SOGo - Could not connect IMAP4

rafix1989 commented 4 years ago

Prior to placing the issue, please check following: (fill out each checkbox with a X once done)

[x] I understand that not following below instructions might result in immediate closing and deletion of my issue.
[x] I have understood that answers are voluntary and community-driven, and not commercial support.
[x] I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description of the bug: What kind of issue have you exactly come across?

After update Mailcow to latest version i have issue with SOGo or Dovecot. Error from logs [ERROR] <0x562d8c4bbb80[SOGoMailAccount]:0> Could not connect IMAP4 [ERROR] <0x562d8c4bbb80[SOGoMailAccount]:0> no IMAP4 password available [ERROR] <0x562d8c4bbb80[SOGoMailAccount]:0> renewing imap4 password

Reproduction of said bug: How exactly do you reproduce the bug?

I update mailcow to latest version
I can login to SOGo, but i have error that "No mailbox selected"

I have tried or I do... (fill out each checkbox with a X if applicable)

[ ] In case of WebUI issue, I have tried clearing the browser cache and the issue persists.
[ ] I do run mailcow on a Synology, QNAP or any other sort of NAS.

System information

Further information (where applicable):

Question	Answer
My operating system	Ubuntu Server 16.04.6 LTS
Is Apparmor, SELinux or similar active?	no
Virtualization technlogy (KVM, VMware, Xen, etc)	no
Server/VM specifications (Memory, CPU Cores)	I_DO_REPLY_HERE
Docker Version (`docker version`)	Docker version 17.05.0-ce
Docker-Compose Version (`docker-compose version`)	docker-compose version 1.24.1,
Reverse proxy (custom solution)	no

Further notes:

Output of git diff origin/master, any other changes to the code? If so, please post them.
All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn, ip6tables -L -vn, iptables -L -vn -t nat and ip6tables -L -vn -t nat
Check docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @1.1.1.1 - output? Timeout?

General logs:
- Please take a look at the official documentation.

rafix1989 commented 4 years ago

Thread closed because i't's magically starts running.

Damnjeyy commented 3 years ago

getting this very same error, curious how to fix it

Mar 22 03:44:07 c48761dd915b sogod [65]: <0x556ed66239a0[SOGoMailAccount]:0> renewing imap4 password Mar 22 03:44:07 c48761dd915b sogod [65]: [ERROR] <0x556ed66239a0[SOGoMailAccount]:0> no IMAP4 password available Mar 22 03:44:07 c48761dd915b sogod [65]: [ERROR] <0x556ed66239a0[SOGoMailAccount]:0> Could not connect IMAP4 Mar 22 03:44:07 c48761dd915b sogod [65]: 172.19.0.1 "POST /SOGo/so/mail@domain.tld/Mail/unseenCount HTTP/1.0" 200 21/31 0.009 - - 0 - 13 Mar 22 03:44:42 c48761dd915b 2021-03-22 03:44:42.683 sogod[65:65] -[NGInternetSocketAddress _fillHost]: host not found .. Mar 22 03:44:42 c48761dd915b 2021-03-22 03:44:42.683 sogod[65:65] could not get DNS name of address 172.22.1.1 in domain <InternetDomain[0x0x556ed68e5fd0]>: 1 Mar 22 03:44:42 c48761dd915b sogod [65]: 172.22.1.1 "GET /SOGo.index/ HTTP/1.1" 200 2531/0 0.003 - - 0 - 13

dovecot seems to run fine, no problems login in with outlook or other clients, only sogo makin trouble here. Issue appeared right after fresh isntall

Pitastic commented 3 years ago

Same here. Issue appeared after an update this day.

linhandev commented 3 years ago

Same here

Pitastic commented 3 years ago

Even there after an update from today. Should this not be reopened ?!

andryyy commented 3 years ago

No.

It will show 172.22.1.1 when the connection seems to come from the Docker bridge of mailcow. Your masquerading is not working correctly. You should check iptables -L -vn -t nat and debug the incorrect rule.

I tell this quite often but people get angry and tell me it's not their fault. That's why I really don't like to respond anymore when this comes up.

Pitastic commented 3 years ago

Oh...will look into this....and I'm not angry, thanks for your help 😃 👍

andryyy commented 3 years ago

Can you post the output? :)

Pitastic commented 3 years ago

Sure ! Theres is nothing than mailcow on that system (fortunately).

$ docker network ls

``` NETWORK ID NAME DRIVER SCOPE 5bb7e3e91f38 bridge bridge local fcfae3ba5643 host host local 22ae4f231b2a mailcowdockerized_mailcow-network bridge local e881c5c62a80 none null local ```

If I read the output correctly the MASQUERADE seems to be ok, istn't it?

$ iptables -L -vn -t nat

``` Chain PREROUTING (policy ACCEPT 86961 packets, 6224K bytes) pkts bytes target prot opt in out source destination 5318 312K DOCKER all -- * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL Chain INPUT (policy ACCEPT 2122 packets, 127K bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 18 packets, 1081 bytes) pkts bytes target prot opt in out source destination 0 0 DOCKER all -- * * 0.0.0.0/0 !127.0.0.0/8 ADDRTYPE match dst-type LOCAL Chain POSTROUTING (policy ACCEPT 903 packets, 48358 bytes) pkts bytes target prot opt in out source destination 45119 3393K MASQUERADE all -- * !br-mailcow 172.22.1.0/24 0.0.0.0/0 0 0 MASQUERADE all -- * !docker0 172.17.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-fb1e5282e532 172.29.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-6572ba202319 172.24.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-45a2152cd402 172.23.0.0/16 0.0.0.0/0 37581 2577K MASQUERADE all -- * !br-84fd0da68c99 172.22.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-9f1d75f96ca4 172.21.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-2a36ad475444 172.19.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-91183d9b366b 172.18.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-578246dc23a8 172.20.0.0/16 0.0.0.0/0 0 0 MASQUERADE all -- * !br-4e952711e582 192.168.0.0/20 0.0.0.0/0 0 0 MASQUERADE all -- * !br-6618befb4f18 172.28.0.0/16 0.0.0.0/0 0 0 MASQUERADE tcp -- * * 172.18.0.3 172.18.0.3 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.19.0.2 172.19.0.2 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.21.0.2 172.21.0.2 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.21.0.3 172.21.0.3 tcp dpt:27017 0 0 MASQUERADE tcp -- * * 172.21.0.4 172.21.0.4 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.21.0.5 172.21.0.5 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.22.0.3 172.22.0.3 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.23.0.2 172.23.0.2 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.24.0.2 172.24.0.2 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.24.0.3 172.24.0.3 tcp dpt:22 0 0 MASQUERADE tcp -- * * 172.24.0.4 172.24.0.4 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.24.0.5 172.24.0.5 tcp dpt:3306 0 0 MASQUERADE tcp -- * * 172.29.0.2 172.29.0.2 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.29.0.4 172.29.0.4 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.29.0.5 172.29.0.5 tcp dpt:27017 0 0 MASQUERADE tcp -- * * 172.29.0.6 172.29.0.6 tcp dpt:80 0 0 MASQUERADE tcp -- * * 172.22.1.249 172.22.1.249 tcp dpt:6379 0 0 MASQUERADE tcp -- * * 172.22.1.7 172.22.1.7 tcp dpt:8983 0 0 MASQUERADE tcp -- * * 172.22.1.8 172.22.1.8 tcp dpt:5443 0 0 MASQUERADE tcp -- * * 172.22.1.8 172.22.1.8 tcp dpt:5269 0 0 MASQUERADE tcp -- * * 172.22.1.8 172.22.1.8 tcp dpt:5222 0 0 MASQUERADE tcp -- * * 172.22.1.9 172.22.1.9 tcp dpt:3306 0 0 MASQUERADE tcp -- * * 172.22.1.12 172.22.1.12 tcp dpt:587 0 0 MASQUERADE tcp -- * * 172.22.1.12 172.22.1.12 tcp dpt:465 0 0 MASQUERADE tcp -- * * 172.22.1.12 172.22.1.12 tcp dpt:25 0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:12345 0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:4190 0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:995 0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:993 0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:143 0 0 MASQUERADE tcp -- * * 172.22.1.250 172.22.1.250 tcp dpt:110 0 0 MASQUERADE tcp -- * * 172.22.1.11 172.22.1.11 tcp dpt:443 0 0 MASQUERADE tcp -- * * 172.22.1.11 172.22.1.11 tcp dpt:80 Chain DOCKER (2 references) pkts bytes target prot opt in out source destination 13 780 RETURN all -- br-mailcow * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- docker0 * 0.0.0.0/0 0.0.0.0/0 0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:7654 to:172.22.1.249:6379 0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:18983 to:172.22.1.7:8983 9 540 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5443 to:172.22.1.8:5443 4 240 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5269 to:172.22.1.8:5269 91 5729 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 to:172.22.1.8:5222 0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:13306 to:172.22.1.9:3306 49 2764 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:587 to:172.22.1.12:587 25 1460 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:465 to:172.22.1.12:465 252 13168 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:172.22.1.12:25 0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 127.0.0.1 tcp dpt:19991 to:172.22.1.250:12345 0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4190 to:172.22.1.250:4190 0 0 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:172.22.1.250:995 75 4548 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:172.22.1.250:993 62 3624 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 to:172.22.1.250:143 2 84 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 to:172.22.1.250:110 248 11836 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:172.22.1.11:443 87 4424 DNAT tcp -- !br-mailcow * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:172.22.1.11:80 ```

andryyy commented 3 years ago

This rule is the problem:

37581 2577K MASQUERADE  all  --  *      !br-84fd0da68c99  172.22.0.0/16        0.0.0.0/0

Can you remove it? Is it an old bridge, that does not exist anymore?

iptables -t nat -D POSTROUTING 6 should do it.

Pitastic commented 3 years ago

That worked !

# identify the mentioned line (eagle eyes already know that it is number 6)
$ iptables -L -vn -t nat --line-numbers

# delete that rule
$ iptables -t nat -D POSTROUTING 6

Indeed it was likely an old rule from an unclean docker shutdown. Maybe something I did wrong in or before the update process in March (as I also did os updates there). Thanks for that ! 😉

ghost commented 3 years ago

I just runned the update.sh script and it fixied the issue.

ip6li commented 2 years ago

This is a really nasty problem. Please consider to add this to https://mailcow.github.io/mailcow-dockerized-docs/de/troubleshooting/debug-common_problems/. I had a similar problem and this issue helped me to resolve it.

PatrickDeZordo commented 1 year ago

Had the same issue and SOLVED it: https://github.com/mailcow/mailcow-dockerized/issues/3657#issuecomment-1685786473

Should really added to the https://mailcow.github.io/mailcow-dockerized-docs/de/troubleshooting/debug-common_problems/.

Cheers! 🤞

mailcow / mailcow-dockerized

SOGo - Could not connect IMAP4 #3128

That worked !