The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blackberry Authentication Issues

Discussion in 'E-mail Discussions' started by getgreen, Apr 1, 2011.

  1. getgreen

    getgreen Member

    Joined:
    Apr 1, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi,

    Im having issues with my BlackBerry users, who cannot authenticate with the email setup on my server.

    I am running CentOS, EXIM, Dovecot and spamd as my mail services..

    When I look at the logs, this is what happens when a BlackBerry phone tries to connect:

    The credentials they are using (and myself), are 100% correct.

    Dovecot throws out the following

    Mar 27 16:29:38 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,41.5.53.160) : execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
    Mar 27 16:29:38 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,41.5.53.160) : Received no input
    Mar 27 16:29:38 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,41.5.53.160) : exit_status=1
    Mar 27 16:29:38 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,41.5.53.160) : Login failed (status=1)


    and another

    Mar 30 10:40:21 carbonfree dovecot: auth(default): client in: AUTH 2501 PLAIN service=imap secured lip=50.23.15.139 rip=178.239.83.1 lport=993 rport=14742 resp=AGNocmlzQGNocmlzZWRpbmd0b24uY29tADN3ZXI$
    Mar 30 10:40:21 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,178.239.83.1 ): execute: /usr/local/cpanel/bin/dovecot-auth /usr/libexec/dovecot/checkpassword-reply
    Mar 30 10:40:21 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,178.239.83.1 ): Received no input
    Mar 30 10:40:21 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,178.239.83.1 ): exit_status=1
    Mar 30 10:40:21 carbonfree dovecot: auth(default): checkpassword(chris@chrisedington.com,178.239.83.1 ): Login failed (status=1)
    Mar 30 10:40:23 carbonfree dovecot: auth(default): client out: FAIL 2501 user=chris@chrisedington.com

    Any ideas on why this would be happening just off BlackBerry?

    Below is my dovecot -n

    Code:
    # 1.2.16: /etc/dovecot.conf
    # OS: Linux 2.6.18-194.32.1.el5 i686 CentOS release 5.5 (Final)
    protocols: imap imaps pop3 pop3s
    ssl_cert_file: /etc/dovecot/ssl/dovecot.crt
    ssl_key_file: /etc/dovecot/ssl/dovecot.key
    ssl_cipher_list: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
    disable_plaintext_auth: no
    login_dir: /var/run/dovecot/login
    login_executable(default): /usr/libexec/dovecot/imap-login
    login_executable(imap): /usr/libexec/dovecot/imap-login
    login_executable(pop3): /usr/libexec/dovecot/pop3-login
    login_process_per_connection: no
    login_processes_count: 2
    login_max_processes_count: 50
    login_max_connections: 500
    mail_max_userip_connections(default): 40
    mail_max_userip_connections(imap): 40
    mail_max_userip_connections(pop3): 20
    mailbox_idle_check_interval: 25
    maildir_copy_preserve_filename: yes
    mail_executable(default): /usr/libexec/dovecot/imap
    mail_executable(imap): /usr/libexec/dovecot/imap
    mail_executable(pop3): /usr/libexec/dovecot/pop3
    mail_plugins(default): quota imap_quota
    mail_plugins(imap): quota imap_quota
    mail_plugins(pop3): quota
    mail_plugin_dir(default): /usr/lib/dovecot/imap
    mail_plugin_dir(imap): /usr/lib/dovecot/imap
    mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
    pop3_uidl_format(default): %08Xu%08Xv
    pop3_uidl_format(imap): %08Xu%08Xv
    pop3_uidl_format(pop3): UID%u-%v
    pop3_logout_format(default): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
    pop3_logout_format(imap): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s
    pop3_logout_format(pop3): top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o
    namespace:
      type: private
      prefix: INBOX.
      inbox: yes
      list: yes
      subscriptions: yes
    lda:
      postmaster_address: postmaster@example.com
    auth default:
      mechanisms: plain login
      cache_size: 1024
      cache_ttl: 800
      cache_negative_ttl: 800
      username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789!#$-=?^_{}~./@+%
      verbose: yes
      debug: yes
      debug_passwords: yes
      passdb:
        driver: checkpassword
        args: /usr/local/cpanel/bin/dovecot-auth
      userdb:
        driver: prefetch
      socket:
        type: listen
        client:
          path: /var/run/dovecot/auth-client
          mode: 438
    plugin:
      quota: maildir
      quota_rule: Trash:ignore
     
  2. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  3. getgreen

    getgreen Member

    Joined:
    Apr 1, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the reply..

    I think I will try disabling the firewall, but my hosts seem to think the firewall isnt the issue..

    They added those IPs for RIM/BlackBerry to /etc/firewall/INCLUDE.

    Will try and then report back..
     
  4. getgreen

    getgreen Member

    Joined:
    Apr 1, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Could it have anything to do with a self-signed certificate (listed in WHM)

    Exim (SMTP) Server and Dovecot Mail Server both have a self signed cert like this:


    Issuer: C=US, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=carbonfree.getgreenhost.com/emailAddress=ssl@carbonfree.getgreenhost.com
    Not Before: Feb 12 21:28:14 2011 GMT
    Not After: Feb 12 21:28:14 2012 GMT
    Subject: C=US, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=carbonfree.getgreenhost.com/emailAddress=ssl@carbonfree.getgreenhost.com
    Self Signed: YES
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Did you already try disabling the firewall temporarily yet? The prior discussions with the error were about the IPs needing to be whitelisted in the existing firewall. As such, until that has been confirmed as not the cause, it isn't possible to speculate on other reasons.
     
  6. getgreen

    getgreen Member

    Joined:
    Apr 1, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Hi Tristan,

    No luck with firewall completely disabled unfortunately..
     
  7. getgreen

    getgreen Member

    Joined:
    Apr 1, 2011
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    And we have a winner.

    Solution:

    Disabled CPHulk (going to find a way for them to play nice), and bumped up my Dovecot settings a bit, increased max connections and some other stuff.

    Good look to all who found this thread!
     
  8. Pr0Ff3z0r

    Pr0Ff3z0r Member

    Joined:
    Apr 8, 2011
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Getgreen,

    Thank you for your information, you saved me from a very frustrating situation!

    I've also gone one step further and added the list of IP's that RIM use into the whitelist for CPHulk, that way I won't run into this problem again!

    Instead of turning of CPHulk you can also just flush the DB for CPHulk and the authentication for RIM's server will work.

    Regards,
     
  9. TrustGate

    TrustGate Registered

    Joined:
    Sep 5, 2011
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Guys,

    I know im a little late on this thread, but another alternative I found was adding the following in the cPHulk white list:

    173.247.32.0/19
    178.239.80.0/20
    193.109.81.0/24
    204.187.87.0/24
    206.51.26.0/24
    206.53.144.0/20
    216.9.240.0/20
    67.223.64.0/19
    68.171.224.0/19
    74.82.64.0/19
    93.186.16.0/20

    Regards
     
  10. florenceit

    florenceit Member

    Joined:
    Jan 11, 2010
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    THANK YOU! was pulling my hair out!!!



     
  11. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    In my case, I had CPHulk disabled too.
    So the blackberry account could be configured only after the CSF firewall was disabled.
     
  12. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
  13. albatroz

    albatroz Well-Known Member

    Joined:
    Mar 6, 2003
    Messages:
    258
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Virtual Orbis / Peru
    cPanel Access Level:
    Root Administrator
    Do they update that list regularly?
    I found a similar list in another website, that missed the last 2 IP ranges.
     
  14. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    This is blackberry's own site that I just linked for the knowledge base article. If they aren't updating their KB article when any ranges are added, that would truly be a Blackberry issue rather than anything else.

    Also, the last modified date is listed on the article itself:

    11-10-2011

    I cannot say how frequently they update it, but you could always try to script something to periodically check the page for any modification date and then add any new ranges.
     
Loading...

Share This Page