-1

I've installed a postfix/dovecot mail services on DigitalOcean. I'm using certificates provided by letsencrypt. There are no errors in syslog that relate to problems with the certificates.

I'm using mysql to store the virtual users.

The connection string is:

connect = host=127.0.0.1 dbname=servermail user=usermail password=REDACTED (with the correct password, this tests okay and there are no connection errors reported on startup)

When I attempt to connect from a client, I see this in the log:

Apr 04 10:15:43 imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=42.115.84.125, lip=206.189.150.255, TLS: Disconnected, session=

Incoming mail is being delivered successfully by Postfix.

Output of dovecot -n 

# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.15.0-47-generic x86_64 Ubuntu 18.04.2 LTS ext4
auth_mechanisms = plain login
log_path = /var/log/dovecot.log
mail_location = maildir:/var/mail/vhosts/%d/%n/
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix = 
}
passdb {
  args = /etc/dovecot/deny-users
  deny = yes
  driver = passwd-file
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
postmaster_address = dev@vietfeir.com
protocols = imap lmtp
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service pop3-login {
  inet_listener pop3 {
    port = 0
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/civicrm.vietfeir.com/fullchain.pem
ssl_client_ca_dir = /etc/ssl/certs
ssl_key =  # hidden, use -P to show it
userdb {
  driver = passwd
}
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = static
}

Please give me some troubleshooting ideas.

Here is the SQL query used to create a user in the database:

    INSERT INTO `servermail`.`virtual_users`
  (`domain_id`, `password` , `email`)
VALUES
  ('1', ENCRYPT('*REDACTED*!', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'dennis@vietfeir.com')

My client (Bluemail) has a choice of plain or CRAM-MD5 passwords. Outlook seems to only allow plain, so I think this might be the problem as I have chose an SHA based scheme. (SHA512-CRYPT)

Vietyank
  • 111
  • 2
  • 9
  • BTW, I have double-checked the password sent by the client and the password for the email user in the MySQL database and they match. – Vietyank Apr 04 '19 at 04:08
  • I changed the passwordt scheme to plain and changed the database password to plaintext and it authenticated okay. I cannot retrieve mail, though, but that's another story. – Vietyank Apr 04 '19 at 17:35

1 Answers1

0

Your authentication backend doesn't look like it has been set up to work with a database... The passdb should have sql as a driver, and point to a file containing the connection string and query required to verify the password stored in the database.

I would suggest taking a look at https://wiki.dovecot.org/AuthDatabase/SQL for the details and https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql/#dovecot (item #7 onwards) for a walkthrough.

Kaashif Choudhury
  • 1
  • 1
  • Hello and welcome to ServerFault! While providing links is useful, it would be _more_ helpful to the asker if you posted a summary of the steps involved on the link you posted as external links can go dead / be removed at any time. For more tips, see [answer]. – Daniele Santi Apr 04 '19 at 08:58
  • I used the Linode cookbook to set it up and Dovecot is connect to my MySQL server so I don't know how you can say I didn't set it up to work with a database. I made sure of that by entering an incorrect password in the connection string and got an error. I changed it back to the correct password and there is no error so I can only assume that it is connect okay The problem is that the client is not authenticating. – Vietyank Apr 04 '19 at 15:12
  • Sorry about that, I didn't notice the passdb section with driver=mysql. Can you check the contents of your /etc/dovecot/dovecot-sql.conf.ext? You should be able to put default_pass_scheme = SHA512-CRYPT. The plain/cram-md5 is how the client will send the password to dovecot. dovecot will use the default_pass_scheme to verify it against the database. – Kaashif Choudhury Apr 05 '19 at 06:44
  • I had that originally but could not authenticate when I inserted the users into virtual_users with the recommended query. What should the function be? – Vietyank Apr 05 '19 at 06:47
  • Just to be sure, I changed it to plain but I want more security – Vietyank Apr 05 '19 at 06:48
  • how do I close this? – Vietyank Apr 13 '19 at 02:32