How are ajenti mail store user accounts?

[anonprophet]

How are ajenti mail store user accounts?

i want to setup roundcube change password plugins,

http://www.roundcubeforum.net/index.php?topic=9729.0

and this issue already fixed? http://support.ajenti.org/topic/709072-allowing-non-ajenti-users-to-change-their-mail-password/

[Xefir]

The ajenti's configuration for mail is in /etc/ajenti/mail.json, but it'll be hard to do what you want to do.

Because ajenti load all of the config on memory, so if you change this file, it'll not apply on real ajenti, except if you force a restart or a reload of ajenti.

[janxb]

If this Issue is still relevant: You may want to try the CLI commands for managing/reloading ajenti-v config.

http://support.ajenti.org/topic/431196-managing-ajenti-v-from-command-line/

[janxb]

Unfortunately, my advice did not work. The only IPC command is for reloading the web config, but this does not reload mail configs. For now, i don't have another idea to solve this problem. The only way to have users change their passwords is to create a custom application which changes the password in couriers userdb and also in the ajenti config file mail.json..

[davidoster]

Check here: http://support.ajenti.org/topics/700-/

[janxb]

But this only changes the password in couriers user database. The mail passwords are also stored in the ajenti config file mentioned above. You have to find a way to change both places, if you don't change the config, the courier password gets overwritten if the ajenti config is applied..

[davidoster]

Try it. I am using this method and I have no problems.

[janxb]

This is definitively NOT working! I tried, password change is working, but when you change something in the mail config via ajenti, the changed password is overwritten! So as of now, you HAVE to write some script on your own, which sync's back the changed passwords from courier!

[davidoster]

I don't quite follow you here. By the time you set a domain the mail configuration is done. Then you create individual emails under Mail tab. No other configuration can be changed under ajenti-v! Even if you create a new email for a website the old emails keep their passwords!

So please define what do you mean as mail config via ajenti.

[janxb]

And this point is not true! If you create a new email adress, or forwarding, or whatever, you have to press the button "apply settings" in the mail section. And after you have done that, every user account in the courier userdb gets deleted and recreated with the passwords stored in the ajenti config file.

So to make it short: Every time you press the "apply settings" button, every change you have done gets deleted. This is also true for adding additional FTP accounts, but for this I have created a workaround (see here: https://github.com/janxb/ServerUtils/blob/master/scripts/add_ftp_users.sh)

[davidoster]

I am sorry but this is not what happens on my system (Debian + Ubuntu with the latest versions). I had my domain + website configured, eletter.gr a while back. For testing reasons:

1. I have created test01@eletter.gr & test02@eletter.gr
2. I have set both with the same password via ajenti panel
3. I have logged via my email client (rainloop) on test01 using the password from step 2
4. I changed the password from within rainloop of test01 to a completely different password and logged out
5. I logged in again on test01 with the new password --> OK
6. I logged in on test02 with the password from step 2 --> OK
7. I logged in on other emails I use under eletter.gr --> ALL OK

Sorry but I do not support what you're saying because I can not reproduce it. Supply us with a detailed (as above) sequence of actions in order to check it.

[davidoster]

REWRITE: You are actually absolutely right! I did what you said and the passwords are rewritten!!! This is bad news!!!

[mikestp27]

I can also confirm the problem. It's not a huge deal for me since I only have a few email accounts and they're all for my personal use. I have RoundCube installed with the password plugin but I can't really use RoundCube to change the password since Ajenti will overwrite it as soon as something changes in emails. Repro steps:

1. Assuming you have email setup and working properly
2. Use external tool to change email account password (example: RoundCube password plugin)
3. New password will work fin in RoundCube and with any other email client setup for that account (example: Thunderbird)
4. If for some reason you need to edit email settings in Ajenti or add a new email account, or add a forwarder... the changes to passwords are lost and reverted to the initial passwords that were setup in Ajenti when the email accounts were originally created. That is really problematic if you host email accounts for other people. You want them to be able to set their own passwords and you don't want to reset their password everytime you change something in Ajenti's email setup; or simply add a new email account.

[janxb]

I'm glad that we finally understand each other.. ;) I am currently working on a fix for this problem, because we are hosting mails and web based office for our organization with ajenti. If i solve this problem, i will report back :)

[davidoster]

Thank you!

[mikestp27]

I just found out that Ajenti stores email account passwords in plain text in: /etc/ajenti/mail.json. It bothers me...
I don't think Ajenti should keep a copy of the passwords. It uses courier to store them encrypted (and that's fine). But why keep a plain text version? And Ajenti will not display those passwords in the UI anyway, so why are they kept in the json file?
The passwords should be saved to courrier only and that should be done once only when a non-blank password is entered in an email account UI. Otherwise, the passwords in courier should be left alone.

[janxb]

But the complete config is regenerated if you save anything. So you cant generate the user accounts if you dont have the passwords. Also if you want to port your config to another server, maybe for a cluster setup, you will need the passwords..

[mikestp27]

Thank you @janxb for working on this.

[Eugeny]

@mikestp27 we keep them because it's just cleaner to regenerate the whole configuration. I've just updated v-mail to support ajenti-ipc vmail apply command.

[mikestp27]

Thank you @Eugeny but I'm not sure what to do with that... How does it work? Or how does it solve the issue of using external tools like RoundCube to change passwords? I tried to find some docs but could not find much. I suppose we could call this from a script like the RoundCube plugin to update the Ajenti config to match the new password? That'd be great! Thank you.

[davidoster]

@mikestp27 check here: http://support.ajenti.org/topics/1113-managing-ajenti-v-from-command-line/ I am not sure what the new update does but probably import/export of vmail settings?

[janxb]

@Eugeny That will be really nice! I will test it as soon as it is available.

The new ipc command allows us to only change the mail.json config file and every dependent config is updated. For reference, see my ajenti mail management tool (work in progress..) https://github.com/janxb/AjentiMailAdmin

[davidoster]

@Eugeny question: is it feasible and preferable to change on courier/authdeamonrc the authmodulelist to use authmysql? Wouldn't that then solve any problems as the above?

[davidoster]

I need to congratulate @janxb for this fine solution for changing emails, https://github.com/janxb/AjentiMailAdmin I have tested it here (http://emails.eletter.gr/), not with the true mail.json of course, at least yet and it works as expected. I even pushed a request for Greek literals.

Thanks again @janxb.