Authentication with dovecot fails
I have set up Dovecot with effective configuration (with dovecot -n)
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # OS: Linux 5.2.15-200.fc30.x86_64 x86_64 Fedora release 30 (Thirty) # Hostname: <my hostname> auth_debug = yes auth_mechanisms = plain login auth_verbose = yes listen = 10.168.0.9,<my external IP> mail_location = mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap ssl_cert = </etc/letsencrypt/live/<my hostname>/cert.pem ssl_cipher_list = PROFILE=SYSTEM ssl_key = # hidden, use -P to show it userdb { args = blocking=no driver = passwd } verbose_ssl = yes </pre>
I am trying to connect to this with Thunderbird 60.9.0 (and 68.1.0) but no matter whether I use port 143 or 993, the authentication does not take place. journalctl -efu dovecot.service output:
Sep 21 21:43:58 <myhostname> dovecot[31705]: auth: Debug: auth client connected (pid=2668) Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client key exchange Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read change cipher spec Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=10.168.0.53, lip<myhostextip>, TLS, session=<OvtgaBWT5iUKqAA1> Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL alert: close notify
The error appears to be indicated on the second-to-last row: "no auth attempts in 0 secs." Superuser topic "Problems with connecting Thunderbird client to dovecot installed on Ubuntu" indicated a potential problem with certificate exceptions. I deleted the certificate stored in Thunderbird (Windows version) and then obtained it again under Manage Certificates and added the security exception. This did not help. In addition, the log file above implies that the certificate dialog went OK.If I add `cram-md5` as a supported authentication mechanism, I will additionally get auth: Fatal: CRAM-MD5 mechanism can't be supported with given passdbs in the log.
What am I not seeing or what am I misunderstanding or doing wrong? How do I make it work?
Modified
All Replies (4)
that log is so dense as to be impenetrable. Is your SSL using a self signed certificate? Thunderbird does not accept them.
I have added double paragraph breaks to make the log more legible.
The server is using a Letsencrypt certificate, which is readily accepted by Firefox (and also Thunderbird; click Manage Certificates, Add Exception, Get Certificate says that the certificate is already valid).
Perhaps try logging the Thunderbird side and see what Thunderbird thinks is happening.
Thank you for the instructions on generating the log file. Curiously enough, the log file does get generated and it contains entries related to existing e-mail accounts that work perfectly and absolutely NOTHING (not a single line) related to the attempt to create the account that would connect to the Dovecot server.
EDIT: I set the options IMAP:5,timestamp.
EDIT 2: Connection with Galaxy S8's stock e-mail client works.
Modified