[Solved] Dovecot Upgrade

jack.mitchell · 2012-03-01 13:04:47

Ok, so I updated today and it brought in the new dovecot 2.1.1. I had to create a new dovecot SSL file to get it to keep working, and now with that fixed it won't authenticate over imap.

My dovecot -n is:

# 2.1.1: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.8-1-ARCH i686  ext4
auth_mechanisms = plain digest-md5 cram-md5
auth_socket_path = /var/run/dovecot/auth-userdb
default_internal_user = vmail
disable_plaintext_auth = no
mail_location = maildir:/var/vmail/%d/%n/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
postmaster_address = postmaster@communistcode.co.uk
protocols = imap
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    ssl = no
  }
}
service pop3-login {
  inet_listener pop3s {
    ssl = no
  }
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
  args = uid=5000 gid=5000 home=/var/vmail/%d/%n/Maildir allow_all_users=yes
  driver = static
}
protocol lda {
  mail_plugins = sieve
}

and the error message I am recieving is:

ays=0.06/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar  1 13:02:06 localhost postfix/qmgr[998]: 52ABB203E3: removed
Mar  1 13:02:24 localhost postfix/smtpd[1527]: connect from merlin.infradead.org[205.233.59.134]
Mar  1 13:02:24 localhost postfix/smtpd[1527]: B109B203E3: client=merlin.infradead.org[205.233.59.134]
Mar  1 13:02:24 localhost postfix/cleanup[1537]: B109B203E3: message-id=<20120301130051.GE7363@n2100.arm.linux.org.uk>
Mar  1 13:02:24 localhost postfix/qmgr[998]: B109B203E3: from=<linux-arm-kernel-bounces+ml=communistcode.co.uk@lists.infradead.org>, size=4999, nrcpt=1 (queue active)
Mar  1 13:02:24 localhost dovecot: lda(ml@communistcode.co.uk): msgid=<20120301130051.GE7363@n2100.arm.linux.org.uk>: saved mail to INBOX
Mar  1 13:02:24 localhost postfix/pipe[1540]: B109B203E3: to=<ml@communistcode.co.uk>, relay=dovecot, delay=0.15, delays=0.11/0/0/0.04, dsn=2.0.0, status=sent (delivered via dovecot service)
Mar  1 13:02:24 localhost postfix/qmgr[998]: B109B203E3: removed
Mar  1 13:02:25 localhost postfix/smtpd[1527]: disconnect from merlin.infradead.org[205.233.59.134]
Mar  1 13:03:36 localhost dovecot: imap-login: Disconnected (no auth attempts in 0 secs): rip=195.171.99.130, lip=78.110.170.148
Mar  1 13:03:36 localhost dovecot: imap-login: Disconnected (no auth attempts in 0 secs): rip=195.171.99.130, lip=78.110.170.148

the line in question is:

Mar 1 13:03:36 localhost dovecot: imap-login: Disconnected (no auth attempts in 0 secs): rip=195.171.99.130, lip=78.110.170.148

Can anyone shed any light on this? The errors happen with thunderbird imap and also my roundcube configuration.

Last edited by jack.mitchell (2012-03-01 14:08:24)

jack.mitchell · 2012-03-01 13:14:42

Ok, quick addition the Roundcube gives the error:

Mar 1 13:11:01 localhost dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 0 secs): rip=195.171.99.130, lip=78.110.170.148

I'm not sure what that means or why they're different though...

hokasch · 2012-03-01 13:36:56

  }
  inet_listener imaps {
    ssl = no
  }

Doesn't that disable TLS/SSL?

openssl s_client -connect communistcode.co.uk:993
CONNECTED(00000003)
140023013836456:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:683:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 211 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

tomegun · 2012-03-01 13:58:47

The change to dovecot was to not install the example configuration files any more. So to see what happened you could have a look at your .pacsave files, or find the example config files under /usr (forgot where).

jack.mitchell · 2012-03-01 14:07:29

hokasch wrote:

  }
  inet_listener imaps {
    ssl = no
  }

Doesn't that disable TLS/SSL?

openssl s_client -connect communistcode.co.uk:993
CONNECTED(00000003)
140023013836456:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:683:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 211 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

This was it, I had just figured out that it was an SSL issue and this nailed it, cheers!

Yes the new dovecot install renamed all my config files and then required me to add a few snippets that were (probably) provided by the previous default configs. The SSL configuration file was the only one I had to manually add and before I realised that I had been fiddling with the ssl settings which lead me to changing the above from what it was originally.

Thanks for the quick replies all!

Last edited by jack.mitchell (2012-03-01 14:08:14)

Arch Linux

#1 2012-03-01 13:04:47

[Solved] Dovecot Upgrade

#2 2012-03-01 13:14:42

Re: [Solved] Dovecot Upgrade

#3 2012-03-01 13:36:56

Re: [Solved] Dovecot Upgrade

#4 2012-03-01 13:58:47

Re: [Solved] Dovecot Upgrade

#5 2012-03-01 14:07:29

Re: [Solved] Dovecot Upgrade

Board footer