1 Topic by hainan (edited by hainan 2023-10-05 21:59:58)

  • hainan
  • Member
  • Offline
  • Registered: 2011-04-11
  • Posts: 47

Topic: Users can not change their passwords.

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.6.5
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu 20.4.6 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hi

After upgrading iRedMail 1.6.5, users can not change their password in roundcube. Also i figure out that roundcube file permission is root user. chown files to www-data. What is the correct user for rouncube files?

Edit: I'm getting this error in maillog.

DB Error: [1064] You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '%D,passwordlastchange=NOW() WHERE username='username@example.com'' at line 1 (SQL Query: UPDATE mailbox SET password=%D,passwordlastchange=NOW() WHERE username='username@example.com') in /opt/www/roundcubemail-1.4.11/program/lib/Roundcube/rcube_db.php on line 577 (POST /mail/?_task=settings&_action=plugin.password-save)

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by Cthulhu

  • Cthulhu
  • Member
  • Offline
  • Registered: 2019-06-04
  • Posts: 826

Re: Users can not change their passwords.

from what version did you upgrade?

3 Reply by hainan

  • hainan
  • Member
  • Offline
  • Registered: 2011-04-11
  • Posts: 47

Re: Users can not change their passwords.

Cthulhu wrote:

from what version did you upgrade?

iRedMail 1.6.4 -> 1.6.5
Roundcube security update.

4 Reply by mjbsecac

  • mjbsecac
  • Member
  • Offline
  • Registered: 2023-05-30
  • Posts: 5

Re: Users can not change their passwords.

Good day,

Hello Hainan, i have the same problem with our Roundcube. We can't reset or change password on Roundcube. We also noticed the logs we have the same error log. We updated the roundcube 1.4 to 1.6.3 latest version last Oct 1, 2023  . May i know if you still have problem on it? We also update IRedadmin pro from 5.4 to 5.5 still roundcube can't reset password.


Thank you

5 Reply by hainan

  • hainan
  • Member
  • Offline
  • Registered: 2011-04-11
  • Posts: 47

Re: Users can not change their passwords.

mjbsecac wrote:

Good day,

Hello Hainan, i have the same problem with our Roundcube. We can't reset or change password on Roundcube. We also noticed the logs we have the same error log. We updated the roundcube 1.4 to 1.6.3 latest version last Oct 1, 2023  . May i know if you still have problem on it? We also update IRedadmin pro from 5.4 to 5.5 still roundcube can't reset password.


Thank you

Yes. The problem still continue.

6 Reply by evenmoreconfused (edited by evenmoreconfused 2023-10-18 00:18:09)

  • evenmoreconfused
  • Member
  • Offline
  • Registered: 2017-06-19
  • Posts: 61

Re: Users can not change their passwords.

This may be related to a known issue with dovecot. It's actually been fixed for a while but your distro probably hasn't yet incorporated the new version of dovecot.

See https://forum.iredmail.org/topic19733-u … dcube.html

Brief summary of the bug: iRedMail uses a utility function built into dovecot to calculate password hashes. This function (doveadm) was broken so that it always opens every file listed in the main dovecot config, even when unnecessary for its current task. When using certbot to manage keys, one file listed is the private key, which is (quite sensibly) not available to general tasks.

7 Reply by hainan

  • hainan
  • Member
  • Offline
  • Registered: 2011-04-11
  • Posts: 47

Re: Users can not change their passwords.

Thank you for the information. In my examination of my system, I found the following entry in the dovecot.conf file.

!include_try /etc/dovecot/iredmail/*.conf

There is no folder named iredmail under /etc/dovecot/. Maybe this is the source of the problem. There are SSL related config lines in the dovecot.conf file. Also SSL config entries in /etc/dovecot/conf.d/10-ssl.conf file. If the problem is in the SSL communication setup, what changes should be made? Should I enable 10-ssl.conf as mentioned in the article? I do not want to disrupt any other aspect of the actively used system.

8 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: Users can not change their passwords.

hainan wrote:

!include_try /etc/dovecot/iredmail/*.conf

Dovecot will load config files if directory exists and some ".conf" files exist, ignore it if directory or files are missing. This config line doesn't impact your password changing issue.

Please check whether password plugin config file was modified: /opt/www/roundcubemail/plugins/password/config.inc.php.