1

Topic: Roundcube - no login possible - iRedAdmin - sometimes

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.8.4
- Linux/BSD distribution name and version: Ubuntu 18.02 LTS Server
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  mySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

Looks like bad luck or a bug in somewhere or thumbs-only, lefthanded. My best guess is, I srewed up some settings.

* Login into Ubuntu is fine
* Login into iRedAdmin-Pro works with 2 accounts, but not with accounts from domains other the the main domain
* Login into Roundcube doesn't work at all, the log of Dovecot says:

May  7 08:50:50 mail dovecot: doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider removing it from ssl_protocols.
May  7 08:50:50 mail dovecot: config: Warning: SSLv2 not supported by OpenSSL. Please consider removing it from ssl_protocols.
May  7 09:27:25 mail dovecot: master: Dovecot v2.2.33.2 (d6601f4ec) starting up for pop3, imap, sieve, lmtp (core dumps disabled)

In the conf file SSLv2 and SSLv3 is turned off.

If I need a support ticket for this, let me know.

Greetings,
Peter

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Roundcube - no login possible - iRedAdmin - sometimes

p.schumacher wrote:

May  7 08:50:50 mail dovecot: doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider removing it from ssl_protocols.

Remove "SSLv2" from parameter "ssl_protocols =" in /etc/dovecot/dovecot.conf.

3

Re: Roundcube - no login possible - iRedAdmin - sometimes

Hello,

It's already off:

# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# http://wiki2.dovecot.org/SSL/DovecotConfiguration
ssl_protocols = !SSLv2 !SSLv3
verbose_ssl = no
#ssl_ca = </path/to/ca
ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key

# Fix 'The Logjam Attack'
#Origignal ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+A$
ssl_cipher_list =ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:$
ssl_prefer_server_ciphers = yes

4

Re: Roundcube - no login possible - iRedAdmin - sometimes

Just checked:

$ dovecot -c /etc/dovecot/dovecot.conf
doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider removing it from ssl_protocols.
doveconf: Warning: SSLv2 not supported by OpenSSL. Please consider removing it from ssl_protocols.
Fatal: open(/var/run/dovecot/master.pid) failed: Permission denied

At least a hint. Changing the permission to-all-open-and-read-writeable, restarting Dovecot didn't change it.

5

Re: Roundcube - no login possible - iRedAdmin - sometimes

Getting closer, checked the log and found:

May 08 11:44:27 auth: Debug: client in: AUTH    1    PLAIN    service=imap    secured    session=i+jgoa5rROB/AAAB    lip=127.0.0.1    rip=127.0.0.1    lport=143    rport=57412    resp=AHBvc3RtYXN0ZXJANGQtY29uc3Vse8GluZy5kZQBXaW50ZXJJbkJpbmdlbioyMDE4 (previous base64 data may contain sensitive data)
May 08 11:44:27 auth: Debug: passwd-file(postmaster@4d-consulting.de,127.0.0.1,<i+jgoa5rROB/AAAB>): lookup: user=postmaster@4d-consulting.de file=/etc/dovecot/dovecot-master-users
May 08 11:44:27 auth: Info: passwd-file(postmaster@4d-consulting.de,127.0.0.1,<i+jgoa5rROB/AAAB>): unknown user (given password: somepassword)
May 08 11:44:29 auth: Debug: client passdb out: FAIL    1    user=postmaster@4d-consulting.de
May 08 11:44:29 imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<postmaster@4d-consulting.de>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<i+jgoa5rROB/AAAB>

What's about this "unknown user"? It's definetly an user. The password is correct.

NANO the file '/etc/dovecot/dovecot-master-users'  => it's emtpy.

Seems to be more a question about how to restore/recreate the "passwd-file".  Any hints? Thanks!

6

Re: Roundcube - no login possible - iRedAdmin - sometimes

p.schumacher wrote:

ssl_protocols = !SSLv2 !SSLv3

Just remove "!SSLv2" in this line, then restart dovecot service.

7

Re: Roundcube - no login possible - iRedAdmin - sometimes

Hi,

did this, didn't help, still no login. Config:

# SSL: Global settings.
# Refer to wiki site for per protocol, ip, server name SSL settings:
# http://wiki2.dovecot.org/SSL/DovecotConfiguration
# ssl_protocols = !SSLv2 !SSLv3 # disabled by ZG advice, removed !SSLv2
ssl_protocols = !SSLv3
verbose_ssl = no
#ssl_ca = </path/to/ca
ssl_cert = </etc/ssl/certs/iRedMail.crt
ssl_key = </etc/ssl/private/iRedMail.key

# Fix 'The Logjam Attack'
#Origignal ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
ssl_cipher_list =ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
ssl_prefer_server_ciphers = yes


The log says:


AUTH    1    PLAIN    service=imap    secured    session=/vlJSddrUsx/AAAB    lip=127.0.0.1    rip=127.0.0.1    lport=143    rport=52306    resp=AHBvc3RtYXN0ZXJANGQtY29usric3VsdGluZy5kZQA2YjJ7YXkzRQ== (previous base64 data may contain sensitive data)
May 10 12:14:35 auth: Debug: passwd-file(postmaster@4d-consulting.de,127.0.0.1,</vlJSddrUsx/AAAB>): lookup: user=postmaster@4d-consulting.de file=/etc/dovecot/dovecot-master-users
May 10 12:14:35 auth: Info: passwd-file(postmaster@4d-consulting.de,127.0.0.1,</vlJSddrUsx/AAAB>): unknown user (given password: xxxxxx)
May 10 12:14:37 auth: Debug: client passdb out: FAIL    1    user=postmaster@4d-consulting.de
May 10 12:14:37 imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<postmaster@4d-consulting.de>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=</vlJSddrUsx/AAAB>

I can see the users inside the SQL table. Might it be helpful to go back to Ubuntu 16.04 - there I had my iRedMail (not the Pro) up and running.

Peter

8

Re: Roundcube - no login possible - iRedAdmin - sometimes

p.schumacher wrote:

The log says:

Please show us FULL log related to IMAP login in Dovecot log file. You didn't copy the most important part - SQL command used to query user account.

9 (edited by p.schumacher 2018-05-18 16:35:45)

Re: Roundcube - no login possible - iRedAdmin - sometimes

Hi,

You can close this case, it's solved, kind of.
Digging thru all the logs seemed to be too costly, so I decide to re-install everything. Now it's working.

Greetings,
Peter