Re: [SOGo] SOGO reusing Dovecot db password issue
The passwords are not being stored in plain text in the db but they can be visible in the logs. Disabling the logs won't help in my case as an attacker can reenable logging if the system gets compromised and grab all passwords from there. Dovecot docs describe it like this: DO NOT use password directly. It can contain % which is interpreted as variable expansion and can cause errors. Also, it might be visible in debug logging. Suggested approaches are base64 encoding, hex encoding or hashing the password. With hashing, you get the extra benefit that password won’t be directly visible in logs. So, how to perform this hashing? At which point it has to be done? On 2022-10-08 11:05, Odhiambo Washington wrote: On Fri, Oct 7, 2022 at 10:31 PM Serveria Support wrote: Hi, Yes, you're totally right my friend! I was just desperate because I needed help and the other thread was getting replies while mine wasn't. Sorry about that. Anyway, you're my savior as I have double checked everything as you have suggested and indeed the encryption algo was different in dovecot config. Dovecot had sha512-crypt while SOGO tried to use ssha512. I'm not sure how this is possible as I have checked everything billions of times and I was 100% sure the same algo is in both configs. I have changed ssha512 to sha512-crypt in dovecot config and voila: I'm able to login into SOGO. Thanks again! P.S. By any chance you know how to prevent plain text passwords from appearing in the logs? It kinda makes all my efforts useless and defeats the whole encrypted storage concept... If you are storing passwords in plaintext in your DB, that's one thing you should think about. As regards your question, just disable all debugging from 10-logging.conf (dovecot). -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] Postfixadmin
Hi, You're my savior as I have double checked everything as you have suggested and indeed the encryption algo was different in dovecot config. Dovecot had sha512-crypt while SOGO tried to use ssha512. I'm not sure how this is possible as I have checked everything billions of times and I was 100% sure the same algo is in both configs. I have changed ssha512 to sha512-crypt in dovecot config and voila: I'm able to login into SOGO. Thanks again! P.S. By any chance you know how to prevent plain text passwords from appearing in the logs? It kinda makes all my efforts useless and defeats the whole encrypted storage concept... On 2022-10-07 11:07, Odhiambo Washington wrote: On Thu, Oct 6, 2022 at 11:50 PM Serveria Support wrote: Here it is: MariaDB [mailserver]> describe sogo_users; ++--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | ++--+--+-+-+---+ | c_uid | varchar(100) | NO | | NULL| | | c_name | varchar(100) | NO | | NULL| | | c_password | varchar(106) | NO | | NULL| | | c_cn | varchar(100) | NO | | NULL| | | mail | varchar(100) | NO | | NULL| | | domain | varchar(100) | NO | | NULL| | ++--+--+-+-+---+ 6 rows in set (0.006 sec) But I think you're going the wrong way. Windows Mail and other software clients can log in and send/receive emails just fine using these credentials. I am not going the wrong way actually. I wanted to be sure that the right table is in place because SOGo uses specific column names. In my setup, I created a VIEW to use with SOGo. (BTW, I'm curious about the HOWTO that you followed for your installation). Now that we know the right table columns exist, we can focus on debugging. 1. I am assuming that your dovecot-sql.conf.ext also has: default_pass_scheme = ssha512, because this is what you have specified in sogo.conf. 2. I am assuming that in sogo.conf, you have set MySQL4DebugEnabled = YES; (I mean you've removed the // from the line) and restarted sogod. 3. I am assuming that in dovecot's 10-logging.conf, you have set the following params: log_path = /var/log/dovecot-error.log # Log file to use for informational messages. Defaults to log_path. info_log_path = /var/log/dovecot-info.log # Log file to use for debug messages. Defaults to info_log_path. debug_log_path = /var/log/dovecot-debug.log auth_verbose = yes auth_verbose_passwords = yes auth_debug = yes #Shows SQL queries auth_debug_passwords = yes #Logs the passwords and the used scheme so the problem can be debugged and restarted dovecot! Now just look at the logs and you will discover why sogo is experiencing errors. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] SOGO reusing Dovecot db password issue
Hi, Yes, you're totally right my friend! I was just desperate because I needed help and the other thread was getting replies while mine wasn't. Sorry about that. Anyway, you're my savior as I have double checked everything as you have suggested and indeed the encryption algo was different in dovecot config. Dovecot had sha512-crypt while SOGO tried to use ssha512. I'm not sure how this is possible as I have checked everything billions of times and I was 100% sure the same algo is in both configs. I have changed ssha512 to sha512-crypt in dovecot config and voila: I'm able to login into SOGO. Thanks again! P.S. By any chance you know how to prevent plain text passwords from appearing in the logs? It kinda makes all my efforts useless and defeats the whole encrypted storage concept... On 2022-10-07 11:09, Odhiambo Washington wrote: @Serveria - I think it's a bad idea to address the same problem in two separate threads. Can you please stick to the one you created instead of the one you hijacked? On Thu, Oct 6, 2022 at 11:50 PM Serveria Support wrote: MySQL4DebugEnabled = YES; line is enabled in my sogo.conf I'm not using any hashing atm, it's a test install, but if you mean password algorithm I'm using ssha512 (used it as my Dovecot was using it already and I was too lazy to change it). It seems to be supported: Possible values are: none, plain, crypt, md5, md5-crypt, sha256-crypt and sha512-crypt, smd5, cram-md5 and sha, sha256, sha512 and its ssha (e.g. ssha or ssha256) variants Any ideas? On 2022-10-06 16:35, Christian Mack wrote: Hi Enable debugging for mysql in sogo.conf: MySQL4DebugEnabled = YES; Also which password hashing are you using? See "userPasswordAlgorithm" in "Installation and Konfiguration Guide". Kind regards, Christian Mack Am 06.10.22 um 10:44 schrieb Serveria Support (supp...@serveria.com): Hi, Thanks for responding. I did enable all possible logging in Dovecot and I can see Windows Mail clients logging in successfully. But for some reason my SOGo connection attempts are not showing up in logs at all. SOGo log still shows the same error message I already posted. SOGo website is giving me this error: Wrong username or password. On 2022-10-04 18:54, Odhiambo Washington wrote: On Thu, Sep 29, 2022 at 4:01 PM Serveria Support wrote: Hi, After weeks of trying to configure iredmail package for my needs (and failing miserably) I decided to start everything from scratch: I took a vanilla Debian 11 server and installed Dovecot + Postfix + MariaDB + Apache. Mailserver works like a charm - emails are getting sent/delivered/stored perfectly. Users are able to log in/authenticate. Then I decided to add SOGo to the config and installed it, also configured using the basic howto from sogo website. All done, web frontend comes up. So far so good unfortunately I'm unable to authenticate using my Dovecot users db. Here I have to add that I didn't create a separate table for SOGo but instead tried to reuse my Dovecot user credentials by creating a VIEW in my DB. However, this doesn't seem to work, here's my sogo.log: Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST /SOGo/connect HTTP/1.1" 403 34/89 0.003 - - 0 - 12 Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST' on uri '/SOGo/connect' 2022-09-29 06:30:25.510 sogod[151286:151286] SQL: SELECT c_password FROM sogo_users WHERE c_uid = 'u...@mydomain.tld'; 2022-09-29 06:30:25.510 sogod[151286:151286] query has results, entering fetch-mode. Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from 'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784 seconds to execute Unfortunately, I'm not too good at reading SOGo logs and the error message seems to be not very self-explanatory. What exactly does this mean? Unable to fetch password? Password didn't work? Wrong encryption protocol? Any suggestions? Look at the dovecot logging configuration and bump the debugging up and you'll get it right. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] Postfixadmin
I'm not using LDAP, just regular mysql db. On 2022-10-06 22:10, Serveria Support wrote: Here it is: MariaDB [mailserver]> describe sogo_users; ++--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | ++--+--+-+-+---+ | c_uid | varchar(100) | NO | | NULL| | | c_name | varchar(100) | NO | | NULL| | | c_password | varchar(106) | NO | | NULL| | | c_cn | varchar(100) | NO | | NULL| | | mail | varchar(100) | NO | | NULL| | | domain | varchar(100) | NO | | NULL| | ++--+--+-+-+---+ 6 rows in set (0.006 sec) But I think you're going the wrong way. Windows Mail and other software clients can log in and send/receive emails just fine using these credentials. On 2022-10-06 21:01, Odhiambo Washington wrote: I am expecting a table equivalent to this. On Thu, Oct 6, 2022 at 8:50 PM Odhiambo Washington wrote: On Thu, Oct 6, 2022 at 8:33 PM Serveria Support wrote: Sure, here you go. It's very basic actually, I didn't make any heavy tweaking: [snip] SOGoUserSources = ( { type = sql; id = users; viewURL = "mysql://mailuser:password@localhost:3306/mailserver/sogo_users"; canAuthenticate = YES; isAddressBook = NO; userPasswordAlgorithm = ssha512; } ); [snip] Can you please connect to the "mailserver" database and then do: describe table sogo_users; I am expecting something like this: MySQL -uUSER -ppassword mailserver # After you connect, I'd like to see the output of describe table sogo_users; I am expecting to see column names and definitions: root@localhost [mailserver]> desc sogo_users; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | sogo_id | int unsigned | NO | | 0 | | | c_uid | varchar(255) | NO | | | | | c_name| varchar(255) | YES | | NULL| | | c_password| varchar(256) | YES | | NULL| | | c_cn | varchar(255) | NO | | | | | mail | varchar(255) | NO | | | | | displayName | varchar(255) | YES | | NULL| | | kind | varchar(100) | YES | | NULL| | | multiple_bookings | int | YES | | NULL| | +---+--+--+-+-+---+ Most importantly I'd like to see the c_uid, c_name, c_password, c_cn... -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] Postfixadmin
Here it is: MariaDB [mailserver]> describe sogo_users; ++--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | ++--+--+-+-+---+ | c_uid | varchar(100) | NO | | NULL| | | c_name | varchar(100) | NO | | NULL| | | c_password | varchar(106) | NO | | NULL| | | c_cn | varchar(100) | NO | | NULL| | | mail | varchar(100) | NO | | NULL| | | domain | varchar(100) | NO | | NULL| | ++--+--+-+-+---+ 6 rows in set (0.006 sec) But I think you're going the wrong way. Windows Mail and other software clients can log in and send/receive emails just fine using these credentials. On 2022-10-06 21:01, Odhiambo Washington wrote: I am expecting a table equivalent to this. On Thu, Oct 6, 2022 at 8:50 PM Odhiambo Washington wrote: On Thu, Oct 6, 2022 at 8:33 PM Serveria Support wrote: Sure, here you go. It's very basic actually, I didn't make any heavy tweaking: [snip] SOGoUserSources = ( { type = sql; id = users; viewURL = "mysql://mailuser:password@localhost:3306/mailserver/sogo_users"; canAuthenticate = YES; isAddressBook = NO; userPasswordAlgorithm = ssha512; } ); [snip] Can you please connect to the "mailserver" database and then do: describe table sogo_users; I am expecting something like this: MySQL -uUSER -ppassword mailserver # After you connect, I'd like to see the output of describe table sogo_users; I am expecting to see column names and definitions: root@localhost [mailserver]> desc sogo_users; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | sogo_id | int unsigned | NO | | 0 | | | c_uid | varchar(255) | NO | | | | | c_name| varchar(255) | YES | | NULL| | | c_password| varchar(256) | YES | | NULL| | | c_cn | varchar(255) | NO | | | | | mail | varchar(255) | NO | | | | | displayName | varchar(255) | YES | | NULL| | | kind | varchar(100) | YES | | NULL| | | multiple_bookings | int | YES | | NULL| | +---+--+--+-+-+---+ Most importantly I'd like to see the c_uid, c_name, c_password, c_cn... -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] SOGO reusing Dovecot db password issue
MySQL4DebugEnabled = YES; line is enabled in my sogo.conf I'm not using any hashing atm, it's a test install, but if you mean password algorithm I'm using ssha512 (used it as my Dovecot was using it already and I was too lazy to change it). It seems to be supported: Possible values are: none, plain, crypt, md5, md5-crypt, sha256-crypt and sha512-crypt, smd5, cram-md5 and sha, sha256, sha512 and its ssha (e.g. ssha or ssha256) variants Any ideas? On 2022-10-06 16:35, Christian Mack wrote: Hi Enable debugging for mysql in sogo.conf: MySQL4DebugEnabled = YES; Also which password hashing are you using? See "userPasswordAlgorithm" in "Installation and Konfiguration Guide". Kind regards, Christian Mack Am 06.10.22 um 10:44 schrieb Serveria Support (supp...@serveria.com): Hi, Thanks for responding. I did enable all possible logging in Dovecot and I can see Windows Mail clients logging in successfully. But for some reason my SOGo connection attempts are not showing up in logs at all. SOGo log still shows the same error message I already posted. SOGo website is giving me this error: Wrong username or password. On 2022-10-04 18:54, Odhiambo Washington wrote: On Thu, Sep 29, 2022 at 4:01 PM Serveria Support wrote: Hi, After weeks of trying to configure iredmail package for my needs (and failing miserably) I decided to start everything from scratch: I took a vanilla Debian 11 server and installed Dovecot + Postfix + MariaDB + Apache. Mailserver works like a charm - emails are getting sent/delivered/stored perfectly. Users are able to log in/authenticate. Then I decided to add SOGo to the config and installed it, also configured using the basic howto from sogo website. All done, web frontend comes up. So far so good unfortunately I'm unable to authenticate using my Dovecot users db. Here I have to add that I didn't create a separate table for SOGo but instead tried to reuse my Dovecot user credentials by creating a VIEW in my DB. However, this doesn't seem to work, here's my sogo.log: Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST /SOGo/connect HTTP/1.1" 403 34/89 0.003 - - 0 - 12 Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST' on uri '/SOGo/connect' 2022-09-29 06:30:25.510 sogod[151286:151286] SQL: SELECT c_password FROM sogo_users WHERE c_uid = 'u...@mydomain.tld'; 2022-09-29 06:30:25.510 sogod[151286:151286] query has results, entering fetch-mode. Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from 'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784 seconds to execute Unfortunately, I'm not too good at reading SOGo logs and the error message seems to be not very self-explanatory. What exactly does this mean? Unable to fetch password? Password didn't work? Wrong encryption protocol? Any suggestions? Look at the dovecot logging configuration and bump the debugging up and you'll get it right. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] Postfixadmin
names = (sogo1, sogo2); // This is an array - keep the parens! //SxVMemLimit = 384; //WOPidFile = "/var/run/sogo/sogo.pid"; //SOGoMemcachedHost = "/var/run/memcached.sock"; /* Debug */ SOGoDebugRequests = YES; SoDebugBaseURL = YES; ImapDebugEnabled = YES; //LDAPDebugEnabled = YES; //PGDebugEnabled = YES; MySQL4DebugEnabled = YES; SOGoUIxDebugEnabled = YES; //WODontZipResponse = YES; WOLogFile = /var/log/sogo/sogo.log; } On 2022-10-06 15:52, Odhiambo Washington wrote: On Thu, Oct 6, 2022 at 3:12 PM Serveria Support wrote: Hi, Thanks for your reply. Yes, I realized that after posting this. I made a mistake I meant SOGo on port 80 and 443 not Dovecot obviously. I did enable all possible logging in Dovecot and I can see Windows Mail clients logging in successfully. But for some reason my SOGo connection attempts are not showing up in logs at all. SOGo log still shows the same error message I already posted. SOGo website is giving me this error: Wrong username or password. Let's see your complete sogo.conf, please. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] Postfixadmin
Hi, Thanks for your reply. Yes, I realized that after posting this. I made a mistake I meant SOGo on port 80 and 443 not Dovecot obviously. I did enable all possible logging in Dovecot and I can see Windows Mail clients logging in successfully. But for some reason my SOGo connection attempts are not showing up in logs at all. SOGo log still shows the same error message I already posted. SOGo website is giving me this error: Wrong username or password. On 2022-10-05 23:45, Odhiambo Washington wrote: On Wed, Oct 5, 2022 at 4:37 PM Serveria Support wrote: Thanks, you're really helpful, I appreciate. After turning Dovecot debugging on (SOGO had been enabled already) I'm seeing these in the log: 09:22:01 debian postfix/smtps/smtpd[267384]: SSL_accept error from unknown[xx.xx.xx.xx]: Connection timed out 09:22:01 debian postfix/smtps/smtpd[267384]: lost connection after CONNECT from unknown[xx.xx.xx.xx] 09:22:01 debian postfix/smtps/smtpd[267384]: disconnect from unknown[xx.xx.xx.xx] commands=0/0 Interesting, Dovecot is configured to use http/port 80 by default, port 443 is open but I didn't enable it as I wanted to test out with http first. So https is necessary for SOGO to authenticate? I can see Windows mail connecting just fine in the same log. Any thoughts? Dovecot can only listen on the following ports by default: 110 (POP3), 143 (IMAP4), 993 (IMAPS), 995 (POP3S). It can never listen to port 80 (HTTP) or 443 (HTTPS) which are only used by a web server (Nginx, Apache, Lighttpd). The logs you are showing are from Postfix and not dovecot! Please enable debugging on dovecot and look at the dovecot logs. You need to be seeing SQL queries on the logs. Please re-read your 10-logging.conf from dovecot, enable debugging are refer to the file specified. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] SOGO reusing Dovecot db password issue
Hi, Thanks for responding. I did enable all possible logging in Dovecot and I can see Windows Mail clients logging in successfully. But for some reason my SOGo connection attempts are not showing up in logs at all. SOGo log still shows the same error message I already posted. SOGo website is giving me this error: Wrong username or password. On 2022-10-04 18:54, Odhiambo Washington wrote: On Thu, Sep 29, 2022 at 4:01 PM Serveria Support wrote: Hi, After weeks of trying to configure iredmail package for my needs (and failing miserably) I decided to start everything from scratch: I took a vanilla Debian 11 server and installed Dovecot + Postfix + MariaDB + Apache. Mailserver works like a charm - emails are getting sent/delivered/stored perfectly. Users are able to log in/authenticate. Then I decided to add SOGo to the config and installed it, also configured using the basic howto from sogo website. All done, web frontend comes up. So far so good unfortunately I'm unable to authenticate using my Dovecot users db. Here I have to add that I didn't create a separate table for SOGo but instead tried to reuse my Dovecot user credentials by creating a VIEW in my DB. However, this doesn't seem to work, here's my sogo.log: Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST /SOGo/connect HTTP/1.1" 403 34/89 0.003 - - 0 - 12 Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST' on uri '/SOGo/connect' 2022-09-29 06:30:25.510 sogod[151286:151286] SQL: SELECT c_password FROM sogo_users WHERE c_uid = 'u...@mydomain.tld'; 2022-09-29 06:30:25.510 sogod[151286:151286] query has results, entering fetch-mode. Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from 'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784 seconds to execute Unfortunately, I'm not too good at reading SOGo logs and the error message seems to be not very self-explanatory. What exactly does this mean? Unable to fetch password? Password didn't work? Wrong encryption protocol? Any suggestions? Look at the dovecot logging configuration and bump the debugging up and you'll get it right. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Re: [SOGo] Postfixadmin
Thanks, you're really helpful, I appreciate. After turning Dovecot debugging on (SOGO had been enabled already) I'm seeing these in the log: 09:22:01 debian postfix/smtps/smtpd[267384]: SSL_accept error from unknown[xx.xx.xx.xx]: Connection timed out 09:22:01 debian postfix/smtps/smtpd[267384]: lost connection after CONNECT from unknown[xx.xx.xx.xx] 09:22:01 debian postfix/smtps/smtpd[267384]: disconnect from unknown[xx.xx.xx.xx] commands=0/0 Interesting, Dovecot is configured to use http/port 80 by default, port 443 is open but I didn't enable it as I wanted to test out with http first. So https is necessary for SOGO to authenticate? I can see Windows mail connecting just fine in the same log. Any thoughts? On 2022-10-02 23:31, Serveria Support wrote: Hi, Sorry to hijack this thread, but I'm having exactly same issue. Here's my conf file user sources part: SOGoUserSources = ( { type = sql; id = users; viewURL = "mysql://mailuser:password@localhost:3306/mailserver/sogo_users"; canAuthenticate = YES; isAddressBook = NO; userPasswordAlgorithm = ssha512; } ); I'm getting the same error TS has mentioned. Unfortunately, log file doesn't seem to be particularly user friendly so we can only guess? On 2022-09-30 21:44, Pierre wrote: Hi, Could have to do with encrytion used. I got my setup working with the following (where "tablename" is actually a view generated from the postfixadmin user table): SOGoUserSources = ( { type = sql; id = directory; viewURL mysql://user:pass@127.0.0.1:3306/dbname/tablename [1]"; userPasswordAlgorithm = md5-crypt; canAuthenticate = YES; isAddressBook = YES; } ); SOGoSMTPAuthenticationType = PLAIN; On Fri, Sep 30, 2022, 12:21 PM "WilliamB" wrote: Hi I run an Ubuntu 20.04 with postfix/dovecot and postfix admin I am trying to get SOGo working but it will not authenticate might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Any clues please Links: -- [1] http://user:pass@127.0.0.1:3306/dbname/tablename
Re: [SOGo] Postfixadmin
Hi, Sorry to hijack this thread, but I'm having exactly same issue. Here's my conf file user sources part: SOGoUserSources = ( { type = sql; id = users; viewURL = "mysql://mailuser:password@localhost:3306/mailserver/sogo_users"; canAuthenticate = YES; isAddressBook = NO; userPasswordAlgorithm = ssha512; } ); I'm getting the same error TS has mentioned. Unfortunately, log file doesn't seem to be particularly user friendly so we can only guess? On 2022-09-30 21:44, Pierre wrote: Hi, Could have to do with encrytion used. I got my setup working with the following (where "tablename" is actually a view generated from the postfixadmin user table): SOGoUserSources = ( { type = sql; id = directory; viewURL mysql://user:pass@127.0.0.1:3306/dbname/tablename [1]"; userPasswordAlgorithm = md5-crypt; canAuthenticate = YES; isAddressBook = YES; } ); SOGoSMTPAuthenticationType = PLAIN; On Fri, Sep 30, 2022, 12:21 PM "WilliamB" wrote: Hi I run an Ubuntu 20.04 with postfix/dovecot and postfix admin I am trying to get SOGo working but it will not authenticate might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Any clues please Links: -- [1] http://user:pass@127.0.0.1:3306/dbname/tablename
[SOGo] SOGO reusing Dovecot db password issue
Hi, After weeks of trying to configure iredmail package for my needs (and failing miserably) I decided to start everything from scratch: I took a vanilla Debian 11 server and installed Dovecot + Postfix + MariaDB + Apache. Mailserver works like a charm - emails are getting sent/delivered/stored perfectly. Users are able to log in/authenticate. Then I decided to add SOGo to the config and installed it, also configured using the basic howto from sogo website. All done, web frontend comes up. So far so good unfortunately I'm unable to authenticate using my Dovecot users db. Here I have to add that I didn't create a separate table for SOGo but instead tried to reuse my Dovecot user credentials by creating a VIEW in my DB. However, this doesn't seem to work, here's my sogo.log: Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST /SOGo/connect HTTP/1.1" 403 34/89 0.003 - - 0 - 12 Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST' on uri '/SOGo/connect' 2022-09-29 06:30:25.510 sogod[151286:151286] SQL: SELECT c_password FROM sogo_users WHERE c_uid = 'u...@mydomain.tld'; 2022-09-29 06:30:25.510 sogod[151286:151286] query has results, entering fetch-mode. Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from 'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784 seconds to execute Unfortunately, I'm not too good at reading SOGo logs and the error message seems to be not very self-explanatory. What exactly does this mean? Unable to fetch password? Password didn't work? Wrong encryption protocol? Any suggestions?
[SOGo] Encrypted emails not showing (greyed out)
Hi, We have configured Sogo + Dovecot mailserver. Everything was working fine out of the box. Then we added Dovecot mail_crypt encryption plugin to the config. It seems to do the job - emails are getting encrypted, stored etc. The only issue - emails are not being showed by Sogo (or to be more precise sort of a greyed out silhouette is being shown). The only possibly related error in Sogo logs was this: [ERROR] <0x0x55f5a316b440[NGImap4Connection]> Error fetching 3 uids for url: imaps://(account/server data). Any ideas?
Re: [SOGo] SOGO + Dovecot + encryption
then initiate the postbox of that user with the information given to it from the authentication source and its configuration. In order to access the matching information from the "storage_keys" database, there has to be a connetcion between the user in the authentication source "users" Table and the user_id. Hope that helps a bit. Kind regards, Christian Mack Am 27.07.22 um 16:32 schrieb Serveria Support (supp...@serveria.com): Hey guys, I'm looking to setup a mail server with encrypted storage. I'm planning to use Dovecot mailserver + crypt or trees plugin for per-user encryption + SOGO for webmail/groupware. Encryption plugins need to store some additional data like password hash algo, salt etc. (see example scheme below) in SQL: CREATE TABLE `storage_keys` ( `id` int(11) NOT NULL AUTO_INCREMENT, `enabled` tinyint(4) DEFAULT '1', `version` tinyint(4) DEFAULT '1', `public_key` text, `pwhash_algo` tinyint(4) DEFAULT '1', `pwhash_opslimit` int(11) DEFAULT NULL, `pwhash_memlimit` int(11) DEFAULT NULL, `pwhash_salt` varchar(255) DEFAULT NULL, `sk_nonce` varchar(255) DEFAULT NULL, `locked_secretbox` text, `user_id` int(11) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT DEFAULT How can I make it work with SOGO? So far, at a first glance, there's a table named 'users' in SOGO db which contains usernames, passwords etc of SOGO users. However, it's not very clear how Dovecot is communicating with SOGO? Dovecot users = SOGO users? Or SOGO grabs Dovecot users and copies them into this 'users' table? Perhaps someone here can guide me on how it works and how to connect SOGO with Dovecot crypt plugins properly? BR, Paul serveria.com -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] SOGO + Dovecot + encryption
Hey guys, I'm looking to setup a mail server with encrypted storage. I'm planning to use Dovecot mailserver + crypt or trees plugin for per-user encryption + SOGO for webmail/groupware. Encryption plugins need to store some additional data like password hash algo, salt etc. (see example scheme below) in SQL: CREATE TABLE `storage_keys` ( `id` int(11) NOT NULL AUTO_INCREMENT, `enabled` tinyint(4) DEFAULT '1', `version` tinyint(4) DEFAULT '1', `public_key` text, `pwhash_algo` tinyint(4) DEFAULT '1', `pwhash_opslimit` int(11) DEFAULT NULL, `pwhash_memlimit` int(11) DEFAULT NULL, `pwhash_salt` varchar(255) DEFAULT NULL, `sk_nonce` varchar(255) DEFAULT NULL, `locked_secretbox` text, `user_id` int(11) DEFAULT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT DEFAULT How can I make it work with SOGO? So far, at a first glance, there's a table named 'users' in SOGO db which contains usernames, passwords etc of SOGO users. However, it's not very clear how Dovecot is communicating with SOGO? Dovecot users = SOGO users? Or SOGO grabs Dovecot users and copies them into this 'users' table? Perhaps someone here can guide me on how it works and how to connect SOGO with Dovecot crypt plugins properly? BR, Paul serveria.com -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] File sharing integration
Hi guys, I wonder if there's a possibility to integrate some kind of a file sharing addon/app into SOGO? Something SAMBA/NFS based perhaps? I've looked at OwnCloud but it my case that would be an overkill as we only need file sharing functionality really. If you have some experience please share. -- Kind Regards, Support Team SERVERIA.COM Riga, LV-1063, Latvia US: +1 (213) 224-7938 LV: + (371) 22330032 Skype: bighostlv supp...@serveria.com www.serveria.com -- users@sogo.nu https://inverse.ca/sogo/lists