dovecot/postfix

trscookie · 04-14-2011, 09:05 AM

Hello All,

I am trying to configure my server with dovecot/postfix however I am getting the following errors in my /var/log/maillog and dovecot is not authenticating, can somebody shed some light on to this please?

/var/log/maillog:

Code:

Apr 14 14:53:38 server last message repeated 3 times
Apr 14 14:54:20 server dovecot: imap-login: Disconnected: rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Apr 14 14:57:48 server dovecot: imap-login: Disconnected: Inactivity: user=<trscookie@domain.com>, method=PLAIN, rip=::ffff:88.xxx.xxx.48, lip=::ffff:88.xxx.xxx.48, secured
Apr 14 14:58:27 server dovecot: auth(default): cram-md5(trscookie@domain.com,::ffff:85.210.11.31): passdb credentials are not in hex
Apr 14 14:58:28 server dovecot: imap-login: Disconnected: user=<trscookie@domain.com>, method=CRAM-MD5, rip=::ffff:85.210.11.31, lip=::ffff:88.xxx.xxx.48, TLS
Apr 14 14:58:44 server dovecot: imap-login: Disconnected: user=<trscookie@domain.com>, method=PLAIN, rip=::ffff:89.192.0.11, lip=::ffff:88.xxx.xxx.48, TLS

Code:

[root@server logs]# telnet mydomain.com 143
Trying 88.xxx.xxx.48...
Connected to mydomain.com (88.xxx.xxx.48).
Escape character is '^]'.
* OK Dovecot ready.
a login trscookie@domain.com mypassword
a NO Authentication failed.
* BYE Disconnected for inactivity.
Connection closed by foreign host.
[root@server logs]#

Code:

[root@server logs]# cat /etc/dovecot.conf 
protocols = imap imaps pop3 pop3s
disable_plaintext_auth = no
ssl_cipher_list = ALL:!LOW:!SSLv2
login_process_size = 64
mail_location = maildir:%hMaildir
protocol imap {
  mail_plugins = quota imap_quota
}
  
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  mail_plugins = quota
}

protocol lda {
  postmaster_address = admin@domain.com
  mail_plugins = quota
}

auth default {
  mechanisms = cram-md5 plain login

  passdb sql {
    args = /etc/dovecot-sql.conf
  }

  userdb sql {
    args = /etc/dovecot-sql.conf
  }

  userdb prefetch {
  }

  user = vmail

  socket listen {
    master {
      path = /var/run/dovecot/auth-master
      mode = 0600
      user = vmail
    }

    client {
      path = /var/run/dovecot/auth-client
      mode = 0660
      user = postfix
      group = postfix
    }
  }
}

dict {
}

plugin {
}

namespace private {
separator = .
prefix = INBOX.
inbox = yes
}

ssl_cert_file = /etc/postfix/ssl/smtpd.crt
ssl_key_file = /etc/postfix/ssl/smtpd.key

I believe that the error is caused by:

Code:

Apr 14 14:58:27 server dovecot: auth(default): cram-md5(trscookie@domain.com,::ffff:85.210.11.31): passdb credentials are not in hex

I believe that this might be caused by different types of encryption being used, but I'm not sure :S

Many, many thanks in advance for your help.

Kind regards,
trscookie.

Noway2 · 04-14-2011, 11:32 AM

If I remember correctly, and it has been a while, you need to use base64 encoding when transmitting the authentication information. I also recall that there is a simple perl script to perform this function. Many of the Postfix how-to documents should say where you can find it in their testing section.

trscookie · 04-14-2011, 11:59 AM

Hi,

Thanks for the update I dont suppose you know where you have seen it do you? I cant seem to find it :S.

I did just change the

dovecot.conf

Code:

auth default {
mechanisms = plain
#mechanisms = cram-md5 plain login

And restarted dovecot, and received a slightly different error:

Code:

Apr 14 18:14:28 server dovecot: Killed with signal 15
Apr 14 18:14:28 server dovecot: Dovecot v1.0.7 starting up
Apr 14 18:14:28 server postfix/postfix-script: stopping the Postfix mail system
Apr 14 18:14:28 server postfix/master[12471]: terminating on signal 15
Apr 14 18:14:28 server postfix/postfix-script: starting the Postfix mail system
Apr 14 18:14:28 server postfix/master[12620]: daemon started -- version 2.3.3, configuration /etc/postfix
Apr 14 18:14:28 server spamd[12503]: spamd: server killed by SIGTERM, shutting down 
Apr 14 18:14:29 server dovecot: auth-worker(default): mysql: Connected to localhost (postfix)
Apr 14 18:14:31 server spamd[12652]: logger: removing stderr method 
Apr 14 18:14:32 server spamd[12654]: spamd: server started on port 783/tcp (running version 3.2.5) 
Apr 14 18:14:32 server spamd[12654]: spamd: server pid: 12654 
Apr 14 18:14:32 server spamd[12654]: spamd: server successfully spawned child process, pid 12656 
Apr 14 18:14:32 server spamd[12654]: spamd: server successfully spawned child process, pid 12657 
Apr 14 18:14:32 server spamd[12654]: prefork: child states: IS 
Apr 14 18:14:32 server spamd[12654]: prefork: child states: II 
Apr 14 18:15:17 server postfix/smtpd[12659]: connect from localhost.localdomain[127.0.0.1]
Apr 14 18:15:19 server postfix/smtpd[12659]: disconnect from localhost.localdomain[127.0.0.1]
Apr 14 18:15:32 server dovecot: imap-login: Disconnected: user=<trscookie@domain.com>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Apr 14 18:15:46 server dovecot: imap-login: Disconnected: user=<trscookie@domain.com>, method=PLAIN, rip=::ffff:89.xxx.xxx.20, lip=::ffff:88.xxx.xxx.48, TLS

Thanks again,
trscookie

Noway2 · 04-14-2011, 02:36 PM

Have a look here: http://www.postfix.org/SASL_README.html and look for the section header titled: Testing SASL authentication in the Postfix SMTP Server
It shows an example, using plaintext authentication and mentions that instead of using <string on characters> to use the base64 encoding. The writing is a little confusing, in that it makes it sound like this applies to TLS connections, but should have said for both.

From what I also recall, Postfix does not support md5 hashing, when using Dovecot (or Cyrus) SASL, but only plain text. For this reason, using encryption is important and thankfully easy to do.

trscookie · 04-15-2011, 11:21 AM

Ok,

I think that I have tried everything now, I have re-installed dovecot as postfix and re-configured it however I am getting the error:

Code:

Apr 15 16:57:41 server spamd[3236]: prefork: child states: II 
Apr 15 17:02:21 server dovecot: imap-login: Disconnected: user=<trscookie@domain.com>, method=PLAIN, rip=::ffff:89.xx.xx.10, lip=::ffff:88.xx.xx.48, TLS
Apr 15 17:02:33 server last message repeated 3 times
Apr 15 17:02:35 server dovecot: imap-login: Disconnected: rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Apr 15 17:02:43 server dovecot: imap-login: Disconnected: user=<trscookie@domain.com>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
Apr 15 17:07:43 server dovecot: imap-login: Disconnected: user=<trscookie@domain.com>, method=PLAIN, rip=::ffff:89.xx.xx.10, lip=::ffff:88.xx.xx.48, TLS

Any ideas what I might be missing :S, Sorry I forgot to mention I removed the encryption and this works. So its a problem is with the encryption.

thanks again,
trscookie.