Still trying to get past authorization problems

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Still trying to get past authorization problems

Dovecot mailing list
Got all the Postfix errors fixed but maybe one, so I don't think that's
involved in this mix any more.


I had a domain definition problem, got that sorted.


The accounts' logins are correct. I tried several from the shell, and
they let me in.


Here's the minus-n output, not very different from the first time I
posted it:


# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-64-generic x86_64 Ubuntu 18.04.3 LTS ext4
base_dir = /var/run/dovecot/
first_valid_gid = 109
first_valid_uid = 105
last_valid_gid = 109
last_valid_uid = 105
log_path = /var/log/dovecot.log
mail_gid = postfix
mail_location = maildir:/var/mail/vmail/%d/%n
mail_uid = postfix
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = pam
}
protocols = " imap lmtp"
service auth {
   unix_listener /var/spool/postfix/private/auth {
     group = postfix
     mode = 0666
     user = postfix
   }
   unix_listener auth-userdb {
     group = postfix
     mode = 0666
     user = postfix
   }
}
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
   process_min_avail = 0
   service_count = 1
}
service lmtp {
   unix_listener lmtp {
     mode = 0666
   }
}
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
service pop3 {
   process_limit = 1024
}
ssl = required
ssl_cert = </etc/ssl/private/tgv2018.crt
ssl_key =  # hidden, use -P to show it
userdb {
   driver = passwd
}


These from dovecot.log just keep going round and round.


Oct 24 02:23:57 imap-login: Info: Aborted login (auth failed, 1 attempts
in 3 secs): user=<[hidden email]>, method=PLAIN,
rip=86.148.44.160, lip=95.142.174.193, TLS, session=<7SCVuZ6VScBWlCyg>
Oct 24 02:25:55 imap-login: Info: Disconnected (auth failed, 2 attempts
in 132 secs): user=<[hidden email]>, method=PLAIN,
rip=108.41.57.11, lip=95.142.174.193, TLS, session=<ZErquJ6VpMpsKTkL>
Oct 24 02:25:55 imap-login: Info: Disconnected (auth failed, 2 attempts
in 132 secs): user=<[hidden email]>, method=PLAIN,
rip=108.41.57.11, lip=95.142.174.193, TLS, session=<6bnquJ6VpcpsKTkL>
Oct 24 02:57:58 imap-login: Info: Disconnected (auth failed, 4 attempts
in 43 secs): user=<[hidden email]>, method=PLAIN,
rip=108.41.57.11, lip=95.142.174.193, TLS, session=<CRHUMJ+V59JsKTkL>
Oct 24 03:06:23 imap-login: Info: Disconnected (no auth attempts in 0
secs): user=<>, rip=49.51.34.136, lip=95.142.174.193,
session=<jGWJUZ+VAM8xMyKI>
Oct 24 03:06:24 imap-login: Info: Disconnected: Too many invalid
commands (no auth attempts in 0 secs): user=<>, rip=49.51.34.136,
lip=95.142.174.193, session=<agCMUZ+V8JMxMyKI>
Oct 24 03:07:55 imap-login: Info: Disconnected (auth failed, 2 attempts
in 13 secs): user=<[hidden email]>, method=PLAIN,
rip=108.41.57.11, lip=95.142.174.193, TLS, session=<ivc4Vp+V79VsKTkL>

Reply | Threaded
Open this post in threaded view
|

Re: Still trying to get past authorization problems

Dovecot mailing list

On 24.10.2019 6.18, Steve Matzura via dovecot wrote:

> Got all the Postfix errors fixed but maybe one, so I don't think
> that's involved in this mix any more.
>
>
> I had a domain definition problem, got that sorted.
>
>
> The accounts' logins are correct. I tried several from the shell, and
> they let me in.
>
>
> Here's the minus-n output, not very different from the first time I
> posted it:
>

Try adding


auth_mechanisms = PLAIN LOGIN


and do not use [x] secure password in your MUA.

Aki

Reply | Threaded
Open this post in threaded view
|

Re: Still trying to get past authorization problems

Dovecot mailing list
That's already in conf.d/10-auth.conf.


On 10/24/2019 1:31 AM, Aki Tuomi via dovecot wrote:

> On 24.10.2019 6.18, Steve Matzura via dovecot wrote:
>> Got all the Postfix errors fixed but maybe one, so I don't think
>> that's involved in this mix any more.
>>
>>
>> I had a domain definition problem, got that sorted.
>>
>>
>> The accounts' logins are correct. I tried several from the shell, and
>> they let me in.
>>
>>
>> Here's the minus-n output, not very different from the first time I
>> posted it:
>>
> Try adding
>
>
> auth_mechanisms = PLAIN LOGIN
>
>
> and do not use [x] secure password in your MUA.
>
> Aki
>
Reply | Threaded
Open this post in threaded view
|

Re: Still trying to get past authorization problems

Dovecot mailing list
In conf.d/10-logging.conf, set:

auth_debug_passwords = yes
mail_debug = yes
verbose_ssl = yes

You might try setting them one-by-one as having all three will give a
ton of info, and auth_debug_passwords will expose all passwords used
while set, but those settings should show you what the problem is.

Daniel

On 10/24/2019 6:23 AM, Steve Matzura via dovecot wrote:

> That's already in conf.d/10-auth.conf.
>
>
> On 10/24/2019 1:31 AM, Aki Tuomi via dovecot wrote:
>> On 24.10.2019 6.18, Steve Matzura via dovecot wrote:
>>> Got all the Postfix errors fixed but maybe one, so I don't think
>>> that's involved in this mix any more.
>>>
>>>
>>> I had a domain definition problem, got that sorted.
>>>
>>>
>>> The accounts' logins are correct. I tried several from the shell, and
>>> they let me in.
>>>
>>>
>>> Here's the minus-n output, not very different from the first time I
>>> posted it:
>>>
>> Try adding
>>
>>
>> auth_mechanisms = PLAIN LOGIN
>>
>>
>> and do not use [x] secure password in your MUA.
>>
>> Aki
>>
>