Here's the gist.
- The mail server (postfix and dovecot) works: I can send and receive emails;
- The webserver works: I can open postfixadmin;
- PostfixAdmin login failed.
Some context:
I usually do a system update once a week or two weeks.
I don't know exaclty when the problem occurred (since I don't use postfixadmin very often), so debugging this problem has been difficult.
I searched the internet, and surprisingly can't find any similar problems, so I came here for help.
First time posting, please be forgiving
The only thing that shows up in the uwsgi journal when I tried to login (with any account) is:
PostfixAdmin login failed (username: ..., ip_address: ...)
I tried to redo the setup step to create a superadmin, and this showed up:
dovecotpw password encryption failed. STDERR output: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 25: ssl_cert: Can't open file /etc/letsencrypt/live/dev.albatros-coding.de/fullchain.pem: Permission denied
So it seems the problem is that dovecotpw (/usr/bin/doveadm pw) failed to load dovecot conf because certificate has restricted permission.
However the dovecot service is running properly (I tried restart/reload all the related services, even rebooted the system a few times).
Afaik dovecot loaded the conf file when it was running as root so it had no problem,
but when postfixadmin tried to call doveadm (for encrypting password with dovecot, i suppose),
doveadm failed to load the conf file because the privilege had been dropped.
I don't how how it was working before,
but I think maybe doveadm wasn't supposed to load the conf file if the dovecot service was running?
That's as much as I can find out.
Any help is appreciated, thanks!
postfixadmin version: 3.2.4-1
/etc/webapps/postfixadmin/config.local.php
<?php
$CONF['configured'] = true;
// correspond to dovecot maildir path /home/vmail/%d/%u
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_user';
$CONF['database_password'] = '...';
$CONF['database_name'] = 'postfix_db';
$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';...
postfix version: 3.5.6-1
/etc/postfix/main.cf
...
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_recipient_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
check_policy_service unix:private/policy-spf
smtpd_relay_restrictions =
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/dev.albatros-coding.de/fullchain.pem
smtpd_tls_key_file = /etc/letsencrypt/live/dev.albatros-coding.de/privkey.pem
smtpd_sasl_local_domain = $mydomain
smtpd_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_loglevel = 1...
dovecot version: 2.3.11.3-1
/etc/dovecot/dovecot.conf
protocols = imap pop3
auth_mechanisms = plain
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf
}service auth {
unix_listener /var/spool/postfix/private/auth {
user = postfix
group = postfix
mode = 0660
}
user = root
}mail_home = /home/vmail/%d/%n
mail_location = maildir:~ssl = yes
ssl_cert = </etc/letsencrypt/live/dev.albatros-coding.de/fullchain.pem
ssl_key = </etc/letsencrypt/live/dev.albatros-coding.de/privkey.pem
ssl_dh = </etc/dovecot/dh.pem