Dovecot Not Attempting to Authenticate Clients

by

We have just migrated our email to a new server but the new system is not recognising client log in attempts, in the mail log the message ‘Disconnected (no auth attempts in 0 secs): user=<>’ is displayed.

This problem is almost undoubtedly because one or more configuration files have not been copied over or configured properly or perhaps because an authentication system has not been installed. Only problem is, which one?

The system is basic postfix + dovecot. The configuration files that have been copied over are all those from /etc/postfix and /etc/dovecot.

During the server set-up dovecot and postfix were installed using yum.

The server is Fedora 19 on a Rackspace server, the only other apps installed were MySQL and Apache.

Postfix and Dovecot both start without any error messages being shown.

dovecot -n


# 2.2.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.4-201.fc19.x86_64 x86_64 Fedora release 19 (Schrödinger’s Cat) 
auth_mechanisms = cram-md5 plain
auth_verbose = yes
disable_plaintext_auth = no
mbox_write_locks = fcntl
namespace inbox {
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = scheme=cram-md5 /etc/cram-md5.pwd
  driver = passwd-file
}
passdb {
  driver = pam
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  args = uid=vmail gid=vmail home=/var/spool/vhosts/%d/%n /etc/dovecot/userdb
  driver = static
}
userdb {
  driver = passwd
}

A line like the following is added to the log about once per second:


dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=1.2.3.4, lip=9.A.B.C, TLS handshaking: Disconnected, session=

Three sets of lines like following are added approximately every 3 minutes:


dovecot: imap-login: Login: user=<username@example.com>, method=CRAM-MD5, rip=1.1.1.1, lip=2.2.2.2, mpid=17131, session=<BS5K3XPrqAC8HJXQ>
gp8 dovecot: imap(username@example.com): Error: user username@example.com: Initialization failed: Namespace '': Mail storage autodetection failed with home=/var/spool/vhosts/example.com/username
gp8 dovecot: imap(username@example.com): Error: Invalid user settings. Refer to server log for more information.

For what it is worth it appears as if incoming mail is being delivered to the maildir correctly.

I have accepted an answer from MadHatter for this issue, it turned out to be (a lot of) missing dovecot config files. Although the accepted answer did not point this out exactly it certainly made me double check what had been copied over.

I now have one more issue with dovecot but will ask another question to cover it.

Answer

Following on from our comments above, the problem seems to be SSL/TLS-related. You tell me that the client having problem isn’t configured to use either SSL or TLS, but in the dovecot -n output in your question, the line

ssl = required

appears. I suspect that when the client connects on the plaintext service (port 143), the daemon, being configured to require encryption, promptly tries to engage TLS. Since the client’s not configured for that, it ignores the attempt to uprate security, leading to the server getting frustrated and dropping the connection with the log error

TLS handshaking: Disconnected

Attribution
Source : Link , Question Author : blankabout , Answer Author : MadHatter

Leave a Comment