debian, exim4, dovecot can't authenticate users on server

Question

I've been configuring my new server for mail.

Everything seems to be going smoothly, but I can't get any users to log in (with or without using SSL)

So I can telnet to the server from the local host

telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
a login "myName@myHost.biz" "plainPasswd"
a NO [AUTHENTICATIONFAILED] Authentication failed

the dovecot log doesn't tell me very much (I've got all the logging things set to 'yes' in the config...

2014-08-14 15:33:04 imap-login: Info: Aborted login (auth failed, 1 attempts):     user=<myName@myHost.biz>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
2014-08-14 15:36:36 dovecot: Info: This is Dovecot's info log
2014-08-14 15:36:36 dovecot: Warning: This is Dovecot's warning log
2014-08-14 15:36:36 dovecot: Error: This is Dovecot's error log
2014-08-14 15:36:36 dovecot: Fatal: This is Dovecot's fatal log

just for good measure here is my config

log_path: /var/log/dovecot.log
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap imaps pop3 pop3s
ssl_listen(default): *:10943
ssl_listen(imap): *:10943
ssl_listen(pop3): 
ssl: no
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
verbose_proctitle: yes
mail_privileged_group: mail
mail_location: maildir:/var/mail/virtual/%d/%n/ :LAYOUT=fs
mail_debug: yes
mbox_write_locks: fcntl dotlock
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
auth default:
  mechanisms: plain login cram-md5
  passdb:
    driver: passwd-file
    args: scheme=plain username_format=%n /etc/dovecot/conf.d/usr_pwd
  userdb:
    driver: passwd-file
    args: username_format=%n /etc/dovecot/conf.d/usr_pwd

and just to prove that the file usr_pwd contains the require info...

sudo more /etc/dovecot/conf.d/usr_pwd
# this file is the password file for dovecot login authentications
# it is a simple username : password pair file, note that the usernames must be
# complete ~ ie use the full [username@domain.com] type form

myName@myHost.biz:{PLAIN}plainPasswd

from what I can understand everything is set correctly, but when I attempt to telnet in (or connect with openSSL ~ when it's enabled) I consistently fail to login. Also I note that the log allways mentions that the {method=plain} ~ even when I move over to SSL, and dissable plain text authorisation.

I'm sure I'm missing something very simple ~ I've tried a reboot on the server... just in case... but no change...?

I'm using the multi file config of exim4 and the config for dovecot is split into about 4 files inside {/etc/dovecot/conf.d/....}. Is the name of the passwd file specific ? ie should I have not changed it ? thanks for any help you can offer, I've been pulling my hair out over this for nearly 3 days now, I've followed many tuturials, and they all seem to suggest the same thing, I'm always able to connect via telnet (and via openSSL when I have SSL=yes) so the server is definately listening on the required ports.

thanks in advance.

David

Answer 1

I don't like putting my own solution to a problem... but this is now as much for me as everyone else!

In brief: the solution was to get a copy of updated version of dovecot.

Reason: the doveadm utility is not available on the v1.*** versions. The config is split into multiple files (easier admin). and the majority of the help I found on various sites (stack overflow sites mainly) all seem to be working with the version 2.

@todd lyons : Thanks for your pointer to swaks - cool tool. although I managed to get sending out working almost instantly I had a bit of a fight with authentication!

Pointers for others: When creating password use the following

doveadm pw -p[newPassword] -s[hashing scheme] -u[username]

why Initially I used doveadm with just -pw, it requests for a password (twice) then outputs the has, which you need to copy into your password / userdb file or database.

It seemed that when I copied it to the file I was 'thick fingering' the password and kept getting refused connections due to passwords not matching ! yes I have lost hair and sleep because of this.

so very briefly, here are the steps I took.

• Download the deb files for the newest version of dovecot (because the wheezy-backports refused to work!): I needed both dovecot-common (download, install and configure first), and then dovecot-imap.
• mess around with the config for using your preferred location for users mail.
• ensure exim is working with your dovecot

pages I found most usefull: Dovecot : the http://wiki2.dovecot.org/Tools/ page for all the other clever stuff you can do with doveadm etc. Stackoverflow : WOW the guys on here a so great. maybe one day I'll be able to help other out as much as you guys have helped me. If I could I would plus one everyone on all the sites! Debian-administration : not an official part of the debian project, but great set of howto and stuff.

For now that is about it.

Just need to add in my other domains and users into exim / dovecot (crossed fingers it doesn't break!).

Hope that what I have written above it useful for someone else.

David.