1

Topic: "Login Required" / failed login

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.1
- Deployed with iRedMail Easy or the downloadable installer? I followed this guide, so I assume the downloadable installer.
- Linux/BSD distribution name and version: Ubuntu 18.04 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB
- Web server (Apache or Nginx): Apache2
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello there.

I've got all my domains behind an nginx proxy. domain.tld is a seperate vm with only static html pages. mail.domain.tld hosts roundcube (by editing the 00-default-ssl to *-subdomain). iredadmin remained at default, so still accessable at */iredadmin, which I plan on blocking on wan. I happened to actually be typing too long and got logged out. I was going to say that dovecot didn't log anything as that was at 3:40.

/var/log/dovecot/dovecot.log after enabling logging as seen here.
The quota is set at 8196MB so no way it's nearly full.

Jul 27 03:38:12 bs-mail dovecot: master: Dovecot v2.2.33.2 (d6601f4ec) starting up for pop3, imap, sieve, lmtp (core dumps disabled)
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Loading modules from directory: /usr/lib/dovecot/modules
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib15_notify_plugin.so
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mail_log_plugin.so
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib20_mailbox_alias_plugin.so
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Module loaded: /usr/lib/dovecot/modules/lib90_stats_plugin.so
Jul 27 04:01:02 bs-mail dovecot: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Jul 27 04:01:02 bs-mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Jul 27 04:01:02 bs-mail dovecot: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Jul 27 04:01:02 bs-mail dovecot: auth: Debug: Read auth token secret from /var/run/dovecot/auth-token-secret.dat
Jul 27 04:01:02 bs-mail dovecot: auth: Debug: passwd-file /etc/dovecot/dovecot-master-users: Read 1 users in 0 secs
Jul 27 04:01:02 bs-mail dovecot: auth: Debug: master in: USER#0111#011postmaster@domain.tld#011service=lda
Jul 27 04:01:02 bs-mail dovecot: auth-worker(18554): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Jul 27 04:01:02 bs-mail dovecot: auth-worker(18554): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Jul 27 04:01:02 bs-mail dovecot: auth-worker(18554): Debug: Module loaded: /usr/lib/dovecot/modules/auth/libdriver_mysql.so
Jul 27 04:01:02 bs-mail dovecot: auth-worker(18554): Debug: passwd-file /etc/dovecot/dovecot-master-users: Read 1 users in 0 secs
Jul 27 04:01:02 bs-mail dovecot: auth-worker(18554): Debug: sql(postmaster@domain.tld): SELECT LOWER('postmaster@domain.tld') AS master_user, LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, '/', mailbox.maildir)) AS home, CONCAT(mailbox.mailboxformat, ':~/', mailbox.mailboxfolder) AS mail, CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE mailbox.username='postmaster@domain.tld' AND mailbox.`enablelda`=1 AND mailbox.active=1 AND mailbox.domain=domain.domain AND domain.backupmx=0 AND domain.active=1
Jul 27 04:01:02 bs-mail dovecot: auth: Debug: userdb out: USER#0111#011postmaster@domain.tld#011master_user=postmaster@domain.tld#011home=/mnt/vmail/vmail1/domain.tld/p/o/s/postmaster/#011mail=maildir:~/Maildir#011quota_rule=*:bytes=1073741824
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: auth USER input: postmaster@domain.tld master_user=postmaster@domain.tld home=/mnt/vmail/vmail1/domain.tld/p/o/s/postmaster/ mail=maildir:~/Maildir quota_rule=*:bytes=1073741824
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Added userdb setting: mail=maildir:~/Maildir
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Added userdb setting: plugin/master_user=postmaster@domain.tld
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Added userdb setting: plugin/quota_rule=*:bytes=1073741824
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Effective uid=2000, gid=2000, home=/mnt/vmail/vmail1/domain.tld/p/o/s/postmaster/
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Quota root: name=user backend=dict args=:proxy::quotadict
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Quota rule: root=user mailbox=* bytes=1073741824 messages=0
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Quota warning: bytes=1073741824 (100%) messages=0 reverse=no command=quota-warning 100 postmaster@domain.tld
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Quota warning: bytes=1020054732 (95%) messages=0 reverse=no command=quota-warning 95 postmaster@domain.tld
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Quota warning: bytes=966367641 (90%) messages=0 reverse=no command=quota-warning 90 postmaster@domain.tld
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Quota warning: bytes=912680550 (85%) messages=0 reverse=no command=quota-warning 85 postmaster@domain.tld
Jul 27 04:01:02 bs-mail dovecot: lda(postmaster@domain.tld): Debug: Quota grace: root=user bytes=107374182 (10%)

/var/log/nginx/access.log

192.168.1.2 - - [27/Jul/2020:04:22:09 +0200] "GET / HTTP/1.1" 200 2220 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:22:16 +0200] "GET /iredadmin HTTP/1.1" 200 1354 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:22:50 +0200] "POST /iredadmin/login HTTP/1.1" 303 5 "https://mail.domain.tld/iredadmin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:22:50 +0200] "GET /iredadmin/dashboard/checknew HTTP/1.1" 303 5 "https://mail.domain.tld/iredadmin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:22:50 +0200] "GET /iredadmin/login?msg=loginRequired HTTP/1.1" 200 1415 "https://mail.domain.tld/iredadmin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:22:54 +0200] "GET /iredadmin/login?msg=loginRequired HTTP/1.1" 200 1415 "https://mail.domain.tld/iredadmin" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:23:01 +0200] "POST /iredadmin/login HTTP/1.1" 303 5 "https://mail.domain.tld/iredadmin/login?msg=loginRequired" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:23:01 +0200] "GET /iredadmin/dashboard/checknew HTTP/1.1" 303 5 "https://mail.domain.tld/iredadmin/login?msg=loginRequired" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"
192.168.1.2 - - [27/Jul/2020:04:23:01 +0200] "GET /iredadmin/login?msg=loginRequired HTTP/1.1" 200 1415 "https://mail.domain.tld/iredadmin/login?msg=loginRequired" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36"

/var/log/nginx/error.log, host ip would be my public ip, 192.168.1.2 is the proxy.

2020/07/27 02:25:45 [error] 8735#8735: *38210 open() "/opt/www/roundcubemail/api/jsonws/invoke" failed (2: No such file or directory), client: 192.168.1.2, server: *.domain.tld, request: "POST /api/jsonws/invoke HTTP/1.1", host: "<host ip>"
2020/07/27 02:25:46 [error] 8735#8735: *38211 access forbidden by rule, client: 192.168.1.2, server: *.domain.tld, request: "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", host: "<host ip>"
2020/07/27 02:25:47 [error] 8735#8735: *38212 access forbidden by rule, client: 192.168.1.2, server: *.domain.tld, request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", host: "<host ip>"

Thanks in advance.

2

Re: "Login Required" / failed login

What's the original error message on Roundcube web UI, and related log lines in Roundcube log file (/var/log/maillog)?

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

3

Re: "Login Required" / failed login

I've got mail.log, mail.log.1 and maillog.

This is highlighted in red and shown twice, that's the mail.log.

NOTICE: reconnecting in response to: err=2006, HY000, DBD::mysql::st execute failed: MySQL server has gone away at (eval 108) line 173.

Mail.log.1 contains up to 27/07 and maillog the same as mail.log but without syntax highlighting.

I plan on trying to set it up from scratch again.

2 questions,

How can I set it up from the beginning, in a proper way, as a subdomain with a vhost? Is there any documentation on that?
I used mailjet as smtp relay, sending mail worked but receiving however didn't. I also tried with a vps that had port 25 open for sure, as my isp claims to be blocking port 25 on all connections except for a special business package that doesn't come with all business connections by default, by using iptables with these commands:

iptables -A INPUT -p tcp -m state --state NEW --dport 25 -i ens3 -j ACCEPT
iptables -A PREROUTING -t nat -i ens3 -p tcp --dport 25 -j DNAT --to <ip>:26
iptables -A INPUT -p tcp -m state --state NEW --dport 587 -i ens3 -j ACCEPT
iptables -A PREROUTING -t nat -i ens3 -p tcp --dport 587 -j DNAT --to <ip>:587
iptables -A INPUT -p tcp -m state --state NEW --dport 2525 -i ens3 -j ACCEPT
iptables -A PREROUTING -t nat -i ens3 -p tcp --dport 2525 -j DNAT --to <ip>:2525
iptables -A INPUT -p tcp -m state --state NEW --dport 465 -i ens3 -j ACCEPT
iptables -A PREROUTING -t nat -i ens3 -p tcp --dport 465 -j DNAT --to <ip>:465
iptables -A INPUT -p tcp -m state --state NEW --dport 993 -i ens3 -j ACCEPT
iptables -A PREROUTING -t nat -i ens3 -p tcp --dport 993 -j DNAT --to <ip>:993

I then made an A record and mx record pointing to this vps but it still didn't receive any mail. Any ideas?

Thanks in advance