecot.conf? > > -- > WBR, > BaseALT/ALTLinux Team > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: Dovecot auth-worker error after cram-md5 auth
- Исходное сообщение - > От: "Poliman - Serwis"> Кому: "Aki Tuomi" > Копия: "dovecot" > Отправленные: Вторник, 31 Январь 2017 г 10:16:48 > Тема: Re: Dovecot auth-worker error after cram-md5 auth > Thank You for answer. Where could I setup these two lines? dovecot.conf? -- WBR, BaseALT/ALTLinux Team
Re: Dovecot auth-worker error after cram-md5 auth
Thank You for answer. Where could I setup these two lines? 2017-01-31 8:08 GMT+01:00 Aki Tuomi: > > > On 31.01.2017 09:06, Poliman - Serwis wrote: > > I set up cram-md5 using this tutorial > > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > > passdb code block: > > listen = *,[::] > > protocols = imap pop3 > > #auth_mechanisms = plain login cram-md5 > > auth_mechanisms = cram-md5 plain login > > #dodana nizej linia > > ssl = required > > disable_plaintext_auth = yes > > log_timestamp = "%Y-%m-%d %H:%M:%S " > > mail_privileged_group = vmail > > postmaster_address = postmas...@vps342401.ovh.net > > ssl_cert = > ssl_key = > ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > > ssl_cipher_list = > > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256: > ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > > ssl_prefer_server_ciphers = yes > > ssl_dh_parameters_length = 2048 > > > > > > mail_max_userip_connections = 100 > > passdb { > > # args = /etc/dovecot/dovecot-sql.conf > > # driver = sql > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > } > > userdb { > > driver = prefetch > > } > > userdb { > > args = /etc/dovecot/dovecot-sql.conf > > driver = sql > > } > > Of course I created cram-md5.pwd file. All mails go out and come nicely. > > But after I want to do default settings by commented out these two lines: > > driver = passwd-file > > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > > and uncomment > > # args = /etc/dovecot/dovecot-sql.conf > > # driver = sql > > I can't send emails - I use Thunderbird - get error "logging on server > > mail.example.com not work out". Error in logs: > > dovecot: auth-worker(22698): Error: Auth worker sees different > > passdbs/userdbs than auth server. > > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > > > Is it possible that hashed password from cram-md5.pwd file was written to > > database (if yes then where - I have ISPconfig)? I wasn't change any > userdb > > {} block and this second userdb block has this same lines like default > > settings in passdb block. > > > Try > > auth_debug=yes > auth_verbose=yes > > and see if it gives any more reasonable messages. > > Aki > -- *Pozdrawiam / Best Regards* *Piotr Bracha* *tel. 534 555 877* *ser...@poliman.pl *
Re: Dovecot auth-worker error after cram-md5 auth
On 31.01.2017 09:06, Poliman - Serwis wrote: > I set up cram-md5 using this tutorial > https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in > passdb code block: > listen = *,[::] > protocols = imap pop3 > #auth_mechanisms = plain login cram-md5 > auth_mechanisms = cram-md5 plain login > #dodana nizej linia > ssl = required > disable_plaintext_auth = yes > log_timestamp = "%Y-%m-%d %H:%M:%S " > mail_privileged_group = vmail > postmaster_address = postmas...@vps342401.ovh.net > ssl_cert = ssl_key = ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1 > ssl_cipher_list = > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384[image: > :D]HE-RSA-AES128-GCM-SHA256[image: :D]HE-DSS-AES$ > ssl_prefer_server_ciphers = yes > ssl_dh_parameters_length = 2048 > > > mail_max_userip_connections = 100 > passdb { > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > Of course I created cram-md5.pwd file. All mails go out and come nicely. > But after I want to do default settings by commented out these two lines: > driver = passwd-file > args = scheme=cram-md5 /etc/dovecot/cram-md5.pwd > and uncomment > # args = /etc/dovecot/dovecot-sql.conf > # driver = sql > I can't send emails - I use Thunderbird - get error "logging on server > mail.example.com not work out". Error in logs: > dovecot: auth-worker(22698): Error: Auth worker sees different > passdbs/userdbs than auth server. > dovecot: auth: Error: read(anvil-auth-penalty) failed: EOF > > Is it possible that hashed password from cram-md5.pwd file was written to > database (if yes then where - I have ISPconfig)? I wasn't change any userdb > {} block and this second userdb block has this same lines like default > settings in passdb block. > Try auth_debug=yes auth_verbose=yes and see if it gives any more reasonable messages. Aki
Dovecot auth-worker error after cram-md5 auth
I set up cram-md5 using this tutorial https://wiki2.dovecot.org/HowTo/CRAM-MD5 in /etc/dovecot/dovecot.conf in passdb code block: listen = *,[::] protocols = imap pop3 #auth_mechanisms = plain login cram-md5 auth_mechanisms = cram-md5 plain login #dodana nizej linia ssl = required disable_plaintext_auth = yes log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail postmaster_address = postmas...@vps342401.ovh.net ssl_cert = *
Re: fts_solr and connection via https://
Am 31.01.2017 um 00:04 schrieb Stephan Bosch: Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: Op 1/22/2017 om 10:01 AM schreef Jan Vonde: I tried adding the following settings but that didn't help: ssl_ca = < /etc/ssl/certs/ca-certificates.crt ssl_client_ca_dir = /etc/ssl/certs Can you give me a hint how I can get the ssl certificate accepted? That should normally have done the trick. However, the sources tell me that no ssl_client settings are propagated to the http_client used by fts-solr, so SSL is not currently supported it seems. I'll check how easy it is to add that. Just to keep you informed: I created a patch, but it is still being tested. Thanks for the update Stephan! Awesome! Looking forward to test it myself :-) \Jan -- Jan Vonde Hermann-Rein-Str. 6 37075 Göttingen Tel: 0551 - 200 47 58 2 Mobil: 0176 - 83 110 775 http://www.vonde.eu
Re: tlsv1 alert unknown ca: SSL alert number 48
Jan 28 22:42:44 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.1.16, lip=192.168.1.3, TLS: SSL_read() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session= ... # SSL/TLS support: yes, no, required. ssl = yes ssl_cert = Are you using client verification (i.e. mutual authentication of mail client and server)? If not, just comment out ssl_ca. Joseph Tam
Re: fts_solr and connection via https://
Op 1/22/2017 om 12:01 PM schreef Stephan Bosch: > Op 1/22/2017 om 10:01 AM schreef Jan Vonde: >> I tried adding the following settings but that didn't help: >> ssl_ca = < /etc/ssl/certs/ca-certificates.crt >> ssl_client_ca_dir = /etc/ssl/certs >> >> Can you give me a hint how I can get the ssl certificate accepted? > That should normally have done the trick. However, the sources tell me > that no ssl_client settings are propagated to the http_client used by > fts-solr, so SSL is not currently supported it seems. > > I'll check how easy it is to add that. Just to keep you informed: I created a patch, but it is still being tested. Regards, Stephan.
Re: dovecot mdbox never fix broken indexes
2017-01-30 11:43 GMT+03:00 Aki Tuomi: > Hi! > > Please send these to dovecot@dovecot.org instead of us directly. Thank you. Ok, added to cc. > Also, did you try force-resync? Not help. # doveadm force-resync -u al...@altek.info \* doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332136) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332196) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332212) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332272) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332288) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332348) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332364) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332424) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332440) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: rebuilding indexes doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332500) doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index doveadm(al...@altek.info): Warning: fscking index file /srv/vmail/altek.info/altek/storage/dovecot.map.index in logs after force-resync Jan 30 11:49:23 mail dovecot: lmtp(21946): Connect from ::1 Jan 30 11:49:23 mail dovecot: lmtp(al...@altek.info): Warning: mdbox /srv/vmail/altek.info/altek/storage: Inconsistency in map index (63,31880 != 63,332516) Jan 30 11:49:23 mail dovecot: lmtp(al...@altek.info): Error: Log synchronization error at seq=63,offset=58292 for /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension record inc drops number below zero (uid=5845, diff=-1, orig=0) Jan 30 11:49:23 mail dovecot: lmtp(al...@altek.info): Error: Log synchronization error at seq=63,offset=78516 for /srv/vmail/altek.info/altek/storage/dovecot.map.index: Extension record inc drops number below zero (uid=11497, diff=-1, orig=0) Jan 30 11:49:23 mail dovecot:
Re: Moving to new password scheme
On 2017.01.25. 10:09, Alessio Cecchi wrote: Il 24/01/2017 23:29, @lbutlr ha scritto: dovecot is setup on a system with MD5-CRYPT password scheme for all users, and I would like to update this to something that is secure, probably SSHA256-CRYPT, but I want to do this seamlessly without the users having to jump through any hoops. The users are in mySQL (managed via postfixadmin) and the mailbox record simply stores the hash in the password field. Users access their accounts though IMAP MUAs or Roundcube. How would I setup my system so that if a user logs in and still has a $1$ password (MD5-CRYPT) their password will be encoded to the new SHCEME and then the SQL row updated with the $5$ password instead? Something where they are redirected after authentication to a page that forces them to renter their password (or choose a new one) is acceptable. And, while I am here, is it worthwhile to set the -r flag to a large number (like something over 100,000 which sets takes about 0.25 seconds to do on my machine)? Hi, you can convert password scheme during the login: http://wiki2.dovecot.org/HowTo/ConvertPasswordSchemes Ciao I've done it with nice and short pg's stored procedure. -- KSB
Re: Moving to new password scheme
Okn Mon, 30 Jan 2017, dovecot-requ...@dovecot.org wrote: OK, I have the dovecot.conf stuff working so that it calls the external script and I have that script spitting out the login and a SHA256-CRYPT password with hash: Thu Jan 26 06:45:54 MST 2017 USER: xan...@xanmax.com {SHA512-CRYPT}$6$CfKc0NdiRkWOisjL$kHAx2oxB? Did you truncate the results? This hash looks far too short to be a real SHA512 hash. Joseph Tam
Re: Users with extra mailbox: namespace/mailbox in userdb lookup?
Thank you so much Steffen On 2017-01-30 00:35, Steffen Kaiser wrote:
Re: Users with extra mailbox: namespace/mailbox in userdb lookup?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 27 Jan 2017, MRob wrote: We have a need for some users to have an additional folder created and subscribed for them. Is is possible to return an override for the default "namespace inbox" containing the needed mailbox definitions in the userdb lookup for such users? If so, how would the userdb lookup result be formatted? Presumably as Yes, see here: http://wiki2.dovecot.org/UserDatabase/ExtraFields Each setting ist one "Extra Field" just one long string, but how would the setting be named given there can't be a space in it? Can I replace the space with an underscore, e.g. userdb_namespace_inbox = '{ mailbox Drafts { auto=subscribe special_use = \Drafts } mailbox Trash { auto=subscribe special_use = \Trash } }' sort of: userdb_namespace/inbox/mailbox/Drafts/auto=subscribe see also: http://www.dovecot.org/list/dovecot/2016-February/103140.html - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBWI763Xz1H7kL/d9rAQI+Awf/V0vZpyQMQclFUy7OYDLbR3RsyIGAVT3Z zr7vlbui7wViskBqXriNkucz3vUw9B8S0KdAlJnpFR37Hf7yJg9O/q2YAQF9OcYh HJBNUfOgo8fiCrSFp4R6iInRYXzgM3CFDObm9Rf5OiYjb9sW8taAuX2hT61ccXaW 0sX6MGHgruWGZoZlo0qxo8/5/sb2iY0dNRVEQGaopEHg3DmpeRsJOmbV7XKNaG3v lovL9kHxQkZTT3Tu26ZXCzVjkVYoSD7IgPathdAGzlGbe2M04RnN6GIM5aXGoTOo QxSGpvscIHUheSUa3kTrMb2JPdiwkfZKJckQmrtfAvLkzE1WGKIo9Q== =ZXVy -END PGP SIGNATURE-