1. Forum
  2. Usenet
  3. LINUX.GENTOO.USER

  • [gentoo-user] Dovecot config

    From antlists@21:1/5 to All on Mon Sep 27 23:50:02 2021
    I'm trying to configure dovecot to give me a mix of virtual and real
    users. It's working fine for my real id.

    But it's not working for my antlists virtual id :-(

    I know it's the authentication messing up, but I don't know what or how
    to fix it - I don't use anything more complicated than /etc/passwd, and
    it looks like it's desperate to use pam.auth and getting itself all in a
    twist.

    If I create the dovecot passwd file with

    antlists:{PLAIN}password

    thunderbird complains that there's a problem with the server.

    But if I use htpasswd to create the entry in the passwd file, it complains pam_faillock(imap:auth): User unknown

    So as a complete guess, I'm thinking maybe htpasswd and dovecot are
    using different encryptions? I just don't have a clue how to get them on
    the same page ...

    Cheers,
    Wol

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From antlists@21:1/5 to antlists on Tue Sep 28 23:50:01 2021
    On 27/09/2021 22:46, antlists wrote:
    I'm trying to configure dovecot to give me a mix of virtual and real
    users. It's working fine for my real id.

    But it's not working for my antlists virtual id :-(

    Is nobody else using virtual addresses for dovecot?

    I know it's the authentication messing up,  but I don't know what or how
    to fix it - I don't use anything more complicated than /etc/passwd,  and
    it looks like it's desperate to use pam.auth and getting itself all in a twist.

    If I create the dovecot passwd file with

    antlists:{PLAIN}password

    thunderbird complains that there's a problem with the server.

    But if I use htpasswd to create the entry in the passwd file, it complains pam_faillock(imap:auth): User unknown

    I've been trying a bunch of stuff, and it boils down to "how the hell do
    I get the password to match?"

    If I have the line

    antlists:password

    it rejects my attempt to connect with "login failed", and systemctl says "password mismatch". But if I try to put an encrypted password in there,
    the attempt to connect fails with "server disconnected".

    So basically, how on earth am I supposed to get dovecot to either accept
    the password I give it, or let me set the password!

    (Of course, I could just give up and create a real user, but I was
    hoping to avoid that!)

    Cheers,
    Wol

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Nils Freydank@21:1/5 to All on Wed Sep 29 13:10:02 2021
    Hi Wol,

    my credentials for dovecot have the following syntax, i.e. four additional colons after the password:
    '<user name>:<type of the password><password itself>::::'
    I use only virtual users, so I can't tell if mixing works, too.

    For the dovecot setup I can recommend this guide: https://prefetch.eu/blog/2020/email-server/#mda-dovecot

    Two general remarks:
    1st, be more patient. This is a mailing list, not a support chat.
    2nd, I _strongly_ recommend to use some kind of hashing instead of plain passwords. I use '{ARGON2ID}' and generate the hashes by running
    'doveadm pw -s ARGON2I'
    which asks for the plain text password on stdin.

    Kind regards,
    Nils

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From antlists@21:1/5 to Nils Freydank on Wed Sep 29 23:20:02 2021
    On 29/09/2021 12:06, Nils Freydank wrote:
    Hi Wol,

    my credentials for dovecot have the following syntax, i.e. four additional colons after the password:
    '<user name>:<type of the password><password itself>::::'
    I use only virtual users, so I can't tell if mixing works, too.

    For the dovecot setup I can recommend this guide: https://prefetch.eu/blog/2020/email-server/#mda-dovecot

    Looks quite a good guide ...

    Two general remarks:
    1st, be more patient. This is a mailing list, not a support chat.

    I know :-) but I thought 24hrs would lead to at least one bite ... :-)

    2nd, I _strongly_ recommend to use some kind of hashing instead of plain passwords. I use '{ARGON2ID}' and generate the hashes by running
    'doveadm pw -s ARGON2I'
    which asks for the plain text password on stdin.

    Yup. But it's a home server and security is pretty lax anyway...
    And having problems full stop I thought I'd try and get it working
    before worrying about hashing - I've already tried hashing with exactly
    the same results ...


    These are the logs reported by systemctl ...

    Sep 29 22:01:11 thewolery dovecot[1328]: auth-worker(4883): conn unix:auth-worker (pid=4881,uid=76): auth-worker<1>: passwd(antlists,192.168.1.65,<0zFJoSjNUfnAqAFB>): unknown user
    Sep 29 22:01:11 thewolery dovecot[1328]: auth: Error: passwd(antlists,192.168.1.65,<0zFJoSjNUfnAqAFB>): user not found from userdb Sep 29 22:01:11 thewolery dovecot[1328]: imap: Error: auth-master:
    login: request [2101346305]: Login auth request failed: Authenticated
    user not found from userdb, auth lookup id=2101346305 (auth connect>
    Sep 29 22:01:11 thewolery dovecot[1328]: imap-login: Internal login
    failure (pid=4880 id=1): user=<antlists>, method=PLAIN,
    rip=192.168.1.65, lip=192.168.1.218, mpid=4882, TLS,
    session=<0zFJoSjNUfnAqAFB>
    Sep 29 22:01:11 thewolery dovecot[1328]: auth-worker(4883): conn unix:auth-worker (pid=4881,uid=76): auth-worker<2>: passwd(antlists,192.168.1.65,<3ddJoSjNUvnAqAFB>): unknown user
    Sep 29 22:01:11 thewolery dovecot[1328]: auth: Error: passwd(antlists,192.168.1.65,<3ddJoSjNUvnAqAFB>): user not found from userdb Sep 29 22:01:11 thewolery dovecot[1328]: imap: Error: auth-master:
    login: request [2807693313]: Login auth request failed: Authenticated
    user not found from userdb, auth lookup id=2807693313 (auth connect>
    Sep 29 22:01:11 thewolery dovecot[1328]: imap-login: Internal login
    failure (pid=4884 id=1): user=<antlists>, method=PLAIN,
    rip=192.168.1.65, lip=192.168.1.218, mpid=4885, TLS,
    session=<3ddJoSjNUvnAqAFB>

    and from dovecot.conf

    # authentication configuration:
    auth_verbose = yes
    auth_mechanisms = plain
    passdb {
    driver = passwd-file
    args = /etc/dovecot/passwd
    }

    userdb {
    driver = passwd-file
    args = username_format=%n /etc/dovecot/passwd
    override_fields = uid=vmail gid=vmail home=/home/vmail/%n
    }

    Cheers,
    Wol

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From antlists@21:1/5 to antlists on Fri Oct 1 22:50:02 2021
    On 29/09/2021 22:15, antlists wrote:
    On 29/09/2021 12:06, Nils Freydank wrote:
    Hi Wol,

    my credentials for dovecot have the following syntax, i.e. four
    additional
    colons after the password:
    '<user name>:<type of the password><password itself>::::'
    I use only virtual users, so I can't tell if mixing works, too.

    For the dovecot setup I can recommend this guide:
    https://prefetch.eu/blog/2020/email-server/#mda-dovecot

    Looks quite a good guide ...

    Don't know quite how, but having followed the guide, and cursed becasue
    it wasn't working, it suddenly started working.

    I'm guessing a reboot suddenly fixed the the mess of multiple attempts
    to get it to behave ...

    Cheers,
    Wol

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)