3

We have just migrated our email to a new server but the new system is not recognising client log in attempts, in the mail log the message 'Disconnected (no auth attempts in 0 secs): user=<>' is displayed.

This problem is almost undoubtedly because one or more configuration files have not been copied over or configured properly or perhaps because an authentication system has not been installed. Only problem is, which one?

The system is basic postfix + dovecot. The configuration files that have been copied over are all those from /etc/postfix and /etc/dovecot.

During the server set-up dovecot and postfix were installed using yum.

The server is Fedora 19 on a Rackspace server, the only other apps installed were MySQL and Apache.

Postfix and Dovecot both start without any error messages being shown.

dovecot -n


# 2.2.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.4-201.fc19.x86_64 x86_64 Fedora release 19 (Schrödinger’s Cat) 
auth_mechanisms = cram-md5 plain
auth_verbose = yes
disable_plaintext_auth = no
mbox_write_locks = fcntl
namespace inbox {
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = scheme=cram-md5 /etc/cram-md5.pwd
  driver = passwd-file
}
passdb {
  driver = pam
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  args = uid=vmail gid=vmail home=/var/spool/vhosts/%d/%n /etc/dovecot/userdb
  driver = static
}
userdb {
  driver = passwd
}

A line like the following is added to the log about once per second:


dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=1.2.3.4, lip=9.A.B.C, TLS handshaking: Disconnected, session=

Three sets of lines like following are added approximately every 3 minutes:


dovecot: imap-login: Login: user=<username@example.com>, method=CRAM-MD5, rip=1.1.1.1, lip=2.2.2.2, mpid=17131, session=<BS5K3XPrqAC8HJXQ>
gp8 dovecot: imap(username@example.com): Error: user username@example.com: Initialization failed: Namespace '': Mail storage autodetection failed with home=/var/spool/vhosts/example.com/username
gp8 dovecot: imap(username@example.com): Error: Invalid user settings. Refer to server log for more information.

For what it is worth it appears as if incoming mail is being delivered to the maildir correctly.

I have accepted an answer from MadHatter for this issue, it turned out to be (a lot of) missing dovecot config files. Although the accepted answer did not point this out exactly it certainly made me double check what had been copied over.

I now have one more issue with dovecot but will ask another question to cover it.

84104
  • 12,905
  • 6
  • 45
  • 76
blankabout
  • 1,014
  • 1
  • 9
  • 16
  • 1
    It would be great if you add output of the postconf -n and dovecot -n to the question – ALex_hha Nov 18 '13 at 06:50
  • 1
    Dovecot and postfix are completely different subsystems doing completely different tasks (one does IMAP and POP, the other SMTP). **Which service can people not authenticate to**; dovecot or postfix? – MadHatter Nov 18 '13 at 07:56
  • @Alex_hha I have added the output from postconf -n and dovecot -n. – blankabout Nov 18 '13 at 08:02
  • @MadHatter, it is dovecot, I have added an example line from the mail log – blankabout Nov 18 '13 at 08:03
  • 1
    I note the log message about TLS handshaking; are the clients set up to use TLS, or SSL (IMAPS)? – MadHatter Nov 18 '13 at 09:17
  • @MadHatter, The server supports several domains and some clients use SSL and some do not. – blankabout Nov 18 '13 at 12:04
  • Thaks, but that completely ignores my question. Those that are not plaintext, are they set up to use TLS, or SSL (ie, which - they are NOT the same)? – MadHatter Nov 18 '13 at 12:36
  • @MadHatter, the IMAP account I am concentrating on a the moment does not use SSL. – blankabout Nov 18 '13 at 12:59

1 Answers1

3

Following on from our comments above, the problem seems to be SSL/TLS-related. You tell me that the client having problem isn't configured to use either SSL or TLS, but in the dovecot -n output in your question, the line

ssl = required

appears. I suspect that when the client connects on the plaintext service (port 143), the daemon, being configured to require encryption, promptly tries to engage TLS. Since the client's not configured for that, it ignores the attempt to uprate security, leading to the server getting frustrated and dropping the connection with the log error

TLS handshaking: Disconnected
MadHatter
  • 79,770
  • 20
  • 184
  • 232
  • This seemed odd because the clients were working fine so I did some more digging around and found that the configuration files in /etc/dovecot/conf.d had not been copied over. This has now been done and dovecot restarted. 'ssl = required' is no longer the case but the same line is appearing in the mail log. – blankabout Nov 18 '13 at 13:31
  • Congratulations, you've now invalidated the whole question. If I were you, I'd go back and edit the question with new, up-to-date values for the config dumps replacing the old stuff (you can leave out the postfix stuff, it's irrelevant to a dovecot problem), and an up-to-date log of a client failing to connect. – MadHatter Nov 18 '13 at 13:34
  • Question has been updated. – blankabout Nov 18 '13 at 14:00
  • As I have added to the question, your input has helped to resolve this issue so I have accepted your answer. Thanks for your help. – blankabout Nov 18 '13 at 15:46