Re: problemas de autenticacion squirrelmail
2016-09-24 3:16 GMT-03:00 Norveris Noa Labañino <norverisnl@gu.rimed.cu>:
>
>
> El 24/09/16 a las 00:51, OddieX escribió:
>
> 2016-09-23 19:50 GMT-03:00 Norveris Noa Labañino <norverisnl@gu.rimed.cu>:
>
> Gracias hermano por responder:
>
> El puerto 143 y 993 estan habilitados para imap, he hecho varias pruebas, y
> los log del servidor de correo (IredMail) el dovecot me muestra esto:
>
>
> Sep 23 17:50:07 imap-login: Info: Aborted login (auth failed, 1 attempts in
> 0 secs): user=<>, method=PLAIN, rip=10.1.1.30, lip=10.1.1.26,
> session=<M0j4wjM97AAKAQEe>
> Sep 23 17:50:23 imap-login: Info: Disconnected (auth failed, 1 attempts in 0
> secs): user=<>, method=CRAM-MD5, rip=10.1.1.30, lip=10.1.1.26,
> session=<gHDtwzM97gAKAQEe>
> Sep 23 17:50:23 imap-login: Info: Disconnected (auth failed, 1 attempts in 0
> secs): user=<>, method=DIGEST-MD5, rip=10.1.1.30, lip=10.1.1.26,
> session=<1IjtwzM98AAKAQEe>
> Sep 23 17:51:27 imap-login: Info: Aborted login (auth failed, 1 attempts in
> 0 secs): user=<>, method=PLAIN, rip=10.1.1.30, lip=10.1.1.26,
> session=<4GzHxzM9+AAKAQEe>
> Sep 23 17:52:08 imap-login: Info: Disconnected (no auth attempts in 0 secs):
> user=<>, rip=10.1.1.30, lip=10.1.1.26, session=<T3YuyjM9+gAKAQEe>
> Sep 23 17:29:36 imap-login: Info: Disconnected (auth failed, 1 attempts in 0
> secs): user=<>, method=CRAM-MD5, rip=10.1.1.30, lip=10.1.1.26,
> session=<UbqfeTM91gAKAQEe>
> Sep 23 17:29:36 imap-login: Info: Disconnected (auth failed, 1 attempts in 0
> secs): user=<>, method=DIGEST-MD5, rip=10.1.1.30, lip=10.1.1.26,
> session=<iNOfeTM92AAKAQEe>
> Sep 23 17:30:00 imap-login: Info: Disconnected (no auth attempts in 0 secs):
> user=<>, rip=10.1.1.30, lip=10.1.1.26, session=<PngKezM93AAKAQEe>
> Sep 23 17:30:15 imap-login: Info: Disconnected (auth failed, 1 attempts in 0
> secs): user=<>, method=CRAM-MD5, rip=10.1.1.30, lip=10.1.1.26,
> session=<d5nuezM93gAKAQEe>
> Sep 23 17:30:15 imap-login: Info: Disconnected (auth failed, 1 attempts in 0
> secs): user=<>, method=DIGEST-MD5, rip=10.1.1.30, lip=10.1.1.26,
> session=<HrPuezM94AAKAQEe>
> Sep 23 17:30:29 imap-login: Info: Aborted login (auth failed, 1 attempts in
> 0 secs): user=<>, method=PLAIN, rip=10.1.1.30, lip=10.1.1.26,
> session=<JOjFfDM94gAKAQEe>
> Sep 23 17:30:53 imap-login: Info: Aborted login (auth failed, 1 attempts in
> 0 secs): user=<>, method=PLAIN, rip=10.1.1.30, lip=10.1.1.26,
> session=<MeYzfjM95AAKAQEe>
>
> Si se daran cuenta he probado con diferentes metodos PLAIN LOGIN DIGEST-MD5
> CRAM-MD5
>
> y con cada uno el webmail me da errores diferentes, ejemplo:
>
> con el metodo:
>
> Authentication type : plain o login o CRAM-MD5 o DIGEST-MD5
> Secure IMAP (TLS) : true
>
> me da este error
>
> Error connecting to IMAP server: tls://10.1.1.26.
> 0 :
>
> con el metodo
>
> Authentication type : plain
>
> Secure IMAP (TLS) : false,
>
> el webmail me da este error
>
> Unknown user or password incorrect.
>
> con el metodo
>
> Authentication type : login
>
> Secure IMAP (TLS) : false
>
> el webmail me da este error
>
> ERROR:Bad request: The IMAP server is reporting that plain text logins are
> disabled. Using CRAM-MD5 or DIGEST-MD5 authentication instead may work.
> Also, the use of TLS may allow SquirrelMail to login. Please contact your
> system administrator and report this error.
>
> con el metodo
>
> Authentication type : CRAM-MD5 o DIGEST-MD5
>
> Secure IMAP (TLS) : false
>
> el webmail me da este error
>
> ERROR:Bad request: IMAP server does not appear to support the authentication
> method selected. Please contact your system administrator.
>
>
> El 23/09/16 a las 18:25, OddieX escribió:
>
> El día 23 de septiembre de 2016, 19:13, Norveris Noa Labañino
> <norverisnl@gu.rimed.cu> escribió:
>
> Colegas estoy usando un servidor IredMail, y funciona perfecto con su
> webmail, he montado otro servidor para alojar un webmail externo que se
> conecte al server IredMail, he provado con roundcube y squirrelmail, y no he
> podido encontrar la manera de poder ver los correos en un servidor webmail
> externo al iredmail.
>
> alguna sugerencias.
>
>
>
> Tenes que habilitarle el puerto 143 "IMAP" para afuera para que tanto
> squirrel o roundcube puedan consultar los correos...
>
> De todas maneras, deberias brindarnos un poco mas de informacion para
> poder determinar la falla... Con tu explicacion digamos que estamos en
> el aire :P
>
>
>
> Envia los archivos de configuracion, no se que usas por ej cyrus o
> curier, pero fijate el archivo imap.conf que tengas!
>
>
> Uso IredMail un complemento de postfix+dovecot+OpenLDAP +Amavisd +rouncube
> en un servidor externo rouncube y tambien estoy probando squirrelmail con
> los dos webmail estos ultimos mencionados es que me esta dando el problema,
> repito que el webmail que se encuentra en el mismo servidor de correo
> funciona muy bien.
>
> la configuracion de imap.conf
>
> ##
> ## IMAP specific settings
> ##
>
> protocol imap {
>
> }
>
>
> la configuracion de dovecot
>
> # Listen addresses.
> # - '*' means all available IPv4 addresses.
> # - '[::]' means all available IPv6 addresses.
> # Listen on all available addresses by default
> listen = *
>
> #base_dir = /var/run/dovecot
> mail_plugins = quota
>
> # Enabled mail protocols.
> protocols = pop3 imap sieve
>
> # User/group who owns the message files:
> mail_uid = 2000
> mail_gid = 2000
>
> # Assign uid to virtual users.
> first_valid_uid = 2000
> last_valid_uid = 2000
>
> # Logging. Reference: http://wiki2.dovecot.org/Logging
> log_path = /var/log/dovecot.log
> mail_debug = no
> auth_verbose = no
> auth_debug = no
> auth_debug_passwords = no
> # Possible values: no, plain, sha1.
> auth_verbose_passwords = no
>
> # SSL: Global settings.
> # Refer to wiki site for per protocol, ip, server name SSL settings:
> # http://wiki2.dovecot.org/SSL/DovecotConfiguration
> ssl = required
> verbose_ssl = no
> #ssl_ca =</path/to/ca
> ssl_cert = </etc/ssl/certs/iRedMail_CA.pem
> ssl_key = </etc/ssl/private/iRedMail.key
>
> # With disable_plaintext_auth=yes AND ssl=required, STARTTLS is mandatory.
> # Set disable_plaintext_auth=no AND ssl=yes to allow plain password
> transmitted
> # insecurely.
> disable_plaintext_auth = yes
> # Allow plain text password per IP address/net
> #remote 10.1.1.30 {
> # disable_plaintext_auth = no
> #}
>
> # Mail location and mailbox format.
> mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
>
> # Authentication related settings.
> # Append this domain name if client gives empty realm.
> auth_default_realm =
>
> # Authentication mechanisms.
> auth_mechanisms = PLAIN LOGIN
>
> # Limits the number of users that can be logging in at the same time.
> # Default is 100.
> # Note: this value can be overrided by "process_limit =" in service
> # protocol. e.g.
> # protocol imap-login {
> # process_limit = 500
> # }
> #default_process_limit = 100
>
> service auth {
> unix_listener /var/spool/postfix/dovecot-auth {
> user = postfix
> group = postfix
> mode = 0666
> }
> unix_listener auth-master {
> user = vmail
> group = vmail
> mode = 0666
> }
> unix_listener auth-userdb {
> user = vmail
> group = vmail
> mode = 0660
> }
> }
>
> # Virtual mail accounts.
> userdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
> passdb {
> args = /etc/dovecot/dovecot-ldap.conf
> driver = ldap
> }
>
> # Master user.
> # Master users are able to log in as other users. It's also possible to
> # directly log in as any user using a master password, although this isn't
> # recommended.
> # Reference: http://wiki2.dovecot.org/Authentication/MasterUsers
> auth_master_user_separator = *
> passdb {
> driver = passwd-file
> args = /etc/dovecot/dovecot-master-users-password
> master = yes
> }
>
> plugin {
> auth_socket_path = /var/run/dovecot/auth-master
>
> quota = dict:user::proxy::quotadict
> quota_rule = *:storage=1G
> #quota_rule2 = *:messages=0
> #quota_rule3 = Trash:storage=1G
> #quota_rule4 = Junk:ignore
>
> # Quota warning.
> # If user suddenly receives a huge mail and the quota jumps from
> # 85% to 95%, only the 95% script is executed.
> quota_warning = storage=85%% quota-warning 85 %u
> quota_warning2 = storage=90%% quota-warning 90 %u
> quota_warning3 = storage=95%% quota-warning 95 %u
>
> # Plugin: autocreate. Create and subscribe to default IMAP folders.
> autocreate = INBOX
> autocreate2 = Sent
> autocreate3 = Trash
> autocreate4 = Drafts
> autocreate5 = Junk
> autosubscribe = INBOX
> autosubscribe2 = Sent
> autosubscribe3 = Trash
> autosubscribe4 = Drafts
> autosubscribe5 = Junk
>
> # Plugin: expire.
> #expire = Trash 7 Trash/* 7 Junk 30
> #expire_dict = proxy::expire
>
> # ACL and share folder
> acl = vfile
> acl_shared_dict = proxy::acl
>
> # By default Dovecot doesn't allow using the IMAP "anyone" or
> # "authenticated" identifier, because it would be an easy way to spam
> # other users in the system. If you wish to allow it,
> #acl_anyone = allow
>
> # Pigeonhole managesieve service.
> # Reference: http://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration
> # Per-user sieve settings.
> sieve_dir = /%Lh/sieve
> sieve = /%Lh/sieve/dovecot.sieve
>
> # Global sieve settings.
> sieve_global_dir = /var/vmail/sieve
> sieve_global_path = /var/vmail/sieve/dovecot.sieve
> #sieve_before =
> #sieve_after =
>
> # The maximum number of redirect actions that can be performed during a
> # single script execution. The meaning of 0 differs based on your
> version.
> # For versions v0.3.0 and beyond this means that redirect is prohibited.
> # For older versions, however, this means that the number of redirects
> is
> # unlimited, so be careful.
> #sieve_max_redirects = 4
> }
>
> service quota-warning {
> executable = script /usr/local/bin/dovecot-quota-warning.sh
> unix_listener quota-warning {
> user = vmail
> group = vmail
> mode = 0660
> }
> }
>
> service dict {
> unix_listener dict {
> mode = 0660
> user = vmail
> group = vmail
> }
> }
>
> dict {
> #expire = db:/var/lib/dovecot/expire/expire.db
> quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
> acl = mysql:/etc/dovecot/dovecot-share-folder.conf
> }
>
> protocol lda {
> # Reference: http://wiki2.dovecot.org/LDA
> mail_plugins = $mail_plugins sieve autocreate
> auth_socket_path = /var/run/dovecot/auth-master
> log_path = /var/log/sieve.log
> lda_mailbox_autocreate = yes
> postmaster_address = root
> }
> protocol imap {
> mail_plugins = $mail_plugins imap_quota autocreate
> imap_client_workarounds = tb-extra-mailbox-sep
>
> # Maximum number of IMAP connections allowed for a user from each IP
> address.
> # NOTE: The username is compared case-sensitively.
> # Default is 10.
> # Increase it to avoid issue like below:
> # "Maximum number of concurrent IMAP connections exceeded"
> #mail_max_userip_connections = 20
> }
> protocol pop3 {
> mail_plugins = $mail_plugins
> pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
> pop3_uidl_format = %08Xu%08Xv
>
> # Maximum number of IMAP connections allowed for a user from each IP
> address.
> # NOTE: The username is compared case-sensitively.
> # Default is 10.
> #mail_max_userip_connections = 20
> }
>
> # Login processes. Refer to Dovecot wiki for more details:
> # http://wiki2.dovecot.org/LoginProcess
> service imap-login {
> service_count = 1
>
> # To avoid startup latency for new client connections, set
> process_min_avail
> # to higher than zero. That many idling processes are always kept around
> # waiting for new connections.
> #process_min_avail = 0
>
> # Process limit.
> # Increase it if you got similar error message in Dovecot log file:
> #
> # "master: Warning: service(imap-login): process_limit (100) reached,
> # client connections are being dropped"
> #
> #process_limit = $default_process_limit
> process_limit = 500
>
> # vsz_limit should be fine at its default 64MB value
> #vsz_limit = 64M
> }
> service pop3-login {
> service_count = 1
> }
>
> namespace {
> type = private
> separator = /
> prefix =
> #location defaults to mail_location.
> inbox = yes
> }
>
> namespace {
> type = shared
> separator = /
> prefix = Shared/%%u/
> location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
> # this namespace should handle its own subscriptions or not.
> subscriptions = yes
> list = children
> }
>
> # Public mailboxes.
> # Refer to Dovecot wiki page for more details:
> # http://wiki2.dovecot.org/SharedMailboxes/Public
> #namespace {
> # type = public
> # separator = /
> # prefix = Public/
> #
> # # CONTROL=: Mark this public folder as read-only mailbox
> # # INDEX=: Per-user \Seen flag
> # location =
> maildir:/var/vmail/public/:CONTROL=~/Maildir/public:INDEX=~/Maildir/public
> #
> # # Allow users to subscribe to the public folders.
> # subscriptions = yes
> #}
>
>
>
Probaste poner disable_plaintext_auth = no y restartear a ver si asi
te authentica?
Reply to: