linux mail server, username password woes

I have linux mail server running courier imap/pop3
This is strange, it just started happening today. This server has been running fine for a couple of years now.
What is happening is the authentication is rejected, all we have to do is click ok and it works fine, without changing the username or password. And it doesnt do it all the time. And there is nothing in the logs about any failed authentications. Any body have any ideas on what might be happening and any solutions. Google didnt really help.
LVL 2
studlyedAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

CKWTCommented:
Have you ever tried accessing the same account from another computer at the same time. I dont have experience with Linux but I have a pop3 server and if the account is in use it does not allow 2 connections from the same account.

Check if you user did not install a email client without u know about it, or using the email from home...
check if all conections made from that account are made from the same IP and if at the hour minutes and second you know it should be accesed.
0
NopiusCommented:
It seems that some 'fake' frontend asks you for password and then redirects your input to real server.
Possibly you are hacked. Also it may be a bug of your mail client. Which one you are using?
How your authentication works? What is a datasource for logins/passwords?
0
Sam PanwarSr. Server AdministratorCommented:
Hi,

I think your shadow file or the password file corrupted .

You can also try to restart the mail server on the server.
http://www.experts-exchange.com/Security/Linux_Security/Q_20932033.html
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

studlyedAuthor Commented:
nothing has changed, it hasnt been hacked (its on a local network), and the logins are stored in couriers user database. and it only does it some of the time
0
studlyedAuthor Commented:
and i already tried the 90% fix-it solution of a reboot
0
studlyedAuthor Commented:
and its not a multi-logon issue as in the first post, i know that because on my account i am the only one logged in on it and it still does it.
0
studlyedAuthor Commented:
ok
found something in my logs
finally
took me long enough but it doesnt make much sense to me


----------------------------------------
Apr 21 15:30:21 mail slapd[3264]: => acl_mask: to all values by "", (=n)
Apr 21 15:30:21 mail slapd[3264]: <= check a_dn_pat: users
Apr 21 15:30:21 mail slapd[3264]: <= check a_dn_pat: anonymous
Apr 21 15:30:22 mail slapd[3264]: <= acl_mask: [2] applying auth (=x) (stop)
Apr 21 15:30:24 mail slapd[3264]: <= acl_mask: [2] mask: auth (=x)
Apr 21 15:30:25 mail slapd[3264]: => access_allowed: auth access granted by auth (=x)
Apr 21 15:30:25 mail pop3d: Connection, ip=[::ffff:67.137.230.228]
Apr 21 15:30:25 mail slapd[3264]: => access_allowed: auth access to "cn=manager,dc=slccu,dc=org" "userPassword" requested
Apr 21 15:30:25 mail slapd[3264]: => acl_get: [1] check attr userPassword
Apr 21 15:30:25 mail slapd[3264]: => acl_get: [2] check attr userPassword
Apr 21 15:30:26 mail slapd[3264]: => acl_get: [3] check attr userPassword
Apr 21 15:30:26 mail slapd[3264]: <= acl_get: [3] acl cn=manager,dc=slccu,dc=org attr: userPassword
Apr 21 15:30:26 mail slapd[3264]: => acl_mask: access to entry "cn=manager,dc=slccu,dc=org", attr "userPassword" requested
Apr 21 15:30:26 mail slapd[3264]: => acl_mask: to all values by "", (=n)
Apr 21 15:30:26 mail slapd[3264]: <= check a_dn_pat: users
Apr 21 15:30:26 mail slapd[3264]: <= check a_dn_pat: anonymous
Apr 21 15:30:26 mail slapd[3264]: <= acl_mask: [2] applying auth (=x) (stop)
Apr 21 15:30:26 mail slapd[3264]: <= acl_mask: [2] mask: auth (=x)
Apr 21 15:30:27 mail slapd[3264]: => access_allowed: auth access granted by auth (=x)
Apr 21 15:30:25 mail slapd[3264]: => access_allowed: search access to "cn=ed,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:27 mail slapd[3264]: <= root access granted
Apr 21 15:30:27 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "entry" requested
Apr 21 15:30:27 mail slapd[3264]: <= root access granted
Apr 21 15:30:27 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "cn" requested
Apr 21 15:30:27 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail courierdsn: Problems injecting bounce - submit failed.
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "cn" requested
Apr 21 15:30:28 mail courierd: completed,id=003000C2.44442F66.00005A0A
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "homeDirectory" requested
Apr 21 15:30:28 mail courierd: Waiting.  shutdown time=Fri Apr 21 15:35:28 2006, wakeup time=Fri Apr 21 15:30:41 2006, queuedelivering=12, inprogress=0
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "homeDirectory" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "uidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "uidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "gidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "gidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=ed,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:27 mail slapd[3264]: => access_allowed: search access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "entry" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "cn" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "cn" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "homeDirectory" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "homeDirectory" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "uidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "uidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "gidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "gidNumber" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: read access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: auth access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "userPassword" requested
Apr 21 15:30:28 mail slapd[3264]: => acl_get: [1] check attr userPassword
Apr 21 15:30:28 mail slapd[3264]: => acl_get: [2] check attr userPassword
Apr 21 15:30:28 mail slapd[3264]: => acl_get: [3] check attr userPassword
Apr 21 15:30:28 mail slapd[3264]: <= acl_get: [3] acl cn=kerry,ou=accounts,dc=slccu,dc=org attr: userPassword
Apr 21 15:30:28 mail slapd[3264]: => acl_mask: access to entry "cn=kerry,ou=accounts,dc=slccu,dc=org", attr "userPassword" requested
Apr 21 15:30:28 mail slapd[3264]: => acl_mask: to all values by "", (=n)
Apr 21 15:30:28 mail slapd[3264]: <= check a_dn_pat: users
Apr 21 15:30:28 mail slapd[3264]: <= check a_dn_pat: anonymous
Apr 21 15:30:28 mail slapd[3264]: <= acl_mask: [2] applying auth (=x) (stop)
Apr 21 15:30:28 mail slapd[3264]: <= acl_mask: [2] mask: auth (=x)
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: auth access granted by auth (=x)
Apr 21 15:30:28 mail pop3d: LOGIN, user=kerry, ip=[::ffff:67.137.230.228]
Apr 21 15:30:28 mail pop3d: LOGOUT, user=kerry, ip=[::ffff:67.137.230.228], top=0, retr=0
Apr 21 15:30:29 mail courieresmtpd: started,ip=[::ffff:69.60.99.46]
Apr 21 15:30:29 mail courieresmtpd: error,relay=::ffff:69.60.99.46,from=<bounce-112B7C010C@clickdealworld.net>,to=<jggrea@slccu.com>: 513 Relaying denied.
Apr 21 15:30:33 mail pop3d: LOGIN FAILED, ip=[::ffff:67.137.230.228]
Apr 21 15:30:35 mail pop3d: Connection, ip=[::ffff:67.137.230.228]
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: search access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "entry" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "cn" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "cn" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "homeDirectory" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "homeDirectory" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "uidNumber" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "uidNumber" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "gidNumber" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "gidNumber" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: read access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "mail" requested
Apr 21 15:30:35 mail slapd[3264]: <= root access granted
Apr 21 15:30:35 mail slapd[3264]: => access_allowed: auth access to "cn=tdownard,ou=accounts,dc=slccu,dc=org" "userPassword" requested
Apr 21 15:30:35 mail slapd[3264]: => acl_get: [1] check attr userPassword
Apr 21 15:30:35 mail slapd[3264]: => acl_get: [2] check attr userPassword

----------------------------------------------
0
studlyedAuthor Commented:
there is a problem in the slapd e-mail password authentication problem

this exists 2 of the password check sections
Apr 21 15:30:28 mail slapd[3264]: <= root access granted
Apr 21 15:30:28 mail slapd[3264]: => access_allowed: auth access to "cn=kerry,ou=accounts,dc=slccu,dc=org" "userPassword" requested

but does not exist in the top one
it just stops right before it is supposed to do that. and then pop3 auth fails
has anybody seen anything like that?
0
studlyedAuthor Commented:
k, it has done this repeatedly on other accounts.
it just stops right after the mail request. and before the password request.
there is no reason for it in the logs. no errors nothing.
0
studlyedAuthor Commented:
ok, i think it was timing out on the authentication, i increased the auth_timeout in the courier config file. that seemed to have fixed it. but, why it would do it just recently i do not know, we didnt add any more users to it or anything. dumb.
0
NopiusCommented:
You almost answered your question yourself.
May be slapd indexes became corrupted, that's why you have timeout. Try to rebuild indexes.
man slapindex
0
studlyedAuthor Commented:
we just said screw it,moved everyone over to exchange 2 months early. But slapindex did not work either. We are thinking that maybe the mailserver just got a little old/slow because of all the spam it had to deal with that it couldnt handle the authentication as well. Sounds a little crazy, but it was an older pc.
0
NopiusCommented:
You have no indexes in slapd.conf? slapindex should be run on stopped ldap database if you have use of indexes in your slapd.conf.
If your mail server is slow, why only first authentication doesn't work? May be you are using SSL-ed connection to ldap?
Also I recommend you to use socket connection from authorization module to LDAP, if LDAP runs on the same server as mail server and if your authorization module allows this.
tracing your program and sniffing your network might also help. Please notice load average on your server and on slapd server when you do authentication.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
studlyedAuthor Commented:
were not worried about it anymore,  it is no longer in service. we moved everything onto exchange.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.