Open mmallejac opened 3 months ago
I've upgraded one instance from 25 way up to 29.0.3 and my logins always work.
Why SnappyMail removes the Nextcloud password setting has 1 main reason: Login fails
This prevents SnappyMail from attacking the IMAP server with failed login attempts (which could trigger fail2ban or other security implementations).
So to know why the login fails, you must analyze the logs for failed login attempts.
Thanks !
I've just done the following test on a demo/test instance :
Then I wanted to see something in the Snappymail config panel -> blank page
In the log / debug file:
[2024-07-02 12:42:45.232][b802458b] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:313][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/]
[2024-07-02 12:42:45.236][b802458b] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:45.238][b802458b] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:45.250][b802458b] IMAP[INFO]: Start connection to "ssl://mail.infomaniak.com:993"
[2024-07-02 12:42:45.313][b802458b] IMAP[INFO]: Connect (success)
[2024-07-02 12:42:45.313][b802458b] IMAP[DEBUG]: 0.063448905944824 (raw connection)
[2024-07-02 12:42:45.354][b802458b] IMAP[INFO]: < * OK IMAP4 ready\r\n
[2024-07-02 12:42:45.355][b802458b] IMAP[DEBUG]: 0.10514187812805 (*)
[2024-07-02 12:42:45.355][b802458b] PLUGIN[INFO]: Hook: imap.before-login
[2024-07-02 12:42:45.355][b802458b] IMAP[INFO]: > TAG1 CAPABILITY\r\n
[2024-07-02 12:42:45.378][b802458b] IMAP[INFO]: < * CAPABILITY IMAP4rev1 UIDPLUS IDLE LITERAL + QUOTA AUTH=PLAIN AUTH=LOGIN\r\n
[2024-07-02 12:42:45.379][b802458b] IMAP[INFO]: < TAG1 OK completed\r\n
[2024-07-02 12:42:45.379][b802458b] IMAP[DEBUG]: 0.023704051971436 (TAG1)
[2024-07-02 12:42:45.380][b802458b] IMAP[INFO]: > TAG2 AUTHENTICATE PLAIN\r\n
[2024-07-02 12:42:45.404][b802458b] IMAP[INFO]: < + \r\n
[2024-07-02 12:42:45.404][b802458b] IMAP[DEBUG]: 0.024233102798462 (TAG2)
[2024-07-02 12:42:45.404][b802458b] IMAP[INFO]: > *******\r\n
[2024-07-02 12:42:46.445][b802458b] IMAP[INFO]: < TAG2 NO Invalid login or password\r\n
[2024-07-02 12:42:46.446][b802458b] IMAP[WARNING]: MailSo\Imap\Exceptions\NegativeResponseException: Invalid login or password in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ResponseCollection.php:46
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate()
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse()
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(455): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('support@4next.c...', Object(SnappyMail\SensitiveString))
#7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(230): OCA\SnappyMail\Controller\PageController->index()
#9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(137): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#10 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#11 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#12 /var/www/html/lib/base.php(1068): OC\Route\Router->match('/apps/snappymai...')
#13 /var/www/html/index.php(38): OC::handleRequest()
#14 {main}
[2024-07-02 12:42:46.446][b802458b] IMAP[NOTICE]: MailSo\Imap\Exceptions\NegativeResponseException: Invalid login or password in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ResponseCollection.php:46
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(528): MailSo\Imap\ResponseCollection->validate()
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php(166): MailSo\Imap\ImapClient->getResponse()
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#4 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(455): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#5 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#6 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('support@4next.c...', Object(SnappyMail\SensitiveString))
#7 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#8 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(230): OCA\SnappyMail\Controller\PageController->index()
#9 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(137): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#10 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#11 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#12 /var/www/html/lib/base.php(1068): OC\Route\Router->match('/apps/snappymai...')
#13 /var/www/html/index.php(38): OC::handleRequest()
#14 {main}
Next MailSo\Imap\Exceptions\LoginBadCredentialsException: Invalid login or password in /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/MailSo/Imap/ImapClient.php:232
Stack trace:
#0 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(264): MailSo\Imap\ImapClient->Login(Object(MailSo\Imap\Settings))
#1 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Model/Account.php(206): RainLoop\Model\Account->netClientLogin(Object(MailSo\Imap\ImapClient), Object(RainLoop\Plugins\Manager))
#2 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(455): RainLoop\Model\Account->ImapConnectAndLogin(Object(RainLoop\Plugins\Manager), Object(MailSo\Imap\ImapClient), Object(RainLoop\Config\Application))
#3 /var/www/html/custom_apps/snappymail/app/snappymail/v/2.36.4/app/libraries/RainLoop/Actions/UserAuth.php(170): RainLoop\Actions->imapConnect(Object(RainLoop\Model\MainAccount), true)
#4 /var/www/html/custom_apps/snappymail/lib/Util/SnappyMailHelper.php(97): RainLoop\Actions->LoginProcess('support@4next.c...', Object(SnappyMail\SensitiveString))
#5 /var/www/html/custom_apps/snappymail/lib/Controller/PageController.php(50): OCA\SnappyMail\Util\SnappyMailHelper::startApp()
#6 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(230): OCA\SnappyMail\Controller\PageController->index()
#7 /var/www/html/lib/private/AppFramework/Http/Dispatcher.php(137): OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\SnappyMail\Controller\PageController), 'index')
#8 /var/www/html/lib/private/AppFramework/App.php(183): OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\SnappyMail\Controller\PageController), 'index')
#9 /var/www/html/lib/private/Route/Router.php(315): OC\AppFramework\App::main('PageController', 'index', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
#10 /var/www/html/lib/base.php(1068): OC\Route\Router->match('/apps/snappymai...')
#11 /var/www/html/index.php(38): OC::handleRequest()
#12 {main}
[2024-07-02 12:42:46.453][b802458b] Nextcloud[ERROR]: AuthError[102]
[2024-07-02 12:42:46.455][b802458b] PLUGIN[INFO]: Hook: filter.language
[2024-07-02 12:42:46.572][b802458b] [INFO]: Memory peak usage: 12MB
[2024-07-02 12:42:46.572][b802458b] [INFO]: Time delta: 1.3976299762726
[2024-07-02 12:42:46.573][b802458b] IMAP[INFO]: Disconnected from "ssl://mail.infomaniak.com:993" (success)
[2024-07-02 12:42:46.573][b802458b] IMAP[DEBUG]: 1.3227789402008 (net session)
[2024-07-02 12:42:49.261][40403699] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:328][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/?/AppData/0/6581952038827443/]
[2024-07-02 12:42:49.262][40403699] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:49.262][40403699] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:49.262][40403699] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:49.265][40403699] PLUGIN[INFO]: Hook: filter.language
[2024-07-02 12:42:49.265][40403699] PLUGIN[INFO]: Hook: filter.app-data
[2024-07-02 12:42:49.265][40403699] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:49.265][40403699] APPDATA[INFO]: {"Auth":false,"title":"Demo 4Next webmail 📫","loadingDescription":"Demo 4Next webmail 📫","Plugins":{"avatars":{"service":true,"delay":true}},"System":{"version":"2.36.4","token":"897fa5f148081def02c793312471cfa88c4f255d","languages":["ar","be","bg","cs","da","de","el","en","eo","es","et","eu","fa","fi","fr","hu","id","is","it","ja","ko","lt","lv","nb","nl","pl","pt","pt-BR","ro","ru","sk","sl","sv","tr","uk","vi","zh","zh-TW"],"webPath":"\/custom_apps\/snappymail\/app\/","webVersionPath":"\/custom_apps\/snappymail\/app\/snappymail\/v\/2.36.4\/"},"allowLanguagesOnLogin":true,"DevEmail":"support@4next.ch","DevPassword":"","signMe":0,"Theme":"NextcloudV25+","language":"fr","clientLanguage":"fr","PluginsLink":"Plugins\/0\/User\/1df7b12f0adf8b2143cc5c5feca5e8c1\/","StaticLibsJs":"\/custom_apps\/snappymail\/app\/snappymail\/v\/2.36.4\/static\/js\/libs.js","Nextcloud":{"UID":"adm4next","WebDAV":"https:\/\/demo.cloud.4next.ch\/remote.php\/dav","CalDAV":true}}
[2024-07-02 12:42:49.265][40403699] [INFO]: Memory peak usage: 6MB
[2024-07-02 12:42:49.265][40403699] [INFO]: Time delta: 0.041769027709961
[2024-07-02 12:42:51.337][a8981823] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:328][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/?/Plugins/0/User/1df7b12f0adf8b2143cc5c5feca5e8c1/]
[2024-07-02 12:42:51.338][a8981823] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:51.338][a8981823] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:51.338][a8981823] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:51.339][a8981823] [INFO]: Memory peak usage: 6MB
[2024-07-02 12:42:51.339][a8981823] [INFO]: Time delta: 0.028696060180664
[2024-07-02 12:42:51.501][64e3ea77] [INFO]: [SM:2.36.4][IP:185.129.54.93][PID:328][Apache/2.4.59 (Debian)][apache2handler][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2,tlsv1.3][GET https://demo.cloud.4next.ch/apps/snappymail/?/Css/0/User/-/NextcloudV25+/-/1719924171381/Hash/-/Json/]
[2024-07-02 12:42:51.501][64e3ea77] Nextcloud[DEBUG]: integrated
[2024-07-02 12:42:51.501][64e3ea77] Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
[2024-07-02 12:42:51.502][64e3ea77] Nextcloud[DEBUG]: snappymail-autologin is off
[2024-07-02 12:42:51.502][64e3ea77] [INFO]: Memory peak usage: 6MB
[2024-07-02 12:42:51.502][64e3ea77] [INFO]: Time delta: 0.024658918380737
^C
So maybe Crypt[ERROR]: sodiumDecrypt(): invalid $data or $key
??
I see also that log time is in UTC timezone, not sure if this is a problem or not.
Hello !
Did you have any chance to look at this ? We just can't upgrade our Snappymail installations since all our users would loose their email authentication.
The invalid $data or $key could be caused by changed .cryptkey
values.
Maybe you can test:
_data_/_default_/storage
to _data_/_default_/storage.bak
If it still fails i like to see the new logs.
Hello !
I was excited to see the release of 2.36.4 but unfortunately it does not solve the #1602 issue :
I've tried to set back the password, both using Nextcloud (parameter / extra parameters) or using the
occ snappymail:settings
CLI, but it always fall down to the Snappy login screen, without the password.The only way is then to fill in the mail password and check the 'remember me'. Problem is that most of our client's users do not have their mail password.
As a result we are unable to upgrade Nextcloud, since it would upgrade as well Snappymail. We could use a temp workaround: upgrade Nextcloud and all apps, then restore Snappymail to 2.36.1
I am also under the impression that upgrading Snappy from 2.36.3 to 2.36.4 brings the same issue: user has to fill in its main mail password.
What is the root cause of this ? I've read something about password decrypting key that gets lost, but I am not sure to fully understand.