Mail authentication broken after update to

Discussion in 'Installation/Configuration' started by axelcon, Mar 6, 2012.

  1. axelcon

    axelcon New Member


    I have big problems after today's update to

    Basically it started the same as described here:

    ...and other places, but the root cause never seemed to be identified (as far as I could find).

    Everything seemed to be up and running until I got reports about failed logins from email clients.

    So I had in my logs:
    Mar  6 15:26:58 xxx authdaemond: failed to connect to mysql server (server=localhost, userid=ispconfig): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
    Mar  6 15:26:58 xxx pop3d: authentication error: Input/output error
    Mar  6 15:28:33 xxx postfix/trivial-rewrite[5918]: fatal: proxy:mysql:/etc/postfix/,lock|fold_fix): table lookup problem
    and subsequently:
    Mar  6 15:31:07 xxx postfix/smtpd[7757]: connect from[]
    Mar  6 15:31:07 xxx postfix/smtpd[7757]: warning: SASL authentication failure: Password verification failed
    Mar  6 15:31:07 xxx postfix/smtpd[7757]: warning:[]: SASL PLAIN authentication failed: authentication failure
    Mar  6 15:31:07xxx postfix/smtpd[7757]: lost connection after AUTH from[]
    Mar  6 15:31:07 xxx postfix/smtpd[7757]: disconnect from[]
    I could log into mysql with the credentials from via shell without problems.

    Now I restarted mysql, postfix, saslauthd and, while I was at it, the courier authdaemon (not necessarily in that order).

    I created a new Mailbox and user and can log that new user in via webmail and mail client without problem. Still, all existing mail user passwords from before the update are invalid.

    So far I have no idea where to start.

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The most likely reason for your problem is a misconfiguration that happens when dovecot and courier are installed on a server at the same time.

    Please post the output of:

    netstat -tap | grep pop


    which dovecot

    and I need to know wich lda and imap server is selected in ispconfig under System > Server Config > Mail

    and please post the file
  3. axelcon

    axelcon New Member

    now that was fast :)

    netstat -tap | grep pop:
    tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      10289/couriertcpd
    tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      14182/couriertcpd
    which dovecot gives no result (no dovecot here)

    Selected pop/imap daemon is courier.
    # See /usr/share/postfix/ for a commented, more complete version
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    readme_directory = /usr/share/doc/postfix
    # TLS parameters
    smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    smtpd_tls_key_file = /etc/postfix/smtpd.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    myhostname =
    alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
    myorigin = /etc/mailname
    mydestination =, localhost, localhost.localdomain
    relayhost =
    mynetworks = [::1]/128
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    html_directory = /usr/share/doc/postfix/html
    virtual_alias_domains =
    virtual_alias_maps = proxy:mysql:/etc/postfix/, proxy:mysql:/etc/postfix/, hash:/var/lib/mailman/data/virtual-mailman
    virtual_mailbox_domains = proxy:mysql:/etc/postfix/
    virtual_mailbox_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_base = /var/vmail
    virtual_uid_maps = static:5000
    virtual_gid_maps = static:5000
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes
    smtpd_sasl_authenticated_header = yes
    smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, check_recipient_access mysql:/etc/postfix/, reject_unauth_destination
    smtpd_tls_security_level = may
    transport_maps = proxy:mysql:/etc/postfix/
    relay_domains = mysql:/etc/postfix/
    relay_recipient_maps = mysql:/etc/postfix/
    virtual_create_maildirsize = yes
    virtual_maildir_extended = yes
    virtual_mailbox_limit_maps = proxy:mysql:/etc/postfix/
    virtual_mailbox_limit_override = yes
    virtual_maildir_limit_message = "The user you are trying to reach is over quota."
    virtual_overquota_bounce = yes
    proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
    smtpd_sender_restrictions = check_sender_access mysql:/etc/postfix/
    smtpd_client_restrictions = check_client_access mysql:/etc/postfix/
    maildrop_destination_concurrency_limit = 1
    maildrop_destination_recipient_limit = 1
    virtual_transport = maildrop
    header_checks = regexp:/etc/postfix/header_checks
    mime_header_checks = regexp:/etc/postfix/mime_header_checks
    nested_header_checks = regexp:/etc/postfix/nested_header_checks
    body_checks = regexp:/etc/postfix/body_checks
    content_filter = amavis:[]:10024
    receive_override_options = no_address_mappings
    message_size_limit = 0
    smtpd_client_message_rate_limit = 100
    owner_request_special = no
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats looks ok. Which Linux distribution do you use and did you install any linux updates too?

    and please answer this question from above "and I need to know wich lda and imap server is selected in ispconfig under System > Server Config > Mail" I need to know the lda setting as well, it can be maildrop or sieve.
  5. axelcon

    axelcon New Member

    Sorry, got the question wrong and wasn't complete either.
    It's maildrop and yes, installed updates today, too, via apt.

    Looking at the dpkg log, there a lot more suspects than ispconfig, I admit...

    Postfix, postfix-mysql, mysql, didn't monitor that this update I made was so long put off (it's not my own server).
  6. axelcon

    axelcon New Member

    ...Debian Lenny
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Ok, Debian Lenny updates are normally be uncritical.

    Did you install the debian updates before or after you updated ispconfig?

    Please compare the folder permissions of the working mailbox with the ones from a not working mailbox. The mailboxes are normally located in /var/vmail/domain.tld/user/

    and then please post the output of:

    cat /etc/debian_version
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    One additional thing, please check the mail_user table in the ispconfig database if the login field is not empty for the non working accounts. If they are empty, then run this sql command:

    update mail_user set login = email WHERE 1;
  9. axelcon

    axelcon New Member

    Thanks! The database update did the trick. Only two had the login name, my new one and one that was probably altered via the ispconfig interface by the server owner meanwhile.
  10. till

    till Super Moderator Staff Member ISPConfig Developer

    The sql code that updates the login column is normally executed by the installer,it is part of the incremental database scheme updates. No sure why this incremental sql update file has been skipped on your server, maybe the difference between the old and new ispconfig version was too big so that the updater had to do a full database scheme update instead of executing the incremental updates.
  11. axelcon

    axelcon New Member

    May well be... the update was from to

Share This Page