X
Bakstelėkite čia, kad pereitumėte į mobiliąją šios svetainės versiją.

Pagalbos forumas

Authentication with dovecot fails

Paskelbta

I have set up Dovecot with effective configuration (with dovecot -n)


   # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
   # OS: Linux 5.2.15-200.fc30.x86_64 x86_64 Fedora release 30 (Thirty)
   # Hostname: <my hostname>
   auth_debug = yes
   auth_mechanisms = plain login
   auth_verbose = yes
   listen = 10.168.0.9,<my external IP>
   mail_location = mbox:~/mail:INBOX=/var/mail/%u
   mbox_write_locks = fcntl
   namespace inbox {
       inbox = yes
       location =
       mailbox Drafts {
           special_use = \Drafts
       }
       mailbox Junk {
           special_use = \Junk
       }
       mailbox Sent {
           special_use = \Sent
       }
       mailbox "Sent Messages" {
           special_use = \Sent
       }
       mailbox Trash {
           special_use = \Trash
       }
       prefix =
   }
   passdb {
       driver = pam
   }
   protocols = imap
   ssl_cert = 


I am trying to connect to this with Thunderbird 60.9.0 (and 68.1.0) but no matter whether I use port 143 or 993, the authentication does not take place. journalctl -efu dovecot.service output:


   Sep 21 21:43:58 <myhostname> dovecot[31705]: auth: Debug: auth client connected (pid=2668)
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client key exchange
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read change cipher spec
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=10.168.0.53, lip<myhostextip>, TLS, session=<OvtgaBWT5iUKqAA1>
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL alert: close notify


The error appears to be indicated on the second-to-last row: "no auth attempts in 0 secs." Superuser topic "Problems with connecting Thunderbird client to dovecot installed on Ubuntu" indicated a potential problem with certificate exceptions. I deleted the certificate stored in Thunderbird (Windows version) and then obtained it again under Manage Certificates and added the security exception. This did not help. In addition, the log file above implies that the certificate dialog went OK.

If I add `cram-md5` as a supported authentication mechanism, I will additionally get auth: Fatal: CRAM-MD5 mechanism can't be supported with given passdbs in the log.

What am I not seeing or what am I misunderstanding or doing wrong? How do I make it work?

I have set up Dovecot with effective configuration (with dovecot -n) # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # OS: Linux 5.2.15-200.fc30.x86_64 x86_64 Fedora release 30 (Thirty) # Hostname: <my hostname> auth_debug = yes auth_mechanisms = plain login auth_verbose = yes listen = 10.168.0.9,<my external IP> mail_location = mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap ssl_cert = </etc/letsencrypt/live/<my hostname>/cert.pem ssl_cipher_list = PROFILE=SYSTEM ssl_key = # hidden, use -P to show it userdb { args = blocking=no driver = passwd } verbose_ssl = yes I am trying to connect to this with Thunderbird 60.9.0 (and 68.1.0) but no matter whether I use port 143 or 993, the authentication does not take place. journalctl -efu dovecot.service output: Sep 21 21:43:58 <myhostname> dovecot[31705]: auth: Debug: auth client connected (pid=2668) Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client key exchange Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read change cipher spec Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=10.168.0.53, lip<myhostextip>, TLS, session=<OvtgaBWT5iUKqAA1> Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL alert: close notify The error appears to be indicated on the second-to-last row: "no auth attempts in 0 secs." Superuser topic "Problems with connecting Thunderbird client to dovecot installed on Ubuntu" indicated a potential problem with certificate exceptions. I deleted the certificate stored in Thunderbird (Windows version) and then obtained it again under Manage Certificates and added the security exception. This did not help. In addition, the log file above implies that the certificate dialog went OK. If I add `cram-md5` as a supported authentication mechanism, I will additionally get auth: Fatal: CRAM-MD5 mechanism can't be supported with given passdbs in the log. What am I not seeing or what am I misunderstanding or doing wrong? How do I make it work?

Modified by MikkoP

Citata

Papildomi duomenys apie sistemą

Application

  • User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

More Information

Matt
  • Top 10 Contributor
  • Moderator
Sprendimų: 3251 Atsakymų: 22414

that log is so dense as to be impenetrable. Is your SSL using a self signed certificate? Thunderbird does not accept them.

that log is so dense as to be impenetrable. Is your SSL using a self signed certificate? Thunderbird does not accept them.
Was this helpful to you? 0
Citata

Klausimą uždavęs asmuo

I have added double paragraph breaks to make the log more legible.

The server is using a Letsencrypt certificate, which is readily accepted by Firefox (and also Thunderbird; click Manage Certificates, Add Exception, Get Certificate says that the certificate is already valid).

I have added double paragraph breaks to make the log more legible. The server is using a Letsencrypt certificate, which is readily accepted by Firefox (and also Thunderbird; click Manage Certificates, Add Exception, Get Certificate says that the certificate is already valid).
Was this helpful to you?
Citata
Matt
  • Top 10 Contributor
  • Moderator
Sprendimų: 3251 Atsakymų: 22414

Perhaps try logging the Thunderbird side and see what Thunderbird thinks is happening.

https://wiki.mozilla.org/MailNews:Logging

Perhaps try logging the Thunderbird side and see what Thunderbird thinks is happening. https://wiki.mozilla.org/MailNews:Logging
Was this helpful to you? 0
Citata

Klausimą uždavęs asmuo

Thank you for the instructions on generating the log file. Curiously enough, the log file does get generated and it contains entries related to existing e-mail accounts that work perfectly and absolutely NOTHING (not a single line) related to the attempt to create the account that would connect to the Dovecot server.

EDIT: I set the options IMAP:5,timestamp.

EDIT 2: Connection with Galaxy S8's stock e-mail client works.

Thank you for the instructions on generating the log file. Curiously enough, the log file does get generated and it contains entries related to existing e-mail accounts that work perfectly and absolutely NOTHING (not a single line) related to the attempt to create the account that would connect to the Dovecot server. EDIT: I set the options IMAP:5,timestamp. EDIT 2: Connection with Galaxy S8's stock e-mail client works.

Modified by MikkoP

Was this helpful to you?
Citata
Užduoti klausimą

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.