error creating mailbox

[winne27]

the following error is raised by creating a mailbox with ViMbAdmin

`ViMbAdmin_Exception

File
/opt/ViMbAdmin/library/ViMbAdmin/Dovecot.php
Line
57
Message
Error executing Dovecot password command: /usr/bin/doveadm pw -s 'BLF-CRYPT' -u 'username' -p 'pw'
Code
0
`

Environment:
ubuntu 22.04
PHP 8.2
dovecot 2.3.16

/usr/bin/doveadm is executable for all

on cli the command is executed succesfull.

[winne27]

the problem is that www-data cannot read the letsencrypt certificates in /etc/archive/domain/. Read access for fullchain.pem and privatkey.pem is neccessary for executing doveadm. But the dir archive is only readable by root and privatekey.pem also.

A workarround is to give read access to this directories and files, to all, at least temporarily. This works for me.

I tried some solutions with sudo, but it did not work work.

[PhrozenByte]

Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following:

SELECT username AS user,
    CASE
        WHEN password LIKE '{%}%'
            THEN password
        WHEN password LIKE '$1$%'
            THEN CONCAT('{MD5}', password)
        WHEN password LIKE '$2a$%'
            THEN CONCAT('{BLF-CRYPT}', password)
        WHEN password LIKE '$5$%'
            THEN CONCAT('{SHA256-CRYPT}', password)
        WHEN password LIKE '$6$%'
            THEN CONCAT('{SHA512-CRYPT}', password)
        ELSE
            password
    END AS password,
    homedir AS userdb_home,
    maildir AS userdb_mail,
    CONCAT('*:bytes=', quota) AS userdb_quota_rule,
    uid AS userdb_uid,
    gid AS userdb_gid
FROM mailbox
WHERE username = '%Lu'
    AND ( access_restriction = 'ALL' OR LOCATE('%Us', access_restriction) > 0 )

[winne27]

Thanks for your immidiate answer. Meanwhile I found the reason for the error: permissions! The command /usr/bin/doveadm needs read access to the letsencrypt certs in /etc/letsencrypt/archive/domain.tld. But only root has read access to the privkey. For that running by the webserver (www-data) the command fails. A workaround is to allow temporarily read for all cert files to all. Now I tried your suggestion successfully - thanks. Von: "Laura Kolčavová" ***@***.***> An: "opensolutions/ViMbAdmin" ***@***.***> CC: "Werner Schäffer" ***@***.***>, "Author" ***@***.***> Gesendet: Mittwoch, 3. Mai 2023 11:45:49 Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307) Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following: SELECT username AS user, CASE WHEN password LIKE ' {%}% ' THEN password WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password) WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password) WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password) WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password) ELSE password END AS password, homedir AS userdb_home, maildir AS userdb_mail, CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 ) — Reply to this email directly, [ #307 (comment) | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] . You are receiving this because you authored the thread. Message ID: ***@***.***>

[winne27]

Your SQL didn't work. I found the following at [ #277 | #277 ] and it works for me SELECT \ CASE \ WHEN LEFT(password,4) = '$2y$' THEN CONCAT('{CRYPT}', password) \ WHEN LEFT(password,3) = '$6$' THEN CONCAT('{SHA512-CRYPT}', password) \ WHEN LEFT(password,3) = '$5$' THEN CONCAT('{SHA256-CRYPT}', password) \ WHEN LEFT(password,3) = '$1$' THEN CONCAT('{MD5-CRYPT}', password) \ END AS password \ FROM mailbox \ WHERE username='%u' Von: "Laura Kolčavová" ***@***.***> An: "opensolutions/ViMbAdmin" ***@***.***> CC: "Werner Schäffer" ***@***.***>, "Author" ***@***.***> Gesendet: Mittwoch, 3. Mai 2023 11:45:49 Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307) Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following: SELECT username AS user, CASE WHEN password LIKE ' {%}% ' THEN password WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password) WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password) WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password) WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password) ELSE password END AS password, homedir AS userdb_home, maildir AS userdb_mail, CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 ) — Reply to this email directly, [ #307 (comment) | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] . You are receiving this because you authored the thread. Message ID: ***@***.***>