ViMbAdmin icon indicating copy to clipboard operation
ViMbAdmin copied to clipboard

Published 20 hours ago verified publisher icon opensolutions

error creating mailbox

Open winne27 opened this issue 1 year ago • 4 comments

the following error is raised by creating a mailbox with ViMbAdmin

`ViMbAdmin_Exception

File /opt/ViMbAdmin/library/ViMbAdmin/Dovecot.php Line 57 Message Error executing Dovecot password command: /usr/bin/doveadm pw -s 'BLF-CRYPT' -u 'username' -p 'pw' Code 0 `

Environment: ubuntu 22.04 PHP 8.2 dovecot 2.3.16

/usr/bin/doveadm is executable for all

on cli the command is executed succesfull.

winne27 avatar May 02 '23 15:05 winne27

the problem is that www-data cannot read the letsencrypt certificates in /etc/archive/domain/. Read access for fullchain.pem and privatkey.pem is neccessary for executing doveadm. But the dir archive is only readable by root and privatekey.pem also.

A workarround is to give read access to this directories and files, to all, at least temporarily. This works for me.

I tried some solutions with sudo, but it did not work work.

winne27 avatar May 02 '23 20:05 winne27

Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following:

SELECT username AS user,
    CASE
        WHEN password LIKE '{%}%'
            THEN password
        WHEN password LIKE '$1$%'
            THEN CONCAT('{MD5}', password)
        WHEN password LIKE '$2a$%'
            THEN CONCAT('{BLF-CRYPT}', password)
        WHEN password LIKE '$5$%'
            THEN CONCAT('{SHA256-CRYPT}', password)
        WHEN password LIKE '$6$%'
            THEN CONCAT('{SHA512-CRYPT}', password)
        ELSE
            password
    END AS password,
    homedir AS userdb_home,
    maildir AS userdb_mail,
    CONCAT('*:bytes=', quota) AS userdb_quota_rule,
    uid AS userdb_uid,
    gid AS userdb_gid
FROM mailbox
WHERE username = '%Lu'
    AND ( access_restriction = 'ALL' OR LOCATE('%Us', access_restriction) > 0 )

PhrozenByte avatar May 03 '23 09:05 PhrozenByte

Thanks for your immidiate answer. Meanwhile I found the reason for the error: permissions!

The command /usr/bin/doveadm needs read access to the letsencrypt certs in /etc/letsencrypt/archive/domain.tld. But only root has read access to the privkey. For that running by the webserver (www-data) the command fails.

A workaround is to allow temporarily read for all cert files to all.

Now I tried your suggestion successfully - thanks.

Von: "Laura Kolčavová" @.> An: "opensolutions/ViMbAdmin" @.> CC: "Werner Schäffer" @.>, "Author" @.> Gesendet: Mittwoch, 3. Mai 2023 11:45:49 Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307)

Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following: SELECT username AS user, CASE WHEN password LIKE ' {%}% ' THEN password WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password) WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password) WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password) WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password) ELSE password END AS password, homedir AS userdb_home, maildir AS userdb_mail, CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 )

— Reply to this email directly, [ https://github.com/opensolutions/ViMbAdmin/issues/307#issuecomment-1532736805 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] . You are receiving this because you authored the thread. Message ID: @.***>

winne27 avatar May 03 '23 12:05 winne27

Your SQL didn't work. I found the following at [ https://github.com/opensolutions/ViMbAdmin/issues/277 | https://github.com/opensolutions/ViMbAdmin/issues/277 ] and it works for me SELECT
CASE
WHEN LEFT(password,4) = '$2y$' THEN CONCAT('{CRYPT}', password)
WHEN LEFT(password,3) = '$6$' THEN CONCAT('{SHA512-CRYPT}', password)
WHEN LEFT(password,3) = '$5$' THEN CONCAT('{SHA256-CRYPT}', password)
WHEN LEFT(password,3) = '$1$' THEN CONCAT('{MD5-CRYPT}', password)
END AS password
FROM mailbox
WHERE username='%u'

Von: "Laura Kolčavová" @.> An: "opensolutions/ViMbAdmin" @.> CC: "Werner Schäffer" @.>, "Author" @.> Gesendet: Mittwoch, 3. Mai 2023 11:45:49 Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307)

Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following: SELECT username AS user, CASE WHEN password LIKE ' {%}% ' THEN password WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password) WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password) WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password) WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password) ELSE password END AS password, homedir AS userdb_home, maildir AS userdb_mail, CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 )

— Reply to this email directly, [ https://github.com/opensolutions/ViMbAdmin/issues/307#issuecomment-1532736805 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] . You are receiving this because you authored the thread. Message ID: @.***>

winne27 avatar May 03 '23 13:05 winne27