0

On a linux server a user is unable to collect email using Microsoft Office. in /var/log/maillog I see this

Mar 1 20:49:48 nitrogen dovecot: auth-worker(15749): Error: pam(usern@example.com, 1.2.3.4,<WkxqYjY6G152yDAG>): Multiple password values not supported

followed immediately by Mar 1 20:49:50 nitrogen dovecot: imap-login: Aborted login (auth failed...

I can't find any information about this error apart from it seems to be associated with authentication and 2FA.

Can anyone shed some light on what might be the cause? I don't have access to the client computer.

Steve
  • 126
  • 7

1 Answers1

0

This normally happens when you change passwords and an old password is being (re-)used in a session. Authentication fails, this does not mean it has to do with 2FA or similar.

I saw this on cPanel servers when the password for the cPanel account is the same as the e-mail account and then the password of the e-mail account is changed. While you - depending on the specific server settings - might still be able to login to IMAP or POP3 with the main account's password, it is not possible to use that password to send e-mails via SMTP (e. g. to avoid SPAM-related problems). The authentication fails with a message similar or identical to the one reported.

So in the authentication module (e. g. PAM) two or more possible passwords or sources are listed, but only one is allowed in the specific case for SMTP, IMAP, POP3 etc. (depends on the configuration) and after changing the password for the e-mail user you get the message above if you try to authenticate with the old password (which might/is valid for the main account and maybe also IMAP and POP3 or FTP!).

The exact cause depends on the specific configuration, the error suddenly showing up without a change in configuration is a strong hint that a password was changed e. g. for an e-mail address and that password is still active e. g. for the main account and somebody is trying to connect with that "old" password.

Thomas Moroder
  • 1
  • 1
  • Thanks for the suggestion, can you point me to where you found this? – Steve Feb 13 '22 at 01:19
  • I have found it by my own analysis of logs. What happens is that for some services multiple password values are supplied and allowed (e. g. you might be able to log on an e-mail account using the e-mail account's password, but also the main account's password; or you might be able to log on a user account with that password, but also with the reseller or administrator password etc), but that might not be the case for SMTP. Your situation probably is that the main account's password and an e-mail password were the same in the past and the e-mail password was changed. – Thomas Moroder Feb 16 '22 at 08:16