Dovecot - Password control problem

[vincentthe]

Hello,

On a fresh install of Directadmin running Dovecot for e-mail I'm running into the following scenario: Mail users just can't login. The password is always rejected, even after resetting passwords, making new accounts it just doesn't work. Does anyone have any suggestions on how I should resolve this?

Thanks in advance.

 

[smtalk]

Try to login, and then post an output of:

cat /var/log/mail.log

 

[vincentthe]

/var/log/mail.log is completely empty.

in /var/log/mail.err there is something:

Aug 16 11:58:49 ds2 dovecot[3941]: Logins with UID 0 not permitted (user [email protected])
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User kmthe is missing userdb info
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User verkoop is missing userdb info
Aug 16 11:59:39 ds2 dovecot[3941]: Logins with UID 0 not permitted (user [email protected])
Aug 16 11:59:47 ds2 last message repeated 12 times
Aug 16 12:01:04 ds2 last message repeated 6 times

in /var/log/mail.info (partially the same info)

Aug 16 11:58:49 ds2 dovecot[3941]: auth(default): shadow([email protected],130.89.6.128): unknown user
Aug 16 11:58:49 ds2 dovecot[3941]: Logins with UID 0 not permitted (user [email protected])
Aug 16 11:58:49 ds2 dovecot[3941]: auth(default): passwd([email protected],130.89.6.128): unknown user
Aug 16 11:58:49 ds2 dovecot[3941]: pop3-login: Internal login failure: user=<[email protected]>, method=PLAIN, rip=130.89.6.128, lip=85.92.139.37
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): shadow([email protected],130.89.6.128): unknown user
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User kmthe is missing userdb info
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User verkoop is missing userdb info
Aug 16 11:59:39 ds2 dovecot[3941]: Logins with UID 0 not permitted (user [email protected])
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd([email protected],130.89.6.128): unknown user
Aug 16 11:59:39 ds2 dovecot[3941]: pop3-login: Internal login failure: user=<[email protected]>, method=PLAIN, rip=130.89.6.128, lip=85.92.139.37
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): shadow([email protected],130.89.6.128): unknown user
Aug 16 11:59:39 ds2 dovecot[3941]: Logins with UID 0 not permitted (user [email protected])
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd([email protected],130.89.6.128): unknown user
Aug 16 11:59:39 ds2 dovecot[3941]: pop3-login: Internal login failure: user=<[email protected]>, method=PLAIN, rip=130.89.6.128, lip=85.92.139.37
Aug 16 11:59:41 ds2 dovecot[3941]: auth(default): shadow([email protected],130.89.6.128): unknown user
Aug 16 11:59:41 ds2 dovecot[3941]: Logins with UID 0 not permitted (user [email protected])
Aug 16 11:59:41 ds2 dovecot[3941]: auth(default): passwd([email protected],130.89.6.128): unknown user
Aug 16 11:59:41 ds2 dovecot[3941]: pop3-login: Internal login failure: user=<[email protected]>, method=PLAIN, rip=130.89.6.128, lip=85.92.139.37

 

[smtalk]

Now it's not 11:59 Did you try to login, or just looking for earlier info? If you try to login - data should be stored in /var/log/mail.log on Debian systems.

P.S. the problem is here:

Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User kmthe is missing userdb info
Aug 16 11:59:39 ds2 dovecot[3941]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User verkoop is missing userdb info
Aug 16 11:59:39 ds2 dovecot[3941]: Logins with UID 0 not permitted (user [email protected])

It seems that DirectAdmin doesn't have dovecot=1 in /usr/local/directadmin/directadmin.conf or isn't restarted after the change.

 

[vincentthe]

That was old info, but nothing changed really.

Aug 16 12:48:45 ds2 dovecot[8258]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User kmthe is missing userdb info
Aug 16 12:48:45 ds2 dovecot[8258]: auth(default): passwd-file /etc/virtual/kassa-tv.nl/passwd: User verkoop is missing userdb info
Aug 16 12:48:49 ds2 dovecot[8258]: Logins with UID 0 not permitted (user [email protected])

Manually entered "dovecot=1" in /usr/local/directadmin/conf/directadmin.conf and restarted dovecot after that. No changes...

 

[vincentthe]

Well, after reinstalling (taking the howto convert to dovecot tutorial again) it seems to work.

 

[nobaloney]

Manually entered "dovecot=1" in /usr/local/directadmin/conf/directadmin.conf and restarted dovecot after that. No changes...

Should have restarted directadmin daemon.

Jeff

 

[smtalk]

Yes, customapache doesn't restart DirectAdmin during "todovecot" conversation and other changes to directadmin.conf file, so you need to restart DirectAdmin every time (when changes to the directadmin.conf file are made). Only custombuild restarts DirectAdmin after every change in the directadmin.conf file.

 

[pcwitchdoctor]

I'm having the exact same problem and I have restarted Direct Admin but that hasn't helped.

This is a brand new server I've just taken delivery of.

"dovecot=1" is in /usr/local/directadmin/conf/directadmin.conf and I have restarted Direct Admin.

I have also tried the suggestions in this post:
http://www.directadmin.com/forum/showthread.php?t=24031&highlight=internal+login+failure

and this post:
http://directadmin.com/forum/showthread.php?t=30150&highlight=missing+UID

neither of which has helped.

From my maillog file:

Jun 20 04:35:39 nostromo dovecot[18198]: auth(default): passwd([email protected],123.243.220.168): unknown user
Jun 20 04:35:39 nostromo dovecot[18198]: User [email protected] is missing UID (see mail_uid setting)
Jun 20 04:35:39 nostromo dovecot[18198]: pop3-login: Internal login failure (auth failed, 1 attempts): user=<[email protected]>, method=PLAIN, rip=123.243.220.168, lip=67.148.94.78
Jun 20 04:35:39 nostromo dovecot[18198]: auth(default): shadow([email protected],123.243.220.168): unknown user
Jun 20 04:35:39 nostromo dovecot[18198]: auth(default): passwd-file /etc/virtual/pcwitchdoctor.com/passwd: User mark is missing userdb info

My DirectAdmin conf:

#panel config file
port=2222
numservers=5
timeout=60
session_minutes=60
maxfilesize=10485760
servername=nostromo.pcwitchdoctor.com
ns1=ns1.pcwitchdoctor.com
ns2=ns2.pcwitchdoctor.com

#many directories use ./ local path because of chroot.
serverpath=/usr/local/directadmin
admindir=./data/admin
logdir=/var/log/directadmin
logger=/usr/local/directadmin/logger
loghostname=0
docsroot=./data/skins/enhanced
demodocsroot=./data/skins/enhanced
skinsdir=./data/skins
userdata=./data/users
ticketsdir=/usr/local/directadmin/data/tickets
license=/usr/local/directadmin/conf/license.key
templates=/usr/local/directadmin/data/templates

taskqueue=/usr/local/directadmin/data/task.queue

apachelogdir=/var/log/httpd/domains
apacheconf=/etc/httpd/conf/extra/directadmin-vhosts.conf
apacheips=/etc/httpd/conf/ips.conf
apachemimetypes=/etc/mime.types
apachecert=/etc/httpd/conf/ssl.crt/server.crt
apachekey=/etc/httpd/conf/ssl.key/server.key
apache_public_html=0

owsadm=/usr/local/frontpage/version5.0/bin/owsadm.exe

sshdconfig=/etc/ssh/sshd_config

ftpconfig=/etc/proftpd.conf
ftpvhosts=/etc/proftpd.vhosts.conf
ftppasswd=/etc/proftpd.passwd

namedconfig=/etc/named.conf
nameddir=/var/named

addip=/usr/local/directadmin/scripts/addip
removeip=/usr/local/directadmin/scripts/removeip

emailvirtual=/etc/virtual
emailspoolvirtual=/var/spool/virtual

user_helper=www.site-helper.com
reseller_helper=reseller.site-helper.com
admin_helper=admin.site-helper.com

mysqlconf=/usr/local/directadmin/conf/mysql.conf

SSL=0
cacert=/usr/local/directadmin/conf/cacert.pem
cakey=/usr/local/directadmin/conf/cakey.pem

tmpdir=../../../home/tmp
max_username_length=10
login_history=10
log_rotate_size=5

ethernet_dev=venet0:0
quota_partition=/
frontpage_on=0
apache_ver=2.0
dovecot=1

My Dovecot conf:

## Dovecot 1.1 configuration file

protocols = imap imaps pop3 pop3s

#ssl_cert_file = /etc/exim.cert
#ssl_key_file =  /etc/exim.key
ssl_cert_file = /etc/httpd/conf/ssl.crt/server.crt
ssl_key_file = /etc/httpd/conf/ssl.key/server.key


disable_plaintext_auth = no

##
## Login processes
##

#login_chroot = yes

login_user = dovecot
login_processes_count = 16

login_greeting = Dovecot DA ready.

##
## Mail processes
##

verbose_proctitle = yes

first_valid_uid = 500
last_valid_uid = 0


mail_access_groups = mail

#mail_debug = no

#mail_location = maildir:~/Maildir
mail_location = maildir:~/Maildir

# Like mailbox_check_interval, but used for IDLE command.
#mailbox_idle_check_interval = 30

# Copy mail to another folders using hard links. This is much faster than
# actually copying the file. This is problematic only if something modifies
# the mail in one folder but doesn't want it modified in the others. I don't
# know any MUA which would modify mail files directly. IMAP protocol also
# requires that the mails don't change, so it would be problematic in any case.
# If you care about performance, enable it.
#maildir_copy_with_hardlinks = no

# umask to use for mail files and directories
umask = 0007

# Set max. process size in megabytes. Most of the memory goes to mmap()ing
# files, so it shouldn't harm much even if this limit is set pretty high.
#mail_process_size = 256

# Log prefix for mail processes. See doc/variables.txt for list of possible
# variables you can use.
#mail_log_prefix = "%Us(%u): "

##
## IMAP specific settings
##

protocol imap {

  # Maximum IMAP command line length in bytes. Some clients generate very long
  # command lines with huge mailboxes, so you may need to raise this if you get
  # "Too long argument" or "IMAP command line too large" errors often.
  #imap_max_line_length = 65536

  # Send IMAP capabilities in greeting message. This makes it unnecessary for
  # clients to request it with CAPABILITY command, so it saves one round-trip.
  # Many clients however don't understand it and ask the CAPABILITY anyway.
  #login_greeting_capability = no

  # Workarounds for various client bugs:
  #   delay-newmail:
  #     Send EXISTS/RECENT new mail notifications only when replying to NOOP
  #     and CHECK commands. Some clients ignore them otherwise, for example
  #     OSX Mail. Outlook Express breaks more badly though, without this it
  #     may show user "Message no longer in server" errors. Note that OE6 still
  #     breaks even with this workaround if synchronization is set to
  #     "Headers Only".
  #   outlook-idle:
  #     Outlook and Outlook Express never abort IDLE command, so if no mail
  #     arrives in half a hour, Dovecot closes the connection. This is still
  #     fine, except Outlook doesn't connect back so you don't see if new mail
  #     arrives.
  #   netscape-eoh:
  #     Netscape 4.x breaks if message headers don't end with the empty "end of
  #     headers" line. Normally all messages have this, but setting this
  #     workaround makes sure that Netscape never breaks by adding the line if
  #     it doesn't exist. This is done only for FETCH BODY[HEADER.FIELDS..]
  #     commands. Note that RFC says this shouldn't be done.
  #   tb-extra-mailbox-sep:
  #     With mbox storage a mailbox can contain either mails or submailboxes,
  #     but not both. Thunderbird separates these two by forcing server to
  #     accept '/' suffix in mailbox names in subscriptions list.
  #imap_client_workarounds = outlook-idle
}

##
## POP3 specific settings
##

protocol pop3 {

  # Don't try to set mails non-recent or seen with POP3 sessions. This is
  # mostly intended to reduce disk I/O. With maildir it doesn't move files
  # from new/ to cur/, with mbox it doesn't write Status-header.
  #pop3_no_flag_updates = no

  # Support LAST command which exists in old POP3 specs, but has been removed
  # from new ones. Some clients still wish to use this though. Enabling this
  # makes RSET command clear all \Seen flags from messages.
  #pop3_enable_last = no

 

[frontline]

Hello,

On a fresh install of Directadmin running Dovecot for e-mail I'm running into the following scenario: Mail users just can't login. The password is always rejected, even after resetting passwords, making new accounts it just doesn't work. Does anyone have any suggestions on how I should resolve this?

Thanks in advance.

I have the exact situation as the original post. Off server email is received and Pop3 login works to retrieve messages. It is not possible to send email do to the authentication issue.

My /etc/virtual domain passwd files have the full (7) fields and the dovecot=1 is in place.

I have read and performed the various tests and fixes referenced here and in the other threads dealing with this problem.

The base email account for each domain that is referenced in /etc/password does not throw the user unknown errors as logged in maillog by the other virtual users.

I am not sure what I could post to identify my setup other than that seen in the previous post.

This is a new server setup. Retrofitting should not be an issue.