A lot of "missing passwd_alt file", also on non-suspended accounts. What is this?

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
14,737
Location
Maastricht
I've seen massive of these lines in my /var/log/maillog file, like this:
Code: 
Sep 21 19:13:55 server26 dovecot[2301724]: auth([email protected],185.xxx.xxx.xxx,sasl:plain)<VzJy01I/xoC5nOmi>: da_alternate: missing passwd file: /etc/virtual/domain.nl/passwd_alt
these passwd_alt files do not exist anywhere on the server.

I see these lines with accounts which are suspended and accounts which are not suspended.

And I can't find an explanation on the forum about this or how to fix this.
FYI: One click login to Roundcube is -not- enabled.
 
Hello,

Whether or not the one-click for RoundCube is enabled on a server, you can still find the following file /etc/dovecot/conf/alternate_passwd.conf for Dovecot with the following content:

Code: 
#VERSION=0.1
passdb da_alternate {
  passdb_username_filter = *@*
  passwd_file_path=/etc/virtual/%{user | domain}/passwd_alt
  passdb_default_password_scheme=CRYPT
  auth_username_format=%{user | username}
  passdb_driver = passwd-file
}

which is the reason of those warning in mail logs.
 
zEitEr said:
which is the reason of those warning in mail logs.
Click to expand...
Yes. I've also read in the docs or changelog that even if they exist, they will be automatically removed after a certain amount of time.
It's just irritating it generates so many errors in the log, gives the impression something is wrong.

So I wonder if no change can be made that if not required no error will be given when not present. So the prevent invalid errors in fact.
 
Hi guys I have the same lines in the log and 1 client with issues with imap login since upgrading to Dovecot 2.4

Mailaccount is configured in Outlook and works, but after a certain amount of time the IP-addresses of the client got blocked due multiple failed logins. But the password is always correct inserted at the Outlook client (which I multiple times have checked at the Outook of the client with Teamviewer and is correct filled in).

I've already changed the password multiple times at the account in DirectAdmin (so the password file should be updated and correct).

Any hints for a solution on this?
 
stefantriep said:
But after a certain amount of time the IP-addresses of the client got blocked due multiple failed logins.
Click to expand...
Yeah I had a customer stating that too. Did you verify this in the /var/log/maillog file? Because as said, I had a customer stating that too and then I discovered another local ip was trying to log in too. You can see the local ip's too in the log.
So then I could ask him about other devices like a tablet of phone because I could see another ip. And then a day later he apologized. He had changed his password, but forgot to change it on a phone which was not used anymore but got fully loaded again to re-use at a later point for his wife. And then phone kept trying to login, causing the firewall blocks.

I'm almost 100% sure something like that must be the case as the Dovecot change does not suddenly changes passwords after some time.
And even if the client is blocked, you should be able to login to webmail with that same password. If yes, you can be sure it's a client side issue.
Have them doublecheck their phones and tables and maybe..... ip camera's or routers or other devices which might authenticate to send mail.
 
Richard G said:
Yeah I had a customer stating that too. Did you verify this in the /var/log/maillog file? Because as said, I had a customer stating that too and then I discovered another local ip was trying to log in too. You can see the local ip's too in the log.
So then I could ask him about other devices like a tablet of phone because I could see another ip. And then a day later he apologized. He had changed his password, but forgot to change it on a phone which was not used anymore but got fully loaded again to re-use at a later point for his wife. And then phone kept trying to login, causing the firewall blocks.

I'm almost 100% sure something like that must be the case as the Dovecot change does not suddenly changes passwords after some time.
And even if the client is blocked, you should be able to login to webmail with that same password. If yes, you can be sure it's a client side issue.
Have them doublecheck their phones and tables and maybe..... ip camera's or routers or other devices which might authenticate to send mail.
Click to expand...

I've already checked your suggestions, the client has IPv6 and I see the exact IPv6 of the computer (checked at the wifi adapter) that cause issues.
Thanks anyway, I need to look at the device of the client, not at dovecot. This brings me a bit further in this case
 
I just remembered something which might com in handy, but it's insecure so only use it to check what is happening.
There is a trick to have Dovecot log the passwords used. You need to set this in the dovecot.conf file:
auth_debug_passwords = yes
auth_debug = yes
and ofcourse restart Dovecot.

If I'm correct this should work with Dovecot 2.4 too, but as said, insecure because it will log passwords.
However, with this trick you might be able to see what is happening, and if the password is malformed someway after a certain time, maybe that brings you further as to where to look at the client's pc.
 
You must log in or register to reply here.
Back
Top