1 Topic by der.sascha

  • der.sascha
  • Member
  • Offline
  • Registered: 2015-10-04
  • Posts: 7

Topic: managesieve unable to handle BLF-CRYPTed passwords

============ Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.2
- Linux/BSD distribution name and version: FreeBSD 9.3-RELEASE-p25 (FreeNAS Jail)
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MariaDB 5.5.44
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? nope
- Related log if you're reporting an issue: -
====

When passwords are encrypted via blowfish and users try to access the Roundcube Filter Function they face a "unable to connect to server" error message.

/var/log/dovecot.log shows:
managesieve-login: Info: Aborted login (auth failed, 1 attempts in 2 secs): user=<user@domain>, method=CRAM-MD5, rip=127.0.0.1, lip=127.0.0.1, secured, session=<zYtYE10k+wB/AAAB>

Encrypting the password with CRAM-MD5 helps to work around the problem.

Adding BLF-CRYPT or BCRYPT to /usr/local/etc/dovecot/dovecot.conf  (line 'auth_mechanisms = PLAIN LOGIN CRAM-MD5 NTLM' ) causes the following errors in /var/log/dovecot.log:
Fatal: Unknown authentication mechanism 'BLF-CRYPT'
Fatal: Unknown authentication mechanism 'BCRYPT'

Is this bug or an expected behavior? Big thx in advance.

Post's attachments

roundcube_settings_filters.png
roundcube_settings_filters.png 26.2 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: managesieve unable to handle BLF-CRYPTed passwords

iRedMail supports BCRYPT on *BSD. Reference:
http://www.iredmail.org/docs/password.hashes.html

There's nothing you should change in Dovecot, that password scheme prefix in password hash matters. So, what's your BCRYPT password scheme prefix name? Show us a sample password.

3 Reply by der.sascha

  • der.sascha
  • Member
  • Offline
  • Registered: 2015-10-04
  • Posts: 7

Re: managesieve unable to handle BLF-CRYPTed passwords

Hello Zhang,

per default all passwords are blf crypted and this is also the case for this testcase. 

    MariaDB [vmail]> select username, password from mailbox;  
+---------------------------+---------------------------------------------------------------------+
| username                  | password                                                            |
+---------------------------+---------------------------------------------------------------------+
| postmaster@<domain>       | {CRYPT}$2a$........................................................ |
| testuser@<domain>         | {CRYPT}$2a$........................................................ |
+---------------------------+---------------------------------------------------------------------+

As written before, if I encrypt a users password with CRAM-MD5 Dovecot grants access to the filter function.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: managesieve unable to handle BLF-CRYPTed passwords

I cannot reproduce this issue with FreeBSD + iRedMail-0.9.2.

Roundcube performs IMAP user authentication against Dovecot IMAP server, so if BCRYPT works for webmail login, it should work when you access filter in Roundcube.

5 Reply by der.sascha

  • der.sascha
  • Member
  • Offline
  • Registered: 2015-10-04
  • Posts: 7

Re: managesieve unable to handle BLF-CRYPTed passwords

Neither i was able to recreate the situation with a new jail and the latest iredmail script but at least I have a now a fully working platform I can use to compare with my initial installation. Will keep u updated.

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,165

Re: managesieve unable to handle BLF-CRYPTed passwords

OK, topic closed. Please create a new topic for your issue if it happens again.