You are not logged in.

#1 2020-08-18 11:46:16

Registered: 2020-08-18
Posts: 2

postfixadmin can't login through dovecot

About 4 months ago I set up a mail server for our startup mostly following … _Roundcube.
The setup has been working for a while, although I don't use postfixadmin very often, and today I found that I can't login to it anymore.

Here's the gist.
- The mail server (postfix and dovecot) works: I can send and receive emails;
- The webserver works: I can open postfixadmin;
- PostfixAdmin login failed.

Some context:
I usually do a system update once a week or two weeks.
I don't know exaclty when the problem occurred (since I don't use postfixadmin very often), so debugging this problem has been difficult.
I searched the internet, and surprisingly can't find any similar problems, so I came here for help.
First time posting, please be forgiving big_smile

The only thing that shows up in the uwsgi journal when I tried to login (with any account) is:

PostfixAdmin login failed (username: ..., ip_address: ...)

I tried to redo the setup step to create a superadmin, and this showed up:

dovecotpw password encryption failed. STDERR output: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 25: ssl_cert: Can't open file /etc/letsencrypt/live/ Permission denied

So it seems the problem is that dovecotpw (/usr/bin/doveadm pw) failed to load dovecot conf because certificate has restricted permission.
However the dovecot service is running properly (I tried restart/reload all the related services, even rebooted the system a few times).
Afaik dovecot loaded the conf file when it was running as root so it had no problem,
but when postfixadmin tried to call doveadm (for encrypting password with dovecot, i suppose),
doveadm failed to load the conf file because the privilege had been dropped.
I don't how how it was working before,
but I think maybe doveadm wasn't supposed to load the conf file if the dovecot service was running?

That's as much as I can find out.
Any help is appreciated, thanks!

postfixadmin version: 3.2.4-1


$CONF['configured'] = true;

// correspond to dovecot maildir path /home/vmail/%d/%u
$CONF['domain_path'] = 'YES';
$CONF['domain_in_mailbox'] = 'NO';
$CONF['database_type'] = 'mysqli';
$CONF['database_host'] = 'localhost';
$CONF['database_user'] = 'postfix_user';
$CONF['database_password'] = '...';
$CONF['database_name'] = 'postfix_db';
$CONF['encrypt'] = 'dovecot:SHA512-CRYPT';


postfix version: 3.5.6-1


smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/spool/postfix/private/auth
smtpd_recipient_restrictions =
    check_policy_service unix:private/policy-spf
smtpd_relay_restrictions =
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_received_header = yes
smtpd_tls_cert_file = /etc/letsencrypt/live/
smtpd_tls_key_file  = /etc/letsencrypt/live/
smtpd_sasl_local_domain = $mydomain
smtpd_tls_loglevel = 1
smtp_tls_security_level = may
smtp_tls_loglevel = 1


dovecot version:

protocols = imap pop3
auth_mechanisms = plain
passdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf
userdb {
    driver = sql
    args = /etc/dovecot/dovecot-sql.conf

service auth {
    unix_listener /var/spool/postfix/private/auth {
        user  = postfix
        group = postfix
        mode  = 0660
    user = root

mail_home = /home/vmail/%d/%n
mail_location = maildir:~

ssl = yes
ssl_cert = </etc/letsencrypt/live/
ssl_key  = </etc/letsencrypt/live/
ssl_dh   = </etc/dovecot/dh.pem


#2 2020-08-26 08:48:45

Registered: 2020-08-18
Posts: 2

Re: postfixadmin can't login through dovecot


#3 2020-10-30 13:02:15

Registered: 2009-03-19
Posts: 890

Re: postfixadmin can't login through dovecot

Didn't manage to fix it that way, so I "temporarily" added the users dovecot and postfixadmin (not sure if postfixadmin uses www-data by default, mine runs as user postfixadmin) to the certbot group, which works at the moment.


Board footer

Powered by FluxBB