Re: please help this newbie get started

2017-02-10 Thread drbobllc 
I appreciated the help I received here. To try to give back a little, I 
contributed something I learned to the wiki:
Passwd as a password databasePasswd as a password database on FreeBSD
Thanks again,
Bob
 

On Sunday, February 5, 2017 10:12 AM, "drbob...@yahoo.com" 
 wrote:
 

 Hi, everyone,
Got through for the first time! In fact the trick was to switch to:
passdb {
  driver = passwd-file
  args = path-to-file-with-encrypted-passwords
}
 Thanks for steering me in the right direction. Next I guess is SSL for more 
security. 

Bob
On Sunday, February 5, 2017 8:14 AM, "drbob...@yahoo.com" 
 wrote:
Do I need to tell dovecot to check master.passwd instead of passwd?
2. Is my (simple) passdb OK?
passdb {
  args = blocking=no
  driver = passwd
}

Re: please help this newbie get started

2017-02-06 Thread drbobllc 
Hi again, everyone,
Adding SSL seemed to go smoothly, I can check my email now with Thunderbird 
with "connection security" set to STARTTLS.
My next issue is receiving emails. Can you help me with that, too?
It works to use "mail" on the command line to send email from one account to 
another.
But email from this yahoo account never appears. How should I start to try to 
figure this out? Thanks!
Bob

On Sunday, February 5, 2017 10:12 AM, "drbob...@yahoo.com" 
 wrote:
 

 Next I guess is SSL for more security.

Re: please help this newbie get started

2017-02-05 Thread drbobllc 
Hi, everyone,
Got through for the first time! In fact the trick was to switch to:
passdb {
  driver = passwd-file
  args = path-to-file-with-encrypted-passwords
}
 Thanks for steering me in the right direction. Next I guess is SSL for more 
security. 

Bob
On Sunday, February 5, 2017 8:14 AM, "drbob...@yahoo.com" 
 wrote:
Do I need to tell dovecot to check master.passwd instead of passwd?
2. Is my (simple) passdb OK?
passdb {
  args = blocking=no
  driver = passwd
}

Re: please help this newbie get started

2017-02-05 Thread drbobllc 
1. The man page I get is slightly different:
%    man 5 passwd
PASSWD(5) FreeBSD File Formats Manual    PASSWD(5)

NAME
 passwd, master.passwd -- format of the password file

DESCRIPTION
 The passwd files are the local source of password information.  They can
 be used in conjunction with the Hesiod domains `passwd' and `uid', and
 the NIS maps `passwd.byname', `passwd.byuid', `master.passwd.byname', and
 `master.passwd.byuid', as controlled by nsswitch.conf(5).

 For consistency, none of these files should ever be modified manually.

 The master.passwd file is readable only by root, and consists of newline
 separated records, one per user, containing ten colon (`:') separated
 fields.  These fields are as follows:

 [...]

 The passwd file is generated from the master.passwd file by pwd_mkdb(8),
 has the class, change, and expire fields removed, and the password field
 replaced by a `*' character.

 [...]
 In the master.passwd file, the password field is the encrypted form of
 the password, see crypt(3).  If the password field is empty, no password
 will be required to gain access to the machine.  This is almost invari-
 ably a mistake, so authentication components such as PAM can forcibly
 disallow remote access to passwordless accounts.  Because this file con-
 tains the encrypted user passwords, it should not be readable by anyone
 without appropriate privileges.

 A password of `*' indicates that password authentication is disabled for
 that account (logins through other forms of authentication, e.g., using
 ssh(1) keys, will still work).  The field only contains encrypted pass-
 words, and `*' can never be the result of encrypting a password.
 Do I need to tell dovecot to check master.passwd instead of passwd?
2. Is my (simple) passdb OK?

passdb {
  args = blocking=no
  driver = passwd
}
I guess it would be easy to try it without the "args" line.
4. Sometimes I log in as www to do web page stuff, so files are owned by www. 
www has a shell, and a password, and can ssh fine.
Thanks for your help!
Bob

On Sunday, February 5, 2017 2:58 AM, Christian Kivalo  
wrote:
 
>dovecot: auth: passwd(xxx,xxx,<40AjQMFHSLVLGJAC>): invalid password
>field '*'

The '*' in passwd password field stands for login disabled. See man 5 passwd or 
http://www.manpages.info/freebsd/passwd.5.html

>-ERR [AUTH] Authentication failed.

This is probably because the users login is disabled.

In one oft your provided log outputs you are trying to login as user 'www'. 
Why? The webserver user has the login normaly disabled.

Re: please help this newbie get started

2017-02-04 Thread drbobllc 
Hi, everyone,
1. As advised in Debugging Authentication, I turned on auth_debug and 
auth_debug_passwords, and now in the mail log I get an additional message:
dovecot: auth: passwd(xxx,xxx,<40AjQMFHSLVLGJAC>): invalid password field '*'
Of course neither the password I tried nor the actual password was '*'. That's 
what's in /etc/passwd, but dovecot isn't just using that, is it?

2. In the new debug log, I get:
dovecot: auth: Debug: Loading modules from directory: 
/usr/local/lib/dovecot/auth
dovecot: auth: Debug: Read auth token secret from 
/var/run/dovecot/auth-token-secret.dat
dovecot: auth: Debug: auth client connected (pid=3183)
dovecot: auth: Debug: client in: AUTH    1    PLAIN    service=pop3    
session=RFp0lMFHHotLGJAC    lip=xxx    rip=xxx    lport=110    rport=35614
dovecot: auth: Debug: client passdb out: CONT    1    
dovecot: auth: Debug: client in: CONT
dovecot: auth: Debug: passwd(xxx,xxx,): lookup
dovecot: auth: Debug: client passdb out: FAIL    1    user=xxx    user_disabled

So it's something with passdb?

3. In TestPop3Installation I can't get past the "Check that it's allowing 
remote logins" section. telnet gives me an error:

-ERR [AUTH] Authentication failed.


which I expect, because I have telnet turned off. Does that mean I can't use 
plaintext authentication?

Thanks,
Bob

On Saturday, February 4, 2017 8:37 AM, "drbob...@yahoo.com" 
 wrote:
 
And thanks for the link to that Troubleshooting section. I didn't know that was 
there and will take a look at it now.

Re: please help this newbie get started

2017-02-03 Thread drbobllc 
 Hi again,
I see now it's possible to restricting IMAP/POP3 access, but that shouldn't be 
enabled. In conf.d/10-auth.conf that's commented out:

#!include auth-deny.conf.ext
Thanks,
Bob

please help this newbie get started

2017-02-03 Thread drbobllc 
Hi, everyone,
I'm trying to get email working on a server. Web servers I have some experience 
with, but this is new for me.
On FreeBSD, with dovecot2 (2.2.27), when I try to check email, Thunderbird says:
Sending of password for user xxx did not succeed.Mail server xxxresponded: 
Authentication failed.
And on the server, in the mail log, there's a message:
dovecot: pop3-login: Disconnected (user disabled)
Any idea what I'm doing wrong? I didn't mean to disable any users. Thanks!
Bob