1

Topic: Roundcube Webmail - Encryption function missing

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.2
- Deployed with iRedMail Easy or the downloadable installer? downloadable
- Linux/BSD distribution name and version: Debian 11
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? No
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I installed new clean version of iRedMail-1.4.2 on fresh installed Debian 11.
After creating the first user, and after the user logged in via Roundcube webmail, user tried to change the password after which the next error occurred: "Could not save new password. Encryption function missing."

On older versions of iRedMail the password change worked after a fresh installation.

Any idea?

Thanks in advance,

2

Re: Roundcube Webmail - Encryption function missing

We just finished the installation on Debian 10, all initially set up as on Debian 11, we tested the user password change and the password was changed successfully.

It is evident that the problem occurs due to the difference between the versions of the operating system (Debian 10, and Debian 11).

Do you have any idea?


Best regards,

3

Re: Roundcube Webmail - Encryption function missing

any related logs (mostly php error) from and missing php mod

4

Re: Roundcube Webmail - Encryption function missing

There is no any logs, we can't find any errors.
We compared php modules on both machines (Debian 10 and Debian 11), and they are the same.

[PHP Modules]
calendar
Core
ctype
curl
date
dom
exif
FFI
fileinfo
filter
ftp
gd
gettext
hash
iconv
intl
json
libxml
mbstring
mysqli
mysqlnd
openssl
pcntl
pcre
PDO
pdo_mysql
Phar
posix
readline
Reflection
session
shmop
SimpleXML
sockets
sodium
SPL
standard
sysvmsg
sysvsem
sysvshm
tokenizer
xml
xmlreader
xmlwriter
xsl
Zend OPcache
zip
zlib

[Zend Modules]
Zend OPcache

5 (edited by skipe88 2021-10-18 17:45:18)

Re: Roundcube Webmail - Encryption function missing

We added the following at the end of the file roundcube/config/config.inc.php:

###
// system error reporting, sum of: 1 = log; 4 = show
$config['debug_level'] = 4;

// Log SQL queries
$config['sql_debug'] = true;

// Log IMAP conversation
$config['imap_debug'] = true;

// Log LDAP conversation
$config['ldap_debug'] = true;

// Log SMTP conversation
$config['smtp_debug'] = true;
###

We simulated a password change and inside /var/log/mail.log we got only the following:

Oct 18 05:15:47 mxtest roundcube: <v593amnb> [1] SELECT `vars`, `ip`, `changed`, now() AS ts FROM `session` WHERE `sess_id` = 'v593amnbp9c24ei53rcnjf93qv';
Oct 18 05:15:47 mxtest roundcube: <v593amnb> [2] SELECT * FROM `users` WHERE `user_id` = '2';
Oct 18 05:15:47 mxtest roundcube: <v593amnb> [3] UPDATE `session` SET `changed` = now() WHERE `sess_id` = 'v593amnbp9c24ei53rcnjf93qv';



Note:
The password can be changed regularly through iRedAdmin interface.

6

Re: Roundcube Webmail - Encryption function missing

Does installing package "mcrypt" fix the issue?

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

7

Re: Roundcube Webmail - Encryption function missing

We installed package "mcrypt" on other (production) server but it didn't work. It was our first option to try to solve this problem.

This forced us to set up two test servers (on one Debian 10, and on the other Debian 11) and to go through the same iRedMail installation process on both servers in order to solve this problem.


We solved the problem in another way.
Inside roundcubemail/plugins/password/config.inc.php we changed:

-----------------------------------------------------------------------------------------------------------------
/////$config['password_algorithm'] = 'clear';
$config['password_algorithm'] = 'ssha512';

/////$config['password_algorithm_prefix'] = '';
$config['password_algorithm_prefix'] = '{SSHA512}';

// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as follows:
//      %p is replaced with the plaintext new password
//      %P is replaced with the crypted/hashed new password
//         according to configured password_method
//      %o is replaced with the old (current) password
//      %O is replaced with the crypted/hashed old (current) password
//         according to configured password_method
//      %h is replaced with the imap host (from the session info)
//      %u is replaced with the username (from the session info)
//      %l is replaced with the local part of the username
//         (in case the username is an email address)
//      %d is replaced with the domain part of the username
//         (in case the username is an email address)
// Deprecated macros:
//      %c is replaced with the crypt version of the new password, MD5 if available
//         otherwise DES. More hash function can be enabled using the password_crypt_hash
//         configuration parameter.
//      %D is replaced with the dovecotpw-crypted version of the new password
//      %n is replaced with the hashed version of the new password
//      %q is replaced with the hashed password before the change
// Escaping of macros is handled by this module.
// Default: "SELECT update_passwd(%c, %u)"
/////$config['password_query'] = "UPDATE mailbox SET password=%D,passwordlastchange=NOW() WHERE username=%u";
$config['password_query'] = "UPDATE mailbox SET password=%P,passwordlastchange=NOW() WHERE username=%u";
-----------------------------------------------------------------------------------------------------------------

We have seen that there are differences between the versions of Dovecot:
2.3.4.1 (f79e8e7e4) - Debian 10
2.3.13 (89f716dc2) - Debian 11

We assume that this could be the source of this problem. (Maybe you should investigate this in more detail.)

8 (edited by creasit 2021-11-17 18:00:26)

Re: Roundcube Webmail - Encryption function missing

Hello,

I had exact same problem from Debian 10 to 11 upgrade. Your solution is OK for me too, thank you.

Initial setup was on Debian 9 with Iredmail 0.9.7, and by the upgrades we're up-to-date to 1.4.2 , and Roundcube to 1.5.0 before the Debian upgrade.

Maybe something to add in the upgrade page here https://docs.iredmail.org/upgrade.debian.10-11.html

9

Re: Roundcube Webmail - Encryption function missing

Thank you very much, we had the exactly same problem, solved with your "patch".


skipe88 wrote:

We installed package "mcrypt" on other (production) server but it didn't work. It was our first option to try to solve this problem.

This forced us to set up two test servers (on one Debian 10, and on the other Debian 11) and to go through the same iRedMail installation process on both servers in order to solve this problem.


We solved the problem in another way.
Inside roundcubemail/plugins/password/config.inc.php we changed:

-----------------------------------------------------------------------------------------------------------------
/////$config['password_algorithm'] = 'clear';
$config['password_algorithm'] = 'ssha512';

/////$config['password_algorithm_prefix'] = '';
$config['password_algorithm_prefix'] = '{SSHA512}';

// The SQL query used to change the password.
// The query can contain the following macros that will be expanded as follows:
//      %p is replaced with the plaintext new password
//      %P is replaced with the crypted/hashed new password
//         according to configured password_method
//      %o is replaced with the old (current) password
//      %O is replaced with the crypted/hashed old (current) password
//         according to configured password_method
//      %h is replaced with the imap host (from the session info)
//      %u is replaced with the username (from the session info)
//      %l is replaced with the local part of the username
//         (in case the username is an email address)
//      %d is replaced with the domain part of the username
//         (in case the username is an email address)
// Deprecated macros:
//      %c is replaced with the crypt version of the new password, MD5 if available
//         otherwise DES. More hash function can be enabled using the password_crypt_hash
//         configuration parameter.
//      %D is replaced with the dovecotpw-crypted version of the new password
//      %n is replaced with the hashed version of the new password
//      %q is replaced with the hashed password before the change
// Escaping of macros is handled by this module.
// Default: "SELECT update_passwd(%c, %u)"
/////$config['password_query'] = "UPDATE mailbox SET password=%D,passwordlastchange=NOW() WHERE username=%u";
$config['password_query'] = "UPDATE mailbox SET password=%P,passwordlastchange=NOW() WHERE username=%u";
-----------------------------------------------------------------------------------------------------------------

We have seen that there are differences between the versions of Dovecot:
2.3.4.1 (f79e8e7e4) - Debian 10
2.3.13 (89f716dc2) - Debian 11

We assume that this could be the source of this problem. (Maybe you should investigate this in more detail.)

10

Re: Roundcube Webmail - Encryption function missing

This should be fixed during next roundcube upgrade... the D macro is being replaced by P.

11

Re: Roundcube Webmail - Encryption function missing

The solution is: in plugin/password/config.inc.php, set "password_algorithm" to "dovecot", then replace "%D" by "%P".

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee