Solved

POP3 Authentication Problems - CentOS 6 - Sendmail - Dovecot - Thunderbird

Posted on 2014-04-24
12
832 Views
Last Modified: 2014-04-28
Greetings All,

I know this question has probably been beat half-ta-death but it is my turn to ask.. sorry.

History:
I obtained a Virtual Private Server from Go-Daddy to act as an Email Server and DNS. So far I have been successful in Implementing the DNS server and, for the most part, the Email server.

The Email server can send Outgoing mail and it can receive Incoming mail.  I can also log onto the Virtual machine and retrieve email (using the 'mail' command) for all current email users.

My problem is with POP3 authentication (and IMAP for that matter).  I am using 'Plain Text' passwords and i am NOT using SSL. It fails to authenticate when using 'Telnet Localhost....' (as a means of testing) and from Thunderbird. (as is to be expected)

I am sure that there is a setting or .config file that I am overlooking. I could sure use another set of eyes on this.

Question: is it possible that I may be missing some data in the 'host.conf' file?? If that is possible what should I look for?

Thanks for any help that you can give.

Rick
0
Comment
Question by:rrbecker
  • 9
  • 3
12 Comments
 
LVL 2

Author Comment

by:rrbecker
Comment Utility
Hi All...

Ok looks like I need help in setting up Dovecot properly. I believe that my problem is with one or more of the dovecot config files..


Again, any help is appreciated

Rick
0
 
LVL 13

Accepted Solution

by:
Sandy earned 500 total points
Comment Utility
Paste the error msgs pls.

TY/SA
0
 
LVL 2

Author Comment

by:rrbecker
Comment Utility
Hi Sandy....

There are a few different errors that occur depending on which config files I have 'Changed'. Dovecot has many config files under /etc/dovecot/conf.d and I have been making modification to some of those files in accordance with the information provided by wiki at this site - http://wiki2.dovecot.org/BasicConfiguration.

in particular I am trying to get password authentication working and have been testing via the following: ( error  message )

-----------------------------------------------------------------------
[root@ip-50-62-164-110 dovecot]# telnet localhost pop3
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
user flixnmix
+OK
pass flixnmix
-ERR Authentication failed.
---------------------------------------------------------------------

I think my problem has something to do with how to get dovecot to authenticate against the /etc/password file. I think it is trying to use the virtual file /etc/dovecot/user.

also I must admit that I am unclear on the proper syntax used in the dovecot config files

[root@ip-50-62-164-110 conf.d]# ls
10-auth.conf      15-lda.conf     90-quota.conf                auth-sql.conf.ext
10-director.conf  20-imap.conf    auth-checkpassword.conf.ext  auth-static.conf.ext
10-logging.conf   20-lmtp.conf    auth-deny.conf.ext           auth-system.conf.ext
10-mail.conf      20-pop3.conf    auth-ldap.conf.ext           auth-vpopmail.conf.ext
10-master.conf    90-acl.conf     auth-master.conf.ext
10-ssl.conf       90-plugin.conf  auth-passwdfile.conf.ext


NOTE: If there is an easier or better POP3 service then I am willing to try that instead of dovecot....

Please suggest some things to look at and the proper configuration... thanks


OH... BTW... I am NOT using SSL....

Rick
0
 
LVL 2

Author Comment

by:rrbecker
Comment Utility
OK More Info...

Looks like PAM is the process that does the actual authentication along side of Dovecot...

Can you help me with getting PAM configured correctly to work with Dovecot...


Thanks
0
 
LVL 2

Author Comment

by:rrbecker
Comment Utility
Greetings... It may be helpful to know that FTP is working fine and it uses a Login a password as well...


Rick
0
 
LVL 13

Expert Comment

by:Sandy
Comment Utility
Is selinux is running in enforcing mode?  if yes try putting it in permissive mode and test.

setenforce 0

TY/SA
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 2

Author Comment

by:rrbecker
Comment Utility
Here is a 'dump' of /var/log/maillog.....

##########################################################
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: auth client connected (pid=26049)
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: client in: AUTH#0111#011PLAIN#011service=pop3#011lip=50.62.164.110#011rip=75.166.177.83#011lport=110#011rport=24720
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: client out: CONT#0111#011
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: client in: CONT<hidden>
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: pam(flixnmix,75.166.177.83): lookup service=pop3
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Error: pam(flixnmix,75.166.177.83): pam_authenticate() failed: Authentication failure (/etc/pam.d/pop3 missing?)
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: pam(flixnmix,75.166.177.83): lookup service=dovecot
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: pam(flixnmix,75.166.177.83): #1/1 style=1 msg=Password:
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Error: pam(flixnmix,75.166.177.83): pam_open_session() failed: Cannot make/remove an entry for the specified session
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: passwd(flixnmix,75.166.177.83): lookup
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: passwd(flixnmix,75.166.177.83): Password mismatch
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: Debug: shadow(flixnmix,75.166.177.83): lookup
Apr 25 17:35:10 ip-50-62-164-110 dovecot: auth: shadow(flixnmix,75.166.177.83): unknown user
Apr 25 17:35:12 ip-50-62-164-110 dovecot: auth: Debug: client out: FAIL#0111#011user=flixnmix
Apr 25 17:35:12 ip-50-62-164-110 dovecot: auth: Debug: client in: AUTH#0112#011PLAIN#011service=pop3#011lip=50.62.164.110#011rip=75.166.177.83#011lport=110#011rport=24720#011resp=<hidden>
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: Debug: pam(flixnmix,75.166.177.83): lookup service=pop3
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: pam(flixnmix,75.166.177.83): pam_authenticate() failed: Authentication failure (password mismatch?)
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: Debug: pam(flixnmix,75.166.177.83): lookup service=dovecot
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: Debug: pam(flixnmix,75.166.177.83): #1/1 style=1 msg=Password:
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: Error: pam(flixnmix,75.166.177.83): pam_open_session() failed: Cannot make/remove an entry for the specified session
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: Debug: passwd(flixnmix,75.166.177.83): lookup
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: passwd(flixnmix,75.166.177.83): Password mismatch
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: Debug: shadow(flixnmix,75.166.177.83): lookup
Apr 25 17:35:16 ip-50-62-164-110 dovecot: auth: shadow(flixnmix,75.166.177.83): unknown user
Apr 25 17:35:18 ip-50-62-164-110 dovecot: auth: Debug: client out: FAIL#0112#011user=flixnmix


##########################################################
0
 
LVL 2

Author Comment

by:rrbecker
Comment Utility
Sandy, selinux is NOT running on this system, so it can not be part of the problem...

Or is it??



If you look a the maillog I think you will see that I may have a problem with the Password Files. Where does PAM/Dovecot look for password files? I thought I had it configured to look at /etc/passwd...

It seems to think that I am sending a password that is different from the one found in /etc/passwd. How do I resolve this conflict??


Rick
0
 
LVL 13

Expert Comment

by:Sandy
Comment Utility
Paste /etc/nsswitch.conf
0
 
LVL 2

Author Comment

by:rrbecker
Comment Utility
[root@ip-50-62-164-110 etc]# cat nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
#      nisplus                  Use NIS+ (NIS version 3)
#      nis                  Use NIS (NIS version 2), also called YP
#      dns                  Use DNS (Domain Name Service)
#      files                  Use the local files
#      db                  Use the local database (.db) files
#      compat                  Use NIS on compat mode
#      hesiod                  Use Hesiod for user lookups
#      [NOTFOUND=return]      Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files
shadow:     files
group:      files

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files    

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files nisplus
aliases:    files nisplus
0
 
LVL 2

Author Comment

by:rrbecker
Comment Utility
Sandy...

Well I have got the password authentication problem resolved but now I have another issue.

Since it is not an authentication issue I will close this request and post another request for help.  

While I did not resolve my issue with your help I will award you the points anyway.  Maybe you can help  me with my next issue.

Rick
0
 
LVL 2

Author Closing Comment

by:rrbecker
Comment Utility
Issue was resolved but there was very little input provide.
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

How can MDaemon MRK files and MSG files work together? We can also say that, how worldclient and Outlook connecter works, using both application collectively you can view your mails, contacts, calendar, task, notes. In this article you can unders…
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now