Re: [SOGo] SOGO reusing Dovecot db password issue

2022-10-08 Thread Serveria Support 
The passwords are not being stored in plain text in the db but they can 
be visible in the logs. Disabling the logs won't help in my case as an 
attacker can reenable logging if the system gets compromised and grab 
all passwords from there. Dovecot docs describe it like this:


DO NOT use password directly. It can contain % which is interpreted as 
variable expansion and can cause errors. Also, it might be visible in 
debug logging. Suggested approaches are base64 encoding, hex encoding or 
hashing the password. With hashing, you get the extra benefit that 
password won’t be directly visible in logs.


So, how to perform this hashing? At which point it has to be done?

On 2022-10-08 11:05, Odhiambo Washington wrote:

On Fri, Oct 7, 2022 at 10:31 PM Serveria Support 
wrote:


Hi,

Yes, you're totally right my friend! I was just desperate because I
needed help and the other thread was getting replies while mine
wasn't.
Sorry about that.

Anyway, you're my savior as I have double checked everything as you
have
suggested and indeed the encryption algo was different in dovecot
config. Dovecot had sha512-crypt while SOGO tried to use ssha512.
I'm
not sure how this is possible as I have checked everything billions
of
times and I was 100% sure the same algo is in both configs. I have
changed ssha512 to sha512-crypt in dovecot config and voila: I'm
able to
login into SOGO. Thanks again!

P.S. By any chance you know how to prevent plain text passwords from

appearing in the logs? It kinda makes all my efforts useless and
defeats
the whole encrypted storage concept...


If you are storing passwords in plaintext in your DB, that's one thing
you should think about.
As regards your question, just disable all debugging from
10-logging.conf (dovecot).

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] Postfixadmin

2022-10-07 Thread Serveria Support 

Hi,

You're my savior as I have double checked everything as you have 
suggested and indeed the encryption algo was different in dovecot 
config. Dovecot had sha512-crypt while SOGO tried to use ssha512. I'm 
not sure how this is possible as I have checked everything billions of 
times and I was 100% sure the same algo is in both configs. I have 
changed ssha512 to sha512-crypt in dovecot config and voila: I'm able to 
login into SOGO. Thanks again!


P.S. By any chance you know how to prevent plain text passwords from 
appearing in the logs? It kinda makes all my efforts useless and defeats 
the whole encrypted storage concept...


On 2022-10-07 11:07, Odhiambo Washington wrote:

On Thu, Oct 6, 2022 at 11:50 PM Serveria Support 
wrote:


Here it is:

MariaDB [mailserver]> describe sogo_users;
++--+--+-+-+---+
| Field  | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| c_uid  | varchar(100) | NO   | | NULL|   |
| c_name | varchar(100) | NO   | | NULL|   |
| c_password | varchar(106) | NO   | | NULL|   |
| c_cn   | varchar(100) | NO   | | NULL|   |
| mail   | varchar(100) | NO   | | NULL|   |
| domain | varchar(100) | NO   | | NULL|   |
++--+--+-+-+---+
6 rows in set (0.006 sec)

But I think you're going the wrong way. Windows Mail and other
software
clients can log in and send/receive emails just fine using these
credentials.


I am not going the wrong way actually. I wanted to be sure that the
right table is in place because SOGo uses specific column names.
In my setup, I created a VIEW to use with SOGo.  (BTW, I'm curious
about the HOWTO that you followed for your installation).
Now that we know the right table columns exist, we can focus on
debugging.
1. I am assuming that your dovecot-sql.conf.ext also has:
default_pass_scheme = ssha512, because this is what you have specified
in sogo.conf.
2. I am assuming that in sogo.conf, you have set MySQL4DebugEnabled =
YES; (I mean you've removed the // from the line) and restarted sogod.
3. I am assuming that in dovecot's 10-logging.conf, you have set the
following params:

log_path = /var/log/dovecot-error.log
# Log file to use for informational messages. Defaults to log_path.
info_log_path = /var/log/dovecot-info.log
# Log file to use for debug messages. Defaults to info_log_path.
debug_log_path = /var/log/dovecot-debug.log

auth_verbose = yes
auth_verbose_passwords = yes
auth_debug = yes #Shows SQL queries
auth_debug_passwords = yes #Logs the passwords and the used scheme so
the problem can be debugged

and restarted dovecot!

Now just look at  the logs and you will discover why sogo is
experiencing errors.

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] SOGO reusing Dovecot db password issue

2022-10-07 Thread Serveria Support 

Hi,

Yes, you're totally right my friend! I was just desperate because I 
needed help and the other thread was getting replies while mine wasn't. 
Sorry about that.


Anyway, you're my savior as I have double checked everything as you have 
suggested and indeed the encryption algo was different in dovecot 
config. Dovecot had sha512-crypt while SOGO tried to use ssha512. I'm 
not sure how this is possible as I have checked everything billions of 
times and I was 100% sure the same algo is in both configs. I have 
changed ssha512 to sha512-crypt in dovecot config and voila: I'm able to 
login into SOGO. Thanks again!


P.S. By any chance you know how to prevent plain text passwords from 
appearing in the logs? It kinda makes all my efforts useless and defeats 
the whole encrypted storage concept...


On 2022-10-07 11:09, Odhiambo Washington wrote:

@Serveria - I think it's a bad idea to address the same problem in two
separate threads. Can you please stick to the one you created instead
of the one you hijacked?

On Thu, Oct 6, 2022 at 11:50 PM Serveria Support 
wrote:


MySQL4DebugEnabled = YES; line is enabled in my sogo.conf

I'm not using any hashing atm, it's a test install, but if you mean
password algorithm I'm using ssha512 (used it as my Dovecot was
using it
already and I was too lazy to change it). It seems to be supported:

Possible values are: none, plain, crypt, md5, md5-crypt,
sha256-crypt
and sha512-crypt, smd5, cram-md5 and sha, sha256, sha512 and its
ssha
(e.g. ssha or ssha256) variants

Any ideas?

On 2022-10-06 16:35, Christian Mack wrote:

Hi

Enable debugging for mysql in sogo.conf:
MySQL4DebugEnabled = YES;

Also which password hashing are you using?
See "userPasswordAlgorithm" in "Installation and Konfiguration

Guide".



Kind regards,
Christian Mack

Am 06.10.22 um 10:44 schrieb Serveria Support

(supp...@serveria.com):

Hi,

Thanks for responding. I did enable all possible logging in

Dovecot

and I can see Windows Mail clients logging in successfully. But

for

some reason my SOGo connection attempts are not showing up in

logs at

all. SOGo log still shows the same error message I already

posted.

SOGo website is giving me this error: Wrong username or password.

On 2022-10-04 18:54, Odhiambo Washington wrote:

On Thu, Sep 29, 2022 at 4:01 PM Serveria Support 
wrote:


Hi,

After weeks of trying to configure iredmail package for my

needs

(and
failing miserably) I decided to start everything from scratch:

I

took a
vanilla Debian 11 server and installed Dovecot + Postfix +

MariaDB +


Apache. Mailserver works like a charm - emails are getting
sent/delivered/stored perfectly. Users are able to log
in/authenticate.
Then I decided to add SOGo to the config and installed it, also
configured using the basic howto from sogo website. All done,

web

frontend comes up. So far so good unfortunately I'm unable

to

authenticate using my Dovecot users db. Here I have to add that

I

didn't
create a separate table for SOGo but instead tried to reuse my
Dovecot
user credentials by creating a VIEW in my DB. However, this

doesn't

seem
to work, here's my sogo.log:

Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST

/SOGo/connect

HTTP/1.1" 403 34/89 0.003 - - 0 - 12
Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST'

on uri


'/SOGo/connect'
2022-09-29 06:30:25.510 sogod[151286:151286]


SQL:

SELECT c_password FROM sogo_users WHERE c_uid =

'u...@mydomain.tld';

2022-09-29 06:30:25.510 sogod[151286:151286]

query
has results, entering fetch-mode.
Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from
'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have

worked

-
password policy: 65535  grace: -1  expire: -1  bound: 0
Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784

seconds

to
execute

Unfortunately, I'm not too good at reading SOGo logs and the

error

message seems to be not very self-explanatory. What exactly

does

this
mean? Unable to fetch password? Password didn't work? Wrong
encryption
protocol? Any suggestions?


Look at the dovecot logging configuration and bump the debugging

up

and you'll get it right.

-- Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)


--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] Postfixadmin

2022-10-06 Thread Serveria Support 

I'm not using LDAP, just regular mysql db.

On 2022-10-06 22:10, Serveria Support wrote:

Here it is:

MariaDB [mailserver]> describe sogo_users;
++--+--+-+-+---+
| Field  | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| c_uid  | varchar(100) | NO   | | NULL|   |
| c_name | varchar(100) | NO   | | NULL|   |
| c_password | varchar(106) | NO   | | NULL|   |
| c_cn   | varchar(100) | NO   | | NULL|   |
| mail   | varchar(100) | NO   | | NULL|   |
| domain | varchar(100) | NO   | | NULL|   |
++--+--+-+-+---+
6 rows in set (0.006 sec)

But I think you're going the wrong way. Windows Mail and other
software clients can log in and send/receive emails just fine using
these credentials.

On 2022-10-06 21:01, Odhiambo Washington wrote:

I am expecting a table equivalent to this.

On Thu, Oct 6, 2022 at 8:50 PM Odhiambo Washington
 wrote:


On Thu, Oct 6, 2022 at 8:33 PM Serveria Support 
wrote:


Sure, here you go. It's very basic actually, I didn't make any
heavy
tweaking:


[snip]

SOGoUserSources =
(
{
type = sql;
id = users;
viewURL =
"mysql://mailuser:password@localhost:3306/mailserver/sogo_users";
canAuthenticate = YES;
isAddressBook = NO;
userPasswordAlgorithm = ssha512;
}
);

[snip]

Can you please connect to the "mailserver" database and then do:
describe table sogo_users;

I am expecting something like this:
MySQL -uUSER -ppassword mailserver # After you connect, I'd like to
see the output of
describe table sogo_users;

I am expecting to see column names and definitions:
root@localhost [mailserver]> desc sogo_users;
+---+--+--+-+-+---+
| Field | Type | Null | Key | Default | Extra |
+---+--+--+-+-+---+
| sogo_id   | int unsigned | NO   | | 0   |   |
| c_uid | varchar(255) | NO   | | |   |
| c_name| varchar(255) | YES  | | NULL|   |
| c_password| varchar(256) | YES  | | NULL|   |
| c_cn  | varchar(255) | NO   | | |   |
| mail  | varchar(255) | NO   | | |   |
| displayName   | varchar(255) | YES  | | NULL|   |
| kind  | varchar(100) | YES  | | NULL|   |
| multiple_bookings | int  | YES  | | NULL|   |
+---+--+--+-+-+---+

Most importantly I'd like to see the c_uid, c_name, c_password,
c_cn...

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)


--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] Postfixadmin

2022-10-06 Thread Serveria Support 

Here it is:

MariaDB [mailserver]> describe sogo_users;
++--+--+-+-+---+
| Field  | Type | Null | Key | Default | Extra |
++--+--+-+-+---+
| c_uid  | varchar(100) | NO   | | NULL|   |
| c_name | varchar(100) | NO   | | NULL|   |
| c_password | varchar(106) | NO   | | NULL|   |
| c_cn   | varchar(100) | NO   | | NULL|   |
| mail   | varchar(100) | NO   | | NULL|   |
| domain | varchar(100) | NO   | | NULL|   |
++--+--+-+-+---+
6 rows in set (0.006 sec)

But I think you're going the wrong way. Windows Mail and other software 
clients can log in and send/receive emails just fine using these 
credentials.


On 2022-10-06 21:01, Odhiambo Washington wrote:

I am expecting a table equivalent to this.

On Thu, Oct 6, 2022 at 8:50 PM Odhiambo Washington
 wrote:


On Thu, Oct 6, 2022 at 8:33 PM Serveria Support 
wrote:


Sure, here you go. It's very basic actually, I didn't make any
heavy
tweaking:


[snip]

SOGoUserSources =
(
{
type = sql;
id = users;
viewURL =
"mysql://mailuser:password@localhost:3306/mailserver/sogo_users";
canAuthenticate = YES;
isAddressBook = NO;
userPasswordAlgorithm = ssha512;
}
);

[snip]

Can you please connect to the "mailserver" database and then do:
describe table sogo_users;

I am expecting something like this:
MySQL -uUSER -ppassword mailserver # After you connect, I'd like to
see the output of
describe table sogo_users;

I am expecting to see column names and definitions:
root@localhost [mailserver]> desc sogo_users;
+---+--+--+-+-+---+
| Field | Type | Null | Key | Default | Extra |
+---+--+--+-+-+---+
| sogo_id   | int unsigned | NO   | | 0   |   |
| c_uid | varchar(255) | NO   | | |   |
| c_name| varchar(255) | YES  | | NULL|   |
| c_password| varchar(256) | YES  | | NULL|   |
| c_cn  | varchar(255) | NO   | | |   |
| mail  | varchar(255) | NO   | | |   |
| displayName   | varchar(255) | YES  | | NULL|   |
| kind  | varchar(100) | YES  | | NULL|   |
| multiple_bookings | int  | YES  | | NULL|   |
+---+--+--+-+-+---+

Most importantly I'd like to see the c_uid, c_name, c_password,
c_cn...

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)


--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] SOGO reusing Dovecot db password issue

2022-10-06 Thread Serveria Support 

MySQL4DebugEnabled = YES; line is enabled in my sogo.conf

I'm not using any hashing atm, it's a test install, but if you mean 
password algorithm I'm using ssha512 (used it as my Dovecot was using it 
already and I was too lazy to change it). It seems to be supported:


Possible values are: none, plain, crypt, md5, md5-crypt, sha256-crypt 
and sha512-crypt, smd5, cram-md5 and sha, sha256, sha512 and its ssha 
(e.g. ssha or ssha256) variants


Any ideas?

On 2022-10-06 16:35, Christian Mack wrote:

Hi

Enable debugging for mysql in sogo.conf:
MySQL4DebugEnabled = YES;

Also which password hashing are you using?
See "userPasswordAlgorithm" in "Installation and Konfiguration Guide".


Kind regards,
Christian Mack

Am 06.10.22 um 10:44 schrieb Serveria Support (supp...@serveria.com):

Hi,

Thanks for responding. I did enable all possible logging in Dovecot 
and I can see Windows Mail clients logging in successfully. But for 
some reason my SOGo connection attempts are not showing up in logs at 
all. SOGo log still shows the same error message I already posted. 
SOGo website is giving me this error: Wrong username or password.


On 2022-10-04 18:54, Odhiambo Washington wrote:

On Thu, Sep 29, 2022 at 4:01 PM Serveria Support 
wrote:


Hi,

After weeks of trying to configure iredmail package for my needs
(and
failing miserably) I decided to start everything from scratch: I
took a
vanilla Debian 11 server and installed Dovecot + Postfix + MariaDB +

Apache. Mailserver works like a charm - emails are getting
sent/delivered/stored perfectly. Users are able to log
in/authenticate.
Then I decided to add SOGo to the config and installed it, also
configured using the basic howto from sogo website. All done, web
frontend comes up. So far so good unfortunately I'm unable to
authenticate using my Dovecot users db. Here I have to add that I
didn't
create a separate table for SOGo but instead tried to reuse my
Dovecot
user credentials by creating a VIEW in my DB. However, this doesn't
seem
to work, here's my sogo.log:

Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST /SOGo/connect
HTTP/1.1" 403 34/89 0.003 - - 0 - 12
Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST' on uri

'/SOGo/connect'
2022-09-29 06:30:25.510 sogod[151286:151286]
 SQL:
SELECT c_password FROM sogo_users WHERE c_uid = 'u...@mydomain.tld';
2022-09-29 06:30:25.510 sogod[151286:151286]

query
has results, entering fetch-mode.
Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from
'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have worked
-
password policy: 65535  grace: -1  expire: -1  bound: 0
Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784 seconds
to
execute

Unfortunately, I'm not too good at reading SOGo logs and the error
message seems to be not very self-explanatory. What exactly does
this
mean? Unable to fetch password? Password didn't work? Wrong
encryption
protocol? Any suggestions?


Look at the dovecot logging configuration and bump the debugging up
and you'll get it right.

-- Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] Postfixadmin

2022-10-06 Thread Serveria Support 
names = (sogo1, sogo2); // This is an array - keep the 
parens!

  //SxVMemLimit = 384;
  //WOPidFile = "/var/run/sogo/sogo.pid";
  //SOGoMemcachedHost = "/var/run/memcached.sock";

  /* Debug */
  SOGoDebugRequests = YES;
  SoDebugBaseURL = YES;
  ImapDebugEnabled = YES;
  //LDAPDebugEnabled = YES;
  //PGDebugEnabled = YES;
  MySQL4DebugEnabled = YES;
  SOGoUIxDebugEnabled = YES;
  //WODontZipResponse = YES;
  WOLogFile = /var/log/sogo/sogo.log;
}


On 2022-10-06 15:52, Odhiambo Washington wrote:

On Thu, Oct 6, 2022 at 3:12 PM Serveria Support  wrote:


Hi,

Thanks for your reply. Yes, I realized that after posting this. I
made a
mistake I meant SOGo on port 80 and 443 not Dovecot obviously.

I did enable all possible logging in Dovecot and I can see Windows
Mail
clients logging in successfully. But for some reason my SOGo
connection
attempts are not showing up in logs at all. SOGo log still shows the

same error message I already posted. SOGo website is giving me this
error: Wrong username or password.


Let's see your complete sogo.conf, please.

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] Postfixadmin

2022-10-06 Thread Serveria Support 

Hi,

Thanks for your reply. Yes, I realized that after posting this. I made a 
mistake I meant SOGo on port 80 and 443 not Dovecot obviously.


I did enable all possible logging in Dovecot and I can see Windows Mail 
clients logging in successfully. But for some reason my SOGo connection 
attempts are not showing up in logs at all. SOGo log still shows the 
same error message I already posted. SOGo website is giving me this 
error: Wrong username or password.


On 2022-10-05 23:45, Odhiambo Washington wrote:

On Wed, Oct 5, 2022 at 4:37 PM Serveria Support  wrote:


Thanks, you're really helpful, I appreciate.

After turning Dovecot debugging on (SOGO had been enabled already)
I'm
seeing these in the log:

09:22:01 debian postfix/smtps/smtpd[267384]: SSL_accept error from
unknown[xx.xx.xx.xx]: Connection timed out
09:22:01 debian postfix/smtps/smtpd[267384]: lost connection after
CONNECT from unknown[xx.xx.xx.xx]
09:22:01 debian postfix/smtps/smtpd[267384]: disconnect from
unknown[xx.xx.xx.xx] commands=0/0

Interesting, Dovecot is configured to use http/port 80 by default,
port
443 is open but I didn't enable it as I wanted to test out with http

first. So https is necessary for SOGO to authenticate? I can see
Windows
mail connecting just fine in the same log. Any thoughts?


Dovecot can only listen on the following ports by default: 110 (POP3),
143 (IMAP4), 993 (IMAPS), 995 (POP3S).
It can never listen to port 80 (HTTP) or 443 (HTTPS) which are only
used by a web server (Nginx, Apache, Lighttpd).

The logs you are showing are from Postfix and not dovecot!
Please enable debugging on dovecot and look at the dovecot logs. You
need to be seeing SQL queries on the logs.
Please re-read your 10-logging.conf from dovecot, enable debugging are
refer to the file specified.

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] SOGO reusing Dovecot db password issue

2022-10-06 Thread Serveria Support 

Hi,

Thanks for responding. I did enable all possible logging in Dovecot and 
I can see Windows Mail clients logging in successfully. But for some 
reason my SOGo connection attempts are not showing up in logs at all. 
SOGo log still shows the same error message I already posted. SOGo 
website is giving me this error: Wrong username or password.


On 2022-10-04 18:54, Odhiambo Washington wrote:

On Thu, Sep 29, 2022 at 4:01 PM Serveria Support 
wrote:


Hi,

After weeks of trying to configure iredmail package for my needs
(and
failing miserably) I decided to start everything from scratch: I
took a
vanilla Debian 11 server and installed Dovecot + Postfix + MariaDB +

Apache. Mailserver works like a charm - emails are getting
sent/delivered/stored perfectly. Users are able to log
in/authenticate.
Then I decided to add SOGo to the config and installed it, also
configured using the basic howto from sogo website. All done, web
frontend comes up. So far so good unfortunately I'm unable to
authenticate using my Dovecot users db. Here I have to add that I
didn't
create a separate table for SOGo but instead tried to reuse my
Dovecot
user credentials by creating a VIEW in my DB. However, this doesn't
seem
to work, here's my sogo.log:

Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST /SOGo/connect
HTTP/1.1" 403 34/89 0.003 - - 0 - 12
Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST' on uri

'/SOGo/connect'
2022-09-29 06:30:25.510 sogod[151286:151286]
 SQL:
SELECT c_password FROM sogo_users WHERE c_uid = 'u...@mydomain.tld';
2022-09-29 06:30:25.510 sogod[151286:151286]

query
has results, entering fetch-mode.
Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from
'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have worked
-
password policy: 65535  grace: -1  expire: -1  bound: 0
Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784 seconds
to
execute

Unfortunately, I'm not too good at reading SOGo logs and the error
message seems to be not very self-explanatory. What exactly does
this
mean? Unable to fetch password? Password didn't work? Wrong
encryption
protocol? Any suggestions?


Look at the dovecot logging configuration and bump the debugging up
and you'll get it right.

--

Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)

Re: [SOGo] Postfixadmin

2022-10-05 Thread Serveria Support 

Thanks, you're really helpful, I appreciate.

After turning Dovecot debugging on (SOGO had been enabled already) I'm 
seeing these in the log:


09:22:01 debian postfix/smtps/smtpd[267384]: SSL_accept error from 
unknown[xx.xx.xx.xx]: Connection timed out
09:22:01 debian postfix/smtps/smtpd[267384]: lost connection after 
CONNECT from unknown[xx.xx.xx.xx]
09:22:01 debian postfix/smtps/smtpd[267384]: disconnect from 
unknown[xx.xx.xx.xx] commands=0/0


Interesting, Dovecot is configured to use http/port 80 by default, port 
443 is open but I didn't enable it as I wanted to test out with http 
first. So https is necessary for SOGO to authenticate? I can see Windows 
mail connecting just fine in the same log. Any thoughts?


On 2022-10-02 23:31, Serveria Support wrote:

Hi,

Sorry to hijack this thread, but I'm having exactly same issue. Here's
my conf file user sources part:

SOGoUserSources =
(
  {
type = sql;
id = users;
viewURL =
"mysql://mailuser:password@localhost:3306/mailserver/sogo_users";
canAuthenticate = YES;
isAddressBook = NO;
userPasswordAlgorithm = ssha512;
  }
);

I'm getting the same error TS has mentioned. Unfortunately, log file
doesn't seem to be particularly user friendly so we can only guess?


On 2022-09-30 21:44, Pierre wrote:

Hi,
Could have to do with encrytion used.
I got my setup working with the following (where "tablename" is
actually a view generated from the postfixadmin user table):

SOGoUserSources =
(
  {
type = sql; id =
directory;
viewURL mysql://user:pass@127.0.0.1:3306/dbname/tablename
[1]";
userPasswordAlgorithm = md5-crypt;
canAuthenticate = YES;
isAddressBook = YES;  }
);
SOGoSMTPAuthenticationType = PLAIN;

On Fri, Sep 30, 2022, 12:21 PM "WilliamB"  wrote:


Hi I run an Ubuntu 20.04 with postfix/dovecot and postfix admin
I am trying to get SOGo working but it will not authenticate

might not have worked - password policy: 65535  grace: -1  expire:
-1  bound:
0

Any clues please



Links:
--
[1] http://user:pass@127.0.0.1:3306/dbname/tablename

Re: [SOGo] Postfixadmin

2022-10-02 Thread Serveria Support 

Hi,

Sorry to hijack this thread, but I'm having exactly same issue. Here's 
my conf file user sources part:


SOGoUserSources =
(
  {
type = sql;
id = users;
viewURL = 
"mysql://mailuser:password@localhost:3306/mailserver/sogo_users";

canAuthenticate = YES;
isAddressBook = NO;
userPasswordAlgorithm = ssha512;
  }
);

I'm getting the same error TS has mentioned. Unfortunately, log file 
doesn't seem to be particularly user friendly so we can only guess?



On 2022-09-30 21:44, Pierre wrote:

Hi,
Could have to do with encrytion used.
I got my setup working with the following (where "tablename" is
actually a view generated from the postfixadmin user table):

SOGoUserSources =
(
  {
type = sql; id =
directory;
viewURL mysql://user:pass@127.0.0.1:3306/dbname/tablename
[1]";
userPasswordAlgorithm = md5-crypt;
canAuthenticate = YES;
isAddressBook = YES;  }
);
SOGoSMTPAuthenticationType = PLAIN;

On Fri, Sep 30, 2022, 12:21 PM "WilliamB"  wrote:


Hi I run an Ubuntu 20.04 with postfix/dovecot and postfix admin
I am trying to get SOGo working but it will not authenticate

might not have worked - password policy: 65535  grace: -1  expire:
-1  bound:
0

Any clues please



Links:
--
[1] http://user:pass@127.0.0.1:3306/dbname/tablename

[SOGo] SOGO reusing Dovecot db password issue

2022-09-29 Thread Serveria Support 

Hi,

After weeks of trying to configure iredmail package for my needs (and 
failing miserably) I decided to start everything from scratch: I took a 
vanilla Debian 11 server and installed Dovecot + Postfix + MariaDB + 
Apache. Mailserver works like a charm - emails are getting 
sent/delivered/stored perfectly. Users are able to log in/authenticate. 
Then I decided to add SOGo to the config and installed it, also 
configured using the basic howto from sogo website. All done, web 
frontend comes up. So far so good unfortunately I'm unable to 
authenticate using my Dovecot users db. Here I have to add that I didn't 
create a separate table for SOGo but instead tried to reuse my Dovecot 
user credentials by creating a VIEW in my DB. However, this doesn't seem 
to work, here's my sogo.log:


Sep 29 06:30:17 sogod [151286]: XXXIPADDRESSXXX "POST /SOGo/connect 
HTTP/1.1" 403 34/89 0.003 - - 0 - 12
Sep 29 06:30:25 sogod [151286]: |SOGo| starting method 'POST' on uri 
'/SOGo/connect'
2022-09-29 06:30:25.510 sogod[151286:151286] 
 SQL: 
SELECT c_password FROM sogo_users WHERE c_uid = 'u...@mydomain.tld';
2022-09-29 06:30:25.510 sogod[151286:151286] 
   query 
has results, entering fetch-mode.
Sep 29 06:30:25 sogod [151286]: SOGoRootPage Login from 
'XXXIPADDRESSXXX' for user 'u...@mydomain.xxx' might not have worked - 
password policy: 65535  grace: -1  expire: -1  bound: 0
Sep 29 06:30:25 sogod [151286]: |SOGo| request took 0.001784 seconds to 
execute


Unfortunately, I'm not too good at reading SOGo logs and the error 
message seems to be not very self-explanatory. What exactly does this 
mean? Unable to fetch password? Password didn't work? Wrong encryption 
protocol? Any suggestions?

[SOGo] Encrypted emails not showing (greyed out)

2022-08-20 Thread Serveria Support 



Hi,

We have configured Sogo + Dovecot mailserver. Everything was working 
fine out of the box. Then we added Dovecot mail_crypt encryption plugin 
to the config. It seems to do the job - emails are getting encrypted, 
stored etc. The only issue - emails are not being showed by Sogo (or to 
be more precise sort of a greyed out silhouette is being shown). The 
only possibly related error in Sogo logs was this:  [ERROR] 
<0x0x55f5a316b440[NGImap4Connection]> Error fetching 3 uids for url: 
imaps://(account/server data). Any ideas?

Re: [SOGo] SOGO + Dovecot + encryption

2022-07-28 Thread Serveria Support 
 then initiate the postbox of that user with the
information given to it from the authentication source and its
configuration.

In order to access the matching information from the "storage_keys"
database, there has to be a connetcion between the user in the
authentication source "users" Table and the user_id.

Hope that helps a bit.


Kind regards,
Christian Mack

Am 27.07.22 um 16:32 schrieb Serveria Support (supp...@serveria.com):

Hey guys,

I'm looking to setup a mail server with encrypted storage. I'm 
planning to use Dovecot mailserver + crypt or trees plugin for 
per-user encryption + SOGO for webmail/groupware. Encryption plugins 
need to store some additional data like password hash algo, salt etc. 
(see example scheme below) in SQL:


CREATE TABLE `storage_keys` (
   `id` int(11) NOT NULL AUTO_INCREMENT,
   `enabled` tinyint(4) DEFAULT '1',
   `version` tinyint(4) DEFAULT '1',
   `public_key` text,
   `pwhash_algo` tinyint(4) DEFAULT '1',
   `pwhash_opslimit` int(11) DEFAULT NULL,
   `pwhash_memlimit` int(11) DEFAULT NULL,
   `pwhash_salt` varchar(255) DEFAULT NULL,
   `sk_nonce` varchar(255) DEFAULT NULL,
   `locked_secretbox` text,
   `user_id` int(11) DEFAULT NULL,
   PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT DEFAULT

How can I make it work with SOGO? So far, at a first glance, there's a 
table named 'users' in SOGO db
which contains usernames, passwords etc of SOGO users. However, it's 
not very clear how Dovecot is communicating with SOGO?
Dovecot users = SOGO users? Or SOGO grabs Dovecot users and copies 
them into this 'users' table?
Perhaps someone here can guide me on how it works and how to connect 
SOGO with Dovecot crypt plugins properly?


BR,
Paul
serveria.com

--
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] SOGO + Dovecot + encryption

2022-07-27 Thread Serveria Support 



Hey guys,

I'm looking to setup a mail server with encrypted storage. I'm planning 
to use Dovecot mailserver + crypt or trees plugin for per-user 
encryption + SOGO for webmail/groupware. Encryption plugins need to 
store some additional data like password hash algo, salt etc. (see 
example scheme below) in SQL:


CREATE TABLE `storage_keys` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `enabled` tinyint(4) DEFAULT '1',
  `version` tinyint(4) DEFAULT '1',
  `public_key` text,
  `pwhash_algo` tinyint(4) DEFAULT '1',
  `pwhash_opslimit` int(11) DEFAULT NULL,
  `pwhash_memlimit` int(11) DEFAULT NULL,
  `pwhash_salt` varchar(255) DEFAULT NULL,
  `sk_nonce` varchar(255) DEFAULT NULL,
  `locked_secretbox` text,
  `user_id` int(11) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT DEFAULT

How can I make it work with SOGO? So far, at a first glance, there's a 
table named 'users' in SOGO db
which contains usernames, passwords etc of SOGO users. However, it's not 
very clear how Dovecot is communicating with SOGO?
Dovecot users = SOGO users? Or SOGO grabs Dovecot users and copies them 
into this 'users' table?
Perhaps someone here can guide me on how it works and how to connect 
SOGO with Dovecot crypt plugins properly?


BR,
Paul
serveria.com
--
users@sogo.nu
https://inverse.ca/sogo/lists

[SOGo] File sharing integration

2017-05-07 Thread Serveria Support 
 

Hi guys, 

I wonder if there's a possibility to integrate some kind of a file
sharing addon/app into SOGO? Something SAMBA/NFS based perhaps? I've
looked at OwnCloud but it my case that would be an overkill as we only
need file sharing functionality really. If you have some experience
please share. 

-- 

Kind Regards, 

Support Team
SERVERIA.COM
Riga, LV-1063, Latvia
US: +1 (213) 224-7938
LV: + (371) 22330032 

Skype: bighostlv
supp...@serveria.com
www.serveria.com 
-- 
users@sogo.nu
https://inverse.ca/sogo/lists