hi at zakaria.website
2022-Sep-13 11:43 UTC
Dovecot mail-crypt webmail can't read encrypted messages
On 2022-09-02 20:40, Serveria Support wrote:> I tried it but it doesn't seem to make any difference at all. > > Can someone please assist me with reading logs? Does this log below > mean Dovecot is trying to use master_user again or simply reading > master_user password file? > > Sep 2 15:35:33 mx dovecot: auth: Debug: Read auth token secret from > /run/dovecot/auth-token-secret.dat > Sep 2 15:35:33 mx dovecot: auth: Debug: passwd-file > /etc/dovecot/dovecot-master-users: Read 1 users in 0 secs > Sep 2 15:35:33 mx dovecot: auth: Debug: auth client connected > (pid=900284) > Sep 2 15:35:33 mx dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=Vfxm1bbnRo9/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=36678#011local_name=127.0.0.1#011resp=AHRlc3RvQG1haWxjaXRhZGVsLnh5egA0SFBYMWt0OSE= > (previous base64 data may contain sensitive data) > > Everything ok here? > > Sep 2 15:25:34 mx dovecot: auth: Debug: auth client connected > (pid=899859) > Sep 2 15:25:34 mx dovecot: auth: Debug: client in: > AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=97OusbbnXI1/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=36188#011local_name=127.0.0.1#011resp=AHRlc3RvQG1haWxjaXRhZGVsLnh5egA0SFBYMWt0OSE= > (previous base64 data may contain sensitive data) > Sep 2 15:25:34 mx dovecot: auth: Debug: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing passdb > lookup > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<3>: Handling PASSV > request > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<3>: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing passdb > lookup > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<3>: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): query: SELECT > mailbox.password, mailbox.allow_nets FROM mailbox,domain WHERE > mailbox.username='user1 at mydomain.xyz' AND mailbox.`enableimaptls`=1 AND > mailbox.active=1 AND mailbox.domain=domain.domain AND domain.backupmx=0 > AND domain.active=1 > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<3>: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished passdb > lookup > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<3>: Finished > Sep 2 15:25:34 mx dovecot: auth: Debug: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished passdb > lookup > Sep 2 15:25:34 mx dovecot: auth: Debug: > auth(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Auth request > finished > Sep 2 15:25:34 mx dovecot: auth: Debug: client passdb out: > OK#0111#011user=user1 at mydomain.xyz > Sep 2 15:25:34 mx dovecot: auth: Debug: master in: > REQUEST#0111998585857#011899859#0111#01131314e9e09e38b194a05b78bfe279780#011session_pid=899860#011request_auth_token > Sep 2 15:25:34 mx dovecot: auth: Debug: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing userdb > lookup > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<4>: Handling USER > request > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<4>: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing userdb > lookup > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<4>: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): SELECT > LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, > '/', mailbox.maildir)) AS home, CONCAT(mailbox.mailboxformat, ':~/', > mailbox.mailboxfolder) AS mail, CONCAT('*:bytes=', > mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE > mailbox.username='user1 at mydomain.xyz' AND mailbox.`enableimaptls`=1 AND > mailbox.active=1 AND mailbox.domain=domain.domain AND domain.backupmx=0 > AND domain.active=1 > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<4>: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished userdb > lookup > Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn > unix:auth-worker (pid=899853,uid=110): auth-worker<4>: Finished > Sep 2 15:25:34 mx dovecot: auth: Debug: > sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished userdb > lookup > Sep 2 15:25:34 mx dovecot: auth: Debug: master userdb out: > USER#0111998585857#011user1 at mydomain.xyz#011home=/var/vmail/vmail1/mydomain.xyz/t/e/s/xxxxx-2022.08.30.06.07.08/#011mail=maildir:~/Maildir#011quota_rule=*:bytes=1073741824#011auth_mech=PLAIN#011auth_token=fac9c351492fd6073176272c79ff65b1b3e87f37 > > Sep 2 15:25:34 mx dovecot: > imap(user1 at mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Added userdb > setting: mail=maildir:~/Maildir > Sep 2 15:25:34 mx dovecot: > imap(user1 at mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Added userdb > setting: plugin/quota_rule=*:bytes=1073741824 > Sep 2 15:25:34 mx dovecot: > imap(user1 at mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Effective > uid=2000, gid=2000, > home=/var/vmail/vmail1/mydomain.xyz/t/e/s/xxxxx-2022.08.30.06.07.08/ > > Any ideas? > > On 2022-09-02 20:08, dovecot at ptld.com wrote: >>> password_query = SELECT \ >>> username as user, password, \ >>> '%w' AS userdb_mail_crypt_private_password \ >>> FROM mailbox WHERE username="%u"; >> >> Try if using ' instead of " makes a difference. >> FROM mailbox WHERE username='%u';The logs doesn't show any errors?
Serveria Support
2022-Sep-14 13:41 UTC
Dovecot mail-crypt webmail can't read encrypted messages
Hi, This log shows no errors. Running doveadm fetch command gives me this: doveadm(user at mydomain.xyz): Error: fetch(text) failed for box=INBOX uid=15: read() failed: read(/var/vmail/vmail1/mydomain.xyz/a/b/d/xxxxxxxx-2022.09.09.05.52.29//Maildir/cur/1663034263.M491074P1457418.mx,S=2217,W=2266:2,S) failed: Private key not available: Cannot decrypt key fd98762c573b8c54805884838695bd5b7eaeb9e0b0d326434c2f63a95a905a89: Cannot decrypt key 10fed5d3e938ce19a20046b84f29e50a271f6404f0760037996b4cf2d1ecfeb7: Password not available On 2022-09-13 14:43, hi at zakaria.website wrote:> On 2022-09-02 20:40, Serveria Support wrote: >> I tried it but it doesn't seem to make any difference at all. >> >> Can someone please assist me with reading logs? Does this log below >> mean Dovecot is trying to use master_user again or simply reading >> master_user password file? >> >> Sep 2 15:35:33 mx dovecot: auth: Debug: Read auth token secret from >> /run/dovecot/auth-token-secret.dat >> Sep 2 15:35:33 mx dovecot: auth: Debug: passwd-file >> /etc/dovecot/dovecot-master-users: Read 1 users in 0 secs >> Sep 2 15:35:33 mx dovecot: auth: Debug: auth client connected >> (pid=900284) >> Sep 2 15:35:33 mx dovecot: auth: Debug: client in: >> AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=Vfxm1bbnRo9/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=36678#011local_name=127.0.0.1#011resp=AHRlc3RvQG1haWxjaXRhZGVsLnh5egA0SFBYMWt0OSE= >> (previous base64 data may contain sensitive data) >> >> Everything ok here? >> >> Sep 2 15:25:34 mx dovecot: auth: Debug: auth client connected >> (pid=899859) >> Sep 2 15:25:34 mx dovecot: auth: Debug: client in: >> AUTH#0111#011PLAIN#011service=imap#011secured=tls#011session=97OusbbnXI1/AAAB#011lip=127.0.0.1#011rip=127.0.0.1#011lport=143#011rport=36188#011local_name=127.0.0.1#011resp=AHRlc3RvQG1haWxjaXRhZGVsLnh5egA0SFBYMWt0OSE= >> (previous base64 data may contain sensitive data) >> Sep 2 15:25:34 mx dovecot: auth: Debug: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing >> passdb lookup >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<3>: Handling PASSV >> request >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<3>: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing >> passdb lookup >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<3>: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): query: SELECT >> mailbox.password, mailbox.allow_nets FROM mailbox,domain WHERE >> mailbox.username='user1 at mydomain.xyz' AND mailbox.`enableimaptls`=1 >> AND mailbox.active=1 AND mailbox.domain=domain.domain AND >> domain.backupmx=0 AND domain.active=1 >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<3>: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished passdb >> lookup >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<3>: Finished >> Sep 2 15:25:34 mx dovecot: auth: Debug: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished passdb >> lookup >> Sep 2 15:25:34 mx dovecot: auth: Debug: >> auth(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Auth request >> finished >> Sep 2 15:25:34 mx dovecot: auth: Debug: client passdb out: >> OK#0111#011user=user1 at mydomain.xyz >> Sep 2 15:25:34 mx dovecot: auth: Debug: master in: >> REQUEST#0111998585857#011899859#0111#01131314e9e09e38b194a05b78bfe279780#011session_pid=899860#011request_auth_token >> Sep 2 15:25:34 mx dovecot: auth: Debug: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing >> userdb lookup >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<4>: Handling USER >> request >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<4>: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Performing >> userdb lookup >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<4>: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): SELECT >> LOWER(CONCAT(mailbox.storagebasedirectory, '/', mailbox.storagenode, >> '/', mailbox.maildir)) AS home, CONCAT(mailbox.mailboxformat, ':~/', >> mailbox.mailboxfolder) AS mail, CONCAT('*:bytes=', >> mailbox.quota*1048576) AS quota_rule FROM mailbox,domain WHERE >> mailbox.username='user1 at mydomain.xyz' AND mailbox.`enableimaptls`=1 >> AND mailbox.active=1 AND mailbox.domain=domain.domain AND >> domain.backupmx=0 AND domain.active=1 >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<4>: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished userdb >> lookup >> Sep 2 15:25:34 mx dovecot: auth-worker(899854): Debug: conn >> unix:auth-worker (pid=899853,uid=110): auth-worker<4>: Finished >> Sep 2 15:25:34 mx dovecot: auth: Debug: >> sql(user1 at mydomain.xyz,127.0.0.1,<97OusbbnXI1/AAAB>): Finished userdb >> lookup >> Sep 2 15:25:34 mx dovecot: auth: Debug: master userdb out: >> USER#0111998585857#011user1 at mydomain.xyz#011home=/var/vmail/vmail1/mydomain.xyz/t/e/s/xxxxx-2022.08.30.06.07.08/#011mail=maildir:~/Maildir#011quota_rule=*:bytes=1073741824#011auth_mech=PLAIN#011auth_token=fac9c351492fd6073176272c79ff65b1b3e87f37 >> >> Sep 2 15:25:34 mx dovecot: >> imap(user1 at mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Added >> userdb setting: mail=maildir:~/Maildir >> Sep 2 15:25:34 mx dovecot: >> imap(user1 at mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Added >> userdb setting: plugin/quota_rule=*:bytes=1073741824 >> Sep 2 15:25:34 mx dovecot: >> imap(user1 at mydomain.xyz)<899860><97OusbbnXI1/AAAB>: Debug: Effective >> uid=2000, gid=2000, >> home=/var/vmail/vmail1/mydomain.xyz/t/e/s/xxxxx-2022.08.30.06.07.08/ >> >> Any ideas? >> >> On 2022-09-02 20:08, dovecot at ptld.com wrote: >>>> password_query = SELECT \ >>>> username as user, password, \ >>>> '%w' AS userdb_mail_crypt_private_password \ >>>> FROM mailbox WHERE username="%u"; >>> >>> Try if using ' instead of " makes a difference. >>> FROM mailbox WHERE username='%u'; > > The logs doesn't show any errors?