Dovecot log strange... for me :)

Discussion in 'Server Operation' started by kokusoft, Nov 13, 2011.

  1. kokusoft

    kokusoft New Member

    logwatch report a strange (for me) error which I do not understand:

    --------------------- pam_unix Begin ------------------------

    dovecot:
    Authentication Failures:
    user1@mydomain.ro rhost=127.0.0.1 : 395 Time(s)
    user2@mydomain.ro rhost=192.168.100.1 : 325 Time(s)
    .
    .
    .

    it's available for all users



    --------------------- Connections (secure-log) Begin ------------------------


    **Unmatched Entries**
    dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user user1@mydomain.ro
    dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user user2@mydomain.ro
    ...

    it's available for all users

    The email service working well... but dovecot report this malfunction
    Please help for fix this.
    Thanks
     
  2. kokusoft

    kokusoft New Member

    Nobody can help me? I'm a stupid guy or it's a really malfunction?
     
  3. till

    till Super Moderator

    Looks as if someone tried to authenticate to a local webmail client with a non existing email user.
     
  4. kokusoft

    kokusoft New Member

    Looks.. but they exist
     
  5. xemox

    xemox New Member

    1. open 2 windows, first for `tail -f $your_dovecot.log` and second for debugging process

    2. debug your mail server (pop3,pop3s,imap,imaps) with this:
    Code:
    -- to debug POP3 --
    # telnet x.x.x.x 110
    user USERNAME
    pass PASSWORD
    stat
    quit
    
    -- to debug IMAP --
    # telnet x.x.x.x 143
    a login USERNAME PASSWORD
    a examine inbox
    a logout
    
    -- to debug POP3 over SSL --
    # openssl s_client -connect x.x.x.x:995
    (then use same commands as POP3 example)
    
    -- to debug IMAP over SSL --
    # openssl s_client -connect x.x.x.x:993
    (then use same commands as IMAP example)
    and see what happend in first window (both using valid and invalid credential).
     
  6. kokusoft

    kokusoft New Member

    [root@server log]# telnet localhost pop3
    Trying 127.0.0.1...
    Connected to localhost.localdomain (127.0.0.1).
    Escape character is '^]'.
    +OK Dovecot ready.
    user user1@mydomain.ro
    +OK
    pass user1password
    +OK Logged in.
    stat
    +OK 105 23802727
    quit
    +OK Logging out.
    Connection closed by foreign host.
    You have new mail in /var/spool/mail/root


    tail -f /var/log/maillog


    Nov 15 21:44:06 server dovecot: pop3-login: Login: user=<userxxx@mydomain.ro>, method=PLAIN, rip=1.2.3.4, lip=192.168.100.xxx
    Nov 15 21:44:07 server dovecot: POP3(userxxx@mydomain.ro): Disconnected: Logged out top=0/0, retr=0/0, del=0/1693, size=775238220
    Nov 15 21:45:01 server dovecot: pop3-login: Login: user=<user1@mydomain.ro>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
    Nov 15 21:45:01 server dovecot: pop3-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Nov 15 21:45:01 server dovecot: imap-login: Disconnected (no auth attempts): rip=127.0.0.1, lip=127.0.0.1, secured
    Nov 15 21:45:01 server postfix/smtpd[26705]: connect from localhost.localdomain[127.0.0.1]
    Nov 15 21:45:01 server postfix/smtpd[26705]: lost connection after CONNECT from localhost.localdomain[127.0.0.1]
    Nov 15 21:45:01 server postfix/smtpd[26705]: disconnect from localhost.localdomain[127.0.0.1]
     

Share This Page