Eric Shubert | 1 Oct 01:24 2011
Picon

Re: SOLVED Intermittent authentication failures

On 09/30/2011 12:59 PM, Eric Shubert wrote:
> On 09/30/2011 09:07 AM, Eric Shubert wrote:
>>
>> CRAM-MD5 works sometimes:
>> Sep 30 08:15:43 imap-login: Info: Login: user=<userA <at> domain.com>,
>> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301
>>
>> but (seemingly more frequently) the authentication fails:
>> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1
>> attempts): user=<userA <at> domain.com>, method=CRAM-MD5, rip=192.168.252.8,
>> lip=192.168.252.14
>>
>> I restarted dovecot, and that apparently cleared the problem for one
>> user, but not others.
>>
>> Is this perhaps a bug in dovecot, or would the problem lie with vpopmail?
>>
>> TIA for any pointers.
>>
>
> FWIW, I tried digest-md5, and experience the same problem.
>
> Is it possible that passwords are being cached in such a way that
> different login mechanisms cannot be used by different client programs
> with the same user account?
>

My problem was indeed with the password caching. I changed
cache_key=%u
to
(Continue reading)

Timo Sirainen | 1 Oct 17:16 2011
Picon
Picon

Re: SOLVED Intermittent authentication failures

On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote:
> >> CRAM-MD5 works sometimes:
> >> Sep 30 08:15:43 imap-login: Info: Login: user=<userA <at> domain.com>,
> >> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301
> >>
> >> but (seemingly more frequently) the authentication fails:
> >> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1
> >> attempts): user=<userA <at> domain.com>, method=CRAM-MD5, rip=192.168.252.8,
> >> lip=192.168.252.14
> >>
> My problem was indeed with the password caching. I changed
> cache_key=%u
> to
> cache_key=%u%r
> and that cleared things up.
> 
> I expect that this is only a problem when different client programs use 
> different login mechanisms, which was the case with this particular 
> group of users.

Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just
happens to work around the real problem, which might still be there but
just less frequent.. Logs with auth_debug=yes could have been helpful in
figuring this out.

Timo Sirainen | 1 Oct 17:19 2011
Picon
Picon

Re: FTS and compound searches

On Thu, 2011-09-29 at 15:40 +1300, Nikolai Schupbach wrote:
> >> New subscriber here. I noticed that the FTS index is not used in compound searches.
> >> Is this expected? Tested in 2.0.0 and 2.0.8:
> >
> >Yep. It's been in TODO for a while.
> 
> I know this thread is quite old, but we have the same issue with v2.0.14 and squat. Would this issue also
affect the Solr FTS backend?

It's fixed in v2.1 for all backends.

Eric Shubert | 2 Oct 17:53 2011
Picon

Re: SOLVED Intermittent authentication failures

On 10/01/2011 08:16 AM, Timo Sirainen wrote:
> On Fri, 2011-09-30 at 16:24 -0700, Eric Shubert wrote:
>>>> CRAM-MD5 works sometimes:
>>>> Sep 30 08:15:43 imap-login: Info: Login: user=<userA <at> domain.com>,
>>>> method=CRAM-MD5, rip=192.168.252.8, lip=192.168.252.14, mpid=20301
>>>>
>>>> but (seemingly more frequently) the authentication fails:
>>>> Sep 30 08:16:41 imap-login: Info: Aborted login (auth failed, 1
>>>> attempts): user=<userA <at> domain.com>, method=CRAM-MD5, rip=192.168.252.8,
>>>> lip=192.168.252.14
>>>>
>> My problem was indeed with the password caching. I changed
>> cache_key=%u
>> to
>> cache_key=%u%r
>> and that cleared things up.
>>
>> I expect that this is only a problem when different client programs use
>> different login mechanisms, which was the case with this particular
>> group of users.
>
> Auth mechanism shouldn't affect caching or vice versa. Maybe the %r just
> happens to work around the real problem, which might still be there but
> just less frequent.. Logs with auth_debug=yes could have been helpful in
> figuring this out.

Ask and ye shall receive:
Oct 02 08:21:03 auth: Debug: client in: AUTH    1       PLAIN 
service=imap    secured lip=192.168.6.14        rip=208.54.4.133 
lport=143       rport=43401     resp=<hidden>
(Continue reading)

Timo Sirainen | 2 Oct 19:28 2011
Picon
Picon

Re: SOLVED Intermittent authentication failures

On Sun, 2011-10-02 at 08:53 -0700, Eric Shubert wrote:
> 
> 
> Oct 02 08:21:40 auth: Info: password(gary <at> domain.com,192.168.252.8): 
> Requested DIGEST-MD5 scheme, but we have only SHA1 

Oh. This was vpopmail specific problem. See if this fixes:
http://hg.dovecot.org/dovecot-2.0/rev/dbd5f9ec38af

Daminto Lie | 3 Oct 04:15 2011
Picon

problem with getting outlook to work with IMAP server

Hi,

I am having difficulty in getting the outlook 2010 to connect to my server running on Ubuntu Server 10.04. I
can login to Squirrelmail webmail, and am able to send & receive emails through squirrelmail with no
problem whatsoever. However, this morning, I was trying to add a new account for the same user on Outlook
2010 and I got the following error from outlook as follows

Send test e-mail message: Your outgoing (SMTP) e-mail server has reported an internal error. The server
responded: 554 5.7.7 No Spoofing Allowed.

I then, went to check /var/log/mail.log and I found the following

Oct  3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): pass search:
base=ou=accounts,dc=example,dc=com scope=subtree
filter=(&(objectClass=posixAccount)(uid=sbernett)) fields=uid,userPassword,homeDirectory,uidNumber,gidNumber
Oct  3 12:19:27 mymailServer dovecot: auth(default): ldap(sbernett,50.4.39.163): result:
uid(user)=sbernett uidNumber(userdb_uid)=106 gidNumber(userdb_gid)=106
userPassword(password)={CRYPT}xGHI86Ktls homeDirectory(userdb_home)=/home/vmail/sbernett
Oct  3 12:19:27 mymailServer dovecot: auth(default): client out: OK#0111#011user=sbernett
Oct  3 12:19:27 mymailServer dovecot: auth(default): master in: REQUEST#0114#0112686#0111
Oct  3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): lookup
Oct  3 12:19:27 mymailServer dovecot: auth(default): passwd(sbernett,50.4.39.163): unknown user
Oct  3 12:19:27 mymailServer dovecot: auth(default): master out: USER#0114#011sbernett#011uid=106#011gid=106#011home=/home/vmail/sbernett
Oct  3 12:19:27 mymailServer dovecot: imap-login: Login: user=<sbernett>, method=PLAIN,
rip=50.4.39.163, lip=50.4.39.164
Oct  3 12:19:27 mymailServer dovecot: IMAP(sbernett): Disconnected in IDLE bytes=9/292
Oct  3 12:19:27 mymailServer postfix/smtpd[2766]: warning: No server certs available. TLS won't be enabled
Oct  3 12:19:27 mymailServer postfix/smtpd[2766]: connect from localhost[127.0.0.1]
Oct  3 12:19:27 mymailServer postfix/smtpd[2766]: 182292400AE: client=localhost[127.0.0.1]
Oct  3 12:19:27 mymailServer postfix/smtpd[2766]: lost connection after DATA (0 bytes) from localhost[127.0.0.1]
(Continue reading)

Francesco Fiore | 3 Oct 10:53 2011
Picon

Re: Timeout leak in get quota

Hi!
I've the same problem.

I use the same input string inside a Java standalone application.
The request would appear correct and I receive always a correct response
but Dovecot print the same warning into the log...

My Dovecot version is 2.0.13.

Thanks in advance for any help!

Francesco

On 29/09/11 15:05, Danilo wrote:
> Hello!
> I wrote perl script for read current quota usage, it works but when I run the
> program I receive a warning in Dovecot log:
>
> 2011-09-29 14:45:30 doveadm(guest <at> testmail.com): Warning: Timeout leak:
> 0x7f14800ad970
>
> This is the script:
> ===============================
> #!/usr/bin/perl
>
> use strict;
> use Socket;
> use IO::Handle;
>
> socket(TSOCK, PF_UNIX, SOCK_STREAM,0);
(Continue reading)

Andrew Hearn | 3 Oct 12:35 2011
Picon

1.2.17 Program terminated with signal 11, Segmentation fault.

Hello,

We've had seg faults a couple of times a day on our servers, we upgraded 
to 1.2.17 and still have them.

running a coredump through dbg says:

Reading symbols from /usr/local/libexec/dovecot/imap-login...done.
[New Thread 27962]
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols 
found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2

warning: no loadable sections found in added symbol-file system-supplied 
DSO at 0x7fff083f4000
Core was generated by `imap-login -D'.
Program terminated with signal 11, Segmentation fault.
#0  0x000000000041388b in io_file_unlink (_io=<value optimized out>, 
closed=true) at ioloop.c:70
70		if (io->next != NULL)

dovecot -n is at http://pastebin.ca/SQjrseJD (pass timo)

Linux 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:13:52 EDT 2011 x86_64 
x86_64 x86_64 GNU/Linux

We use NFS for mail store, and ramdisk for dovecot indexes. We do run 
the mail_log plugin.

Let me know if you need any more info though.
(Continue reading)

Frank Bonnet | 3 Oct 13:52 2011
Picon
Picon

clarifications on shared mailboxes

Hello

I need some clarifications on shared mailboxes.

Actually we use MBOX format with "real" unix users , but I've been asked
to create some shared mailboxes for some users who need to have some
for their working groups.

What would be the best way to create those shared mailboxes ?

Would it be possible to create some "shared space" on the server
in maildir format to get advantage of the last seen flag ?

If yes some config examples would be a great help.

See attach the doveconf -n output ( certificates names have been 
obscured ;-) )

Thank you.

# 2.0.14: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 7.4-RELEASE amd64  
auth_verbose_passwords = plain
auth_worker_max_count = 100
debug_log_path = /var/log/dovecot/debug.log
default_client_limit = 6144
default_process_limit = 1024
disable_plaintext_auth = no
(Continue reading)

Romer Ventura | 3 Oct 16:29 2011

Multiple LDAP authentication servers

Hello,

We are performing a Domain migration and I was wondering if there was any
way to get Dovecot to authenticate to more than 1 LDAP server? Currently
dovecot is configure to query the "mail" attribute from Active Directory and
when found it binds with the credentials the user provided.

This works fine, but when migrating user accounts, they get disabled in the
source domain so that the user can no longer log on to it. But disabling the
account in the source domain, causes the user to be unable to use his email
account. 

Is there any way to get dovecot to try a second LDAP server if the first one
fails to authenticate..?

~# dovecot -n

# 1.2.11: /etc/dovecot/dovecot.conf

# OS: Linux 2.6.29-xs5.5.0.15 i686 Debian 5.0.4 ext3

log_timestamp: %Y-%m-%d %H:%M:%S

protocols: imaps imap

ssl_cert_file: /etc/ssl/certs/smtpd.crt

ssl_key_file: /etc/ssl/private/smtpd.key

login_dir: /var/run/dovecot/login
(Continue reading)


Gmane