Authentication with dovecot fails

4 trả lời
1 gặp vấn đề này
1 lượt xem
Trả lời mới nhất được viết bởi MikkoP

5 năm trước

MikkoP

03:52, 22/09/2019

I have set up Dovecot with effective configuration (with dovecot -n)

   # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
   # OS: Linux 5.2.15-200.fc30.x86_64 x86_64 Fedora release 30 (Thirty)
   # Hostname: <my hostname>
   auth_debug = yes
   auth_mechanisms = plain login
   auth_verbose = yes
   listen = 10.168.0.9,<my external IP>
   mail_location = mbox:~/mail:INBOX=/var/mail/%u
   mbox_write_locks = fcntl
   namespace inbox {
       inbox = yes
       location =
       mailbox Drafts {
           special_use = \Drafts
       }
       mailbox Junk {
           special_use = \Junk
       }
       mailbox Sent {
           special_use = \Sent
       }
       mailbox "Sent Messages" {
           special_use = \Sent
       }
       mailbox Trash {
           special_use = \Trash
       }
       prefix =
   }
   passdb {
       driver = pam
   }
   protocols = imap
   ssl_cert = </etc/letsencrypt/live/<my hostname>/cert.pem
   ssl_cipher_list = PROFILE=SYSTEM
   ssl_key = # hidden, use -P to show it
   userdb {
       args = blocking=no
       driver = passwd
   }
   verbose_ssl = yes
</pre>


I am trying to connect to this with Thunderbird 60.9.0 (and 68.1.0) but no matter whether I use port 143 or 993, the authentication does not take place. journalctl -efu dovecot.service output:


   Sep 21 21:43:58 <myhostname> dovecot[31705]: auth: Debug: auth client connected (pid=2668)
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client key exchange
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read change cipher spec
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=10.168.0.53, lip<myhostextip>, TLS, session=<OvtgaBWT5iUKqAA1>
   Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL alert: close notify



The error appears to be indicated on the second-to-last row: "no auth attempts in 0 secs." Superuser topic "Problems with connecting Thunderbird client to dovecot installed on Ubuntu" indicated a potential problem with certificate exceptions. I deleted the certificate stored in Thunderbird (Windows version) and then obtained it again under Manage Certificates and added the security exception. This did not help. In addition, the log file above implies that the certificate dialog went OK.
If I add `cram-md5` as a supported authentication mechanism, I will additionally get auth: Fatal: CRAM-MD5 mechanism can't be supported with given passdbs in the log.
What am I not seeing or what am I misunderstanding or doing wrong? How do I make it work?

I have set up Dovecot with effective configuration (with dovecot -n) # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # OS: Linux 5.2.15-200.fc30.x86_64 x86_64 Fedora release 30 (Thirty) # Hostname: <my hostname> auth_debug = yes auth_mechanisms = plain login auth_verbose = yes listen = 10.168.0.9,<my external IP> mail_location = mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks = fcntl namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap ssl_cert = </etc/letsencrypt/live/<my hostname>/cert.pem ssl_cipher_list = PROFILE=SYSTEM ssl_key = # hidden, use -P to show it userdb { args = blocking=no driver = passwd } verbose_ssl = yes I am trying to connect to this with Thunderbird 60.9.0 (and 68.1.0) but no matter whether I use port 143 or 993, the authentication does not take place. journalctl -efu dovecot.service output: Sep 21 21:43:58 <myhostname> dovecot[31705]: auth: Debug: auth client connected (pid=2668) Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write key exchange Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write server done Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read client key exchange Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read change cipher spec Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS read finished Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3/TLS write finished Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=10.168.0.53, lip<myhostextip>, TLS, session=<OvtgaBWT5iUKqAA1> Sep 21 21:43:58 <myhostname> dovecot[31705]: imap-login: Debug: SSL alert: close notify The error appears to be indicated on the second-to-last row: "no auth attempts in 0 secs." Superuser topic "Problems with connecting Thunderbird client to dovecot installed on Ubuntu" indicated a potential problem with certificate exceptions. I deleted the certificate stored in Thunderbird (Windows version) and then obtained it again under Manage Certificates and added the security exception. This did not help. In addition, the log file above implies that the certificate dialog went OK. If I add `cram-md5` as a supported authentication mechanism, I will additionally get auth: Fatal: CRAM-MD5 mechanism can't be supported with given passdbs in the log. What am I not seeing or what am I misunderstanding or doing wrong? How do I make it work?

Được chỉnh sửa bởi MikkoP vào 19:45:40 PDT 22 tháng 9, 2019

Answer 1 · 2019-09-22 03:52:27

Matt

Moderator
Top 10 Contributor

11:36, 22/09/2019

that log is so dense as to be impenetrable. Is your SSL using a self signed certificate? Thunderbird does not accept them.

Answer 2 · 2019-09-22 03:52:27

MikkoP Người tạo câu hỏi

13:03, 22/09/2019

I have added double paragraph breaks to make the log more legible.

The server is using a Letsencrypt certificate, which is readily accepted by Firefox (and also Thunderbird; click Manage Certificates, Add Exception, Get Certificate says that the certificate is already valid).

Answer 3 · 2019-09-22 03:52:27

Matt

Moderator
Top 10 Contributor

13:19, 22/09/2019

Perhaps try logging the Thunderbird side and see what Thunderbird thinks is happening.

https://wiki.mozilla.org/MailNews:Logging

Answer 4 · 2019-09-22 03:52:27

MikkoP Người tạo câu hỏi

19:40, 22/09/2019

Thank you for the instructions on generating the log file. Curiously enough, the log file does get generated and it contains entries related to existing e-mail accounts that work perfectly and absolutely NOTHING (not a single line) related to the attempt to create the account that would connect to the Dovecot server.

EDIT: I set the options IMAP:5,timestamp.

EDIT 2: Connection with Galaxy S8's stock e-mail client works.

Được chỉnh sửa bởi MikkoP vào 19:45:40 PDT 22 tháng 9, 2019

Tìm kiếm hỗ trợ

Authentication with dovecot fails

Tất cả các câu trả lời (4)

Khám phá theo sản phẩm

Khám phá theo chủ đề

Duyệt theo sản phẩm

Duyệt tất cả các chủ đề của diễn đàn theo chủ đề

Nhận trợ giúp với

Tìm kiếm hỗ trợ

Authentication with dovecot fails

Tất cả các câu trả lời (4)