search

outroll / vesta

VESTA Control Panel
http://vestacp.com
GNU General Public License v3.0
2.91k stars 1.02k forks source link

Dovecot Password mismatch #1499

Open franciscopaniskaseker opened 6 years ago

franciscopaniskaseker commented 6 years ago

Operating System (OS/VERSION):

Debian 8

VestaCP Version:

ii vesta 0.9.8-19 amd64 Vesta ii vesta-ioncube 0.9.8-19 amd64 ionCube Loader for Vesta ii vesta-nginx 0.9.8-19 amd64 Vesta Nginx ii vesta-php 0.9.8-19 amd64 Vesta php-fpm ii vesta-softaculous 0.9.8-19 amd64 softaculous plugin for Vesta

Installed Software (what you got with the installer):

nginx+apache+mysql+bind

Steps to Reproduce:

From nothing dovecot started to show "Password mismatch" from every IMAP logins. Even with new accounts that I created after that error starter happening. If I try with uncreated user, it will show "unknown user". If a provide correct user (user@domain) with correct password, it will show "Password mismatch" .

That server only update with vestacp auto updates.

Related Issues/Forum Threads:

no

Other Notes:

Is it possible do roundcube not enconding right That server only update with vestacp auto updates.

Errors:

Feb 26 11:43:05 auth: Info: passwd-file(teste@DOMAIN,127.0.0.1,<46Yghx5mIAB/AAAB>): Password mismatch
Feb 26 11:43:07 imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<teste@DOMAIN>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<46Yghx5mIAB/AAAB>

User "teste" is in "/etc/exim4/domains/DOMAIN/passwd".

I already tried to rebuild mail domains with v-rebuild-mail-domains. I am trying to log with roundcube. I tried login using roundcube and thunderbird.

franciscopaniskaseker commented 6 years ago

Every time that I change the password of some email with same password (and repeat that a lot of times) I am seeing different MD5 hashes in "/home/admin/conf/mail/DOMAIN/passwd". VestaCP only do MD5 crypt with no salt, is not?

That behavior is right?

franciscopaniskaseker commented 6 years ago

According VestaCP doc it has a salt.

I tried to change manually that passwords and now I can login:

root@painel:~# v-change-mail-account-password admin DOMAIN teste teste
root@painel:~# v-change-mail-account-password admin DOMAIN teste2 teste2

So dovecot isn't the problem. But I do not know, if probably web fui is bugged, why old accounts (before that problem) have this problem.

008 commented 5 years ago

issue is actual, how to fix?

anton-reutov commented 5 years ago

@008 What OS on your server and Vesta version?

HueyGeek commented 5 years ago

To fix this problem should be added the following to /etc/dovecot/conf.d/10-auth.conf

auth_username_format = %u

And need to eliminate (or change the extension to) the file /etc/dovecot/conf.d/15-mailboxes.conf