ISPConfig: Roundcube - can't login (IMAP: A0002 NO [AUTHENTICATIONFAILED] Authentication failed.)

Discussion in 'Installation/Configuration' started by Damian Borowski, Apr 21, 2018.

  1. Damian Borowski

    Damian Borowski New Member

    Hi everyone,
    I recently installed ISPConfig and after all day long fight with different issues I have stumbled upon the one above. I think I've tried it all to no avail.
    It seems the dovecot cannot authenticate against the database set by ISPConfig.
    I followed this guide: https://www.howtoforge.com/perfect-server-centos-7-x86_64-nginx-dovecot-ispconfig-3
    And I updated it to the latest release with the update.php hoping it will solve problems. But nah...
    Any help is much appreciated in advance!

    ---
    /etc/dovecot.conf
    Code:
    passdb {
  args = /etc/dovecot-sql.conf
  driver = sql
}
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot-sql.conf
  driver = sql
}
plugin {
  quota = dict:user::file:/var/vmail/%d/%n/.quotausage
  sieve=/var/vmail/%d/%n/.sieve
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0600
    user = vmail
  }
  user = root
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
   group = postfix
   mode = 0600
   user = postfix
  }
}
service imap-login {
  client_limit = 1000
  process_limit = 500
}
protocol imap {
  mail_plugins = quota imap_quota
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
  mail_plugins = quota
}
protocol lda {
  mail_plugins = sieve quota
  postmaster_address = root@localhost
}
protocol lmtp {
postmaster_address = [email protected]
  mail_plugins = quota sieve
}
mail_plugins = $mail_plugins quota
    /etc/roundcubemail/config.inc.php

    PHP:
    /* Local configuration for Roundcube Webmail */
    $config['db_dsnw'] = 'mysql://roundcubeuser:[CUT]@localhost/roundcubedb';
    $config['db_prefix'] = 'roundcube';
    $config['default_host'] = 'localhost';
    $config['smtp_server'] = 'localhost';
    $config['support_url'] = '';
    $config['des_key'] = '0c539b69cc71c2cbd2357be2';
    $config['plugins'] = array();
    $config['spellcheck_engine'] = 'pspell';
    /etc/roundcubemail/defaults.inc.php - only one line changed here as per some other advice
    PHP:
    $config['imap_auth_type'] = 'PLAIN';
    /var/log/roundcubemail/imap.log - you can notice here I have tried multiple methods...

    Code:
    [21-Apr-2018 18:21:00 +0200]: <ils1us50> [BEC3] S: * ID ("name" "Dovecot")
[21-Apr-2018 18:21:00 +0200]: <ils1us50> [BEC3] S: A0001 OK ID completed.
[21-Apr-2018 18:21:00 +0200]: <ils1us50> [BEC3] C: A0002 AUTHENTICATE PLAIN ****** [45]
[21-Apr-2018 18:21:04 +0200]: <ils1us50> [BEC3] S: A0002 NO [AUTHENTICATIONFAILED] Authentication failed.
[21-Apr-2018 18:28:31 +0200]: <ils1us50> [ADDD] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
[21-Apr-2018 18:28:31 +0200]: <ils1us50> [ADDD] C: A0001 ID ("name" "Roundcube" "version" "1.1.10" "php" "5.4.16" "os" "Linux" "command" "/webmail/?_task=login")
[21-Apr-2018 18:28:31 +0200]: <ils1us50> [ADDD] S: * ID ("name" "Dovecot")
[21-Apr-2018 18:28:31 +0200]: <ils1us50> [ADDD] S: A0001 OK ID completed.
[21-Apr-2018 18:28:31 +0200]: <ils1us50> [ADDD] C: A0002 AUTHENTICATE DIGEST-MD5
[21-Apr-2018 18:28:31 +0200]: <ils1us50> [ADDD] S: A0002 NO [ALERT] Unsupported authentication mechanism.
[21-Apr-2018 18:28:54 +0200]: <ils1us50> [C237] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
[21-Apr-2018 18:28:54 +0200]: <ils1us50> [C237] C: A0001 ID ("name" "Roundcube" "version" "1.1.10" "php" "5.4.16" "os" "Linux" "command" "/webmail/?_task=login")
[21-Apr-2018 18:28:54 +0200]: <ils1us50> [C237] S: * ID ("name" "Dovecot")
[21-Apr-2018 18:28:54 +0200]: <ils1us50> [C237] S: A0001 OK ID completed.
[21-Apr-2018 18:28:54 +0200]: <ils1us50> [C237] C: A0002 AUTHENTICATE CRAM-MD5
[21-Apr-2018 18:28:54 +0200]: <ils1us50> [C237] S: A0002 NO [ALERT] Unsupported authentication mechanism.
[21-Apr-2018 18:29:43 +0200]: <ils1us50> [12B9] S: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
[21-Apr-2018 18:29:43 +0200]: <ils1us50> [12B9] C: A0001 ID ("name" "Roundcube" "version" "1.1.10" "php" "5.4.16" "os" "Linux" "command" "/webmail/?_task=login")
[21-Apr-2018 18:29:43 +0200]: <ils1us50> [12B9] S: * ID ("name" "Dovecot")
[21-Apr-2018 18:29:43 +0200]: <ils1us50> [12B9] S: A0001 OK ID completed.
[21-Apr-2018 18:29:43 +0200]: <ils1us50> [12B9] C: A0002 LOGIN ****** [32]
[21-Apr-2018 18:29:47 +0200]: <ils1us50> [12B9] S: A0002 NO [AUTHENTICATIONFAILED] Authentication failed.
    Perhaps some iptables?

    Code:
    Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:cslistener
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:cslistener
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:rndc state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:rndc state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp dpt:rndc state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp spt:rndc state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:domain state NEW,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webcache
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:tproxy
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ntp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:rndc state NEW,ESTABLISHED
ACCEPT     udp  --  anywhere             anywhere             udp dpt:rndc state NEW,ESTABLISHED
     
    Damian Borowski, Apr 21, 2018
    #1
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Did you use the full email address as email username? And take a look into the /var/log/maillog file, that's the place where dovecot writes it's log.
     
    till, Apr 23, 2018
    #2
  3. Damian Borowski

    Damian Borowski New Member

    @till Hi,

    Thanks for your reply. Sure, I use the full email address. I've looked into /var/log/maillog previously, but I only just notice I had this error:

    Code:
    Apr 23 11:45:02 mgmt01 postfix/smtpd[15347]: warning: SASL: Connect to private/auth failed: No such file or directory
Apr 23 11:45:02 mgmt01 postfix/smtpd[15347]: fatal: no SASL authentication mechanisms
    So quickly fixed this with by:
    Code:
    # yum install -y cyrus-sasl-plain
    Now the error is gone but I still cannot login. From mailllog:
    Code:
    Apr 23 11:50:19 mgmt01 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=<[email protected]>, method=PLAIN, rip=::1, lip=::1, secured, session=<HJly/oVqaAAAAAAAAAAAAAAAAAAAAAAB>
    Thanks!
    Damian.
     
    Damian Borowski, Apr 23, 2018
    #3
  4. Damian Borowski

    Damian Borowski New Member

    Ok, so I finally logged in! The problem was /etc/dovecot.conf, which should be (similarly to dovecot-sql.conf) symlinked to /etc/dovecot/. Sadly, this wasn't in the guide.

    Next problem is - emails are not sent out :)

    Thanks for the advice though! This topic can be closed.
     
    Damian Borowski, Apr 23, 2018
    #4

Share This Page