starred/ViMbAdmin-opensolutions
1
0
Fork 0
mirror of https://github.com/opensolutions/ViMbAdmin.git synced 2026-04-26 00:36:00 +03:00
Code Issues 16 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #307] error creating mailbox #248

New issue
Open
opened 2026-02-26 09:37:05 +03:00 by kerem · 4 comments
kerem commented 2026-02-26 09:37:05 +03:00
Owner
Copy link

Originally created by @winne27 on GitHub (May 2, 2023).
Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/307

the following error is raised by creating a mailbox with ViMbAdmin

`ViMbAdmin_Exception

File
/opt/ViMbAdmin/library/ViMbAdmin/Dovecot.php
Line
57
Message
Error executing Dovecot password command: /usr/bin/doveadm pw -s 'BLF-CRYPT' -u 'username' -p 'pw'
Code
0
`

Environment:
ubuntu 22.04
PHP 8.2
dovecot 2.3.16

/usr/bin/doveadm is executable for all

on cli the command is executed succesfull.

Originally created by @winne27 on GitHub (May 2, 2023). Original GitHub issue: https://github.com/opensolutions/ViMbAdmin/issues/307 the following error is raised by creating a mailbox with ViMbAdmin `ViMbAdmin_Exception File /opt/ViMbAdmin/library/ViMbAdmin/Dovecot.php Line 57 Message Error executing Dovecot password command: /usr/bin/doveadm pw -s 'BLF-CRYPT' -u 'username' -p 'pw' Code 0 ` **Environment:** ubuntu 22.04 PHP 8.2 dovecot 2.3.16 /usr/bin/doveadm is executable for all on cli the command is executed succesfull.
kerem commented 2026-02-26 09:37:05 +03:00
Author
Owner
Copy link

@winne27 commented on GitHub (May 2, 2023):

the problem is that www-data cannot read the letsencrypt certificates in /etc/archive/domain/. Read access for fullchain.pem and privatkey.pem is neccessary for executing doveadm. But the dir archive is only readable by root and privatekey.pem also.

A workarround is to give read access to this directories and files, to all, at least temporarily. This works for me.

I tried some solutions with sudo, but it did not work work.

<!-- gh-comment-id:1532129913 --> @winne27 commented on GitHub (May 2, 2023): the problem is that www-data cannot read the letsencrypt certificates in /etc/archive/domain/. Read access for fullchain.pem and privatkey.pem is neccessary for executing doveadm. But the dir archive is only readable by root and privatekey.pem also. A workarround is to give read access to this directories and files, to all, at least temporarily. This works for me. I tried some solutions with sudo, but it did not work work.
kerem commented 2026-02-26 09:37:05 +03:00
Author
Owner
Copy link

@PhrozenByte commented on GitHub (May 3, 2023):

Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following:

SELECT username AS user,
    CASE
        WHEN password LIKE '{%}%'
            THEN password
        WHEN password LIKE '$1$%'
            THEN CONCAT('{MD5}', password)
        WHEN password LIKE '$2a$%'
            THEN CONCAT('{BLF-CRYPT}', password)
        WHEN password LIKE '$5$%'
            THEN CONCAT('{SHA256-CRYPT}', password)
        WHEN password LIKE '$6$%'
            THEN CONCAT('{SHA512-CRYPT}', password)
        ELSE
            password
    END AS password,
    homedir AS userdb_home,
    maildir AS userdb_mail,
    CONCAT('*:bytes=', quota) AS userdb_quota_rule,
    uid AS userdb_uid,
    gid AS userdb_gid
FROM mailbox
WHERE username = '%Lu'
    AND ( access_restriction = 'ALL' OR LOCATE('%Us', access_restriction) > 0 )
<!-- gh-comment-id:1532736805 --> @PhrozenByte commented on GitHub (May 3, 2023): Switch to `defaults.mailbox.password_scheme = "crypt:sha512"` (or any other `crypt:` scheme) and configure a Dovecot SQL query like the following: ```sql SELECT username AS user, CASE WHEN password LIKE '{%}%' THEN password WHEN password LIKE '$1$%' THEN CONCAT('{MD5}', password) WHEN password LIKE '$2a$%' THEN CONCAT('{BLF-CRYPT}', password) WHEN password LIKE '$5$%' THEN CONCAT('{SHA256-CRYPT}', password) WHEN password LIKE '$6$%' THEN CONCAT('{SHA512-CRYPT}', password) ELSE password END AS password, homedir AS userdb_home, maildir AS userdb_mail, CONCAT('*:bytes=', quota) AS userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid FROM mailbox WHERE username = '%Lu' AND ( access_restriction = 'ALL' OR LOCATE('%Us', access_restriction) > 0 ) ```
kerem commented 2026-02-26 09:37:06 +03:00
Author
Owner
Copy link

@winne27 commented on GitHub (May 3, 2023):

Thanks for your immidiate answer. Meanwhile I found the reason for the error: permissions!

The command /usr/bin/doveadm needs read access to the letsencrypt certs in /etc/letsencrypt/archive/domain.tld. But only root has read access to the privkey. For that running by the webserver (www-data) the command fails.

A workaround is to allow temporarily read for all cert files to all.

Now I tried your suggestion successfully - thanks.

Von: "Laura Kolčavová" @.>
An: "opensolutions/ViMbAdmin" @.>
CC: "Werner Schäffer" @.>, "Author" @.>
Gesendet: Mittwoch, 3. Mai 2023 11:45:49
Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307)

Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following:
SELECT username AS user,
CASE
WHEN password LIKE ' {%}% ' THEN password
WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password)
WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password)
WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password)
WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password)
ELSE
password
END AS password,
homedir AS userdb_home,
maildir AS userdb_mail,
CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule,
uid AS userdb_uid,
gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 )


Reply to this email directly, [ https://github.com/opensolutions/ViMbAdmin/issues/307#issuecomment-1532736805 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] .
You are receiving this because you authored the thread. Message ID: @.***>

<!-- gh-comment-id:1532986803 --> @winne27 commented on GitHub (May 3, 2023): Thanks for your immidiate answer. Meanwhile I found the reason for the error: permissions! The command /usr/bin/doveadm needs read access to the letsencrypt certs in /etc/letsencrypt/archive/domain.tld. But only root has read access to the privkey. For that running by the webserver (www-data) the command fails. A workaround is to allow temporarily read for all cert files to all. Now I tried your suggestion successfully - thanks. Von: "Laura Kolčavová" ***@***.***> An: "opensolutions/ViMbAdmin" ***@***.***> CC: "Werner Schäffer" ***@***.***>, "Author" ***@***.***> Gesendet: Mittwoch, 3. Mai 2023 11:45:49 Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307) Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following: SELECT username AS user, CASE WHEN password LIKE ' {%}% ' THEN password WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password) WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password) WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password) WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password) ELSE password END AS password, homedir AS userdb_home, maildir AS userdb_mail, CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 ) — Reply to this email directly, [ https://github.com/opensolutions/ViMbAdmin/issues/307#issuecomment-1532736805 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] . You are receiving this because you authored the thread. Message ID: ***@***.***>
kerem commented 2026-02-26 09:37:06 +03:00
Author
Owner
Copy link

@winne27 commented on GitHub (May 3, 2023):

Your SQL didn't work. I found the following at [ https://github.com/opensolutions/ViMbAdmin/issues/277 | https://github.com/opensolutions/ViMbAdmin/issues/277 ] and it works for me
SELECT
CASE
WHEN LEFT(password,4) = '$2y$' THEN CONCAT('{CRYPT}', password)
WHEN LEFT(password,3) = '$6$' THEN CONCAT('{SHA512-CRYPT}', password)
WHEN LEFT(password,3) = '$5$' THEN CONCAT('{SHA256-CRYPT}', password)
WHEN LEFT(password,3) = '$1$' THEN CONCAT('{MD5-CRYPT}', password)
END AS password
FROM mailbox
WHERE username='%u'

Von: "Laura Kolčavová" @.>
An: "opensolutions/ViMbAdmin" @.>
CC: "Werner Schäffer" @.>, "Author" @.>
Gesendet: Mittwoch, 3. Mai 2023 11:45:49
Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307)

Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following:
SELECT username AS user,
CASE
WHEN password LIKE ' {%}% ' THEN password
WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password)
WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password)
WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password)
WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password)
ELSE
password
END AS password,
homedir AS userdb_home,
maildir AS userdb_mail,
CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule,
uid AS userdb_uid,
gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 )


Reply to this email directly, [ https://github.com/opensolutions/ViMbAdmin/issues/307#issuecomment-1532736805 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] .
You are receiving this because you authored the thread. Message ID: @.***>

<!-- gh-comment-id:1533055816 --> @winne27 commented on GitHub (May 3, 2023): Your SQL didn't work. I found the following at [ https://github.com/opensolutions/ViMbAdmin/issues/277 | https://github.com/opensolutions/ViMbAdmin/issues/277 ] and it works for me SELECT \ CASE \ WHEN LEFT(password,4) = '$2y$' THEN CONCAT('{CRYPT}', password) \ WHEN LEFT(password,3) = '$6$' THEN CONCAT('{SHA512-CRYPT}', password) \ WHEN LEFT(password,3) = '$5$' THEN CONCAT('{SHA256-CRYPT}', password) \ WHEN LEFT(password,3) = '$1$' THEN CONCAT('{MD5-CRYPT}', password) \ END AS password \ FROM mailbox \ WHERE username='%u' Von: "Laura Kolčavová" ***@***.***> An: "opensolutions/ViMbAdmin" ***@***.***> CC: "Werner Schäffer" ***@***.***>, "Author" ***@***.***> Gesendet: Mittwoch, 3. Mai 2023 11:45:49 Betreff: Re: [opensolutions/ViMbAdmin] error creating mailbox (Issue #307) Switch to defaults.mailbox.password_scheme = "crypt:sha512" (or any other crypt: scheme) and configure a Dovecot SQL query like the following: SELECT username AS user, CASE WHEN password LIKE ' {%}% ' THEN password WHEN password LIKE ' $1$% ' THEN CONCAT( ' {MD5} ' , password) WHEN password LIKE ' $2a$% ' THEN CONCAT( ' {BLF-CRYPT} ' , password) WHEN password LIKE ' $5$% ' THEN CONCAT( ' {SHA256-CRYPT} ' , password) WHEN password LIKE ' $6$% ' THEN CONCAT( ' {SHA512-CRYPT} ' , password) ELSE password END AS password, homedir AS userdb_home, maildir AS userdb_mail, CONCAT( ' *:bytes= ' , quota) AS userdb_quota_rule, uid AS userdb_uid, gid AS userdb_gid FROM mailbox WHERE username = ' %Lu ' AND ( access_restriction = ' ALL ' OR LOCATE( ' %Us ' , access_restriction) > 0 ) — Reply to this email directly, [ https://github.com/opensolutions/ViMbAdmin/issues/307#issuecomment-1532736805 | view it on GitHub ] , or [ https://github.com/notifications/unsubscribe-auth/AB2CDVYO7F2MERLFBX4HMTDXEISM3ANCNFSM6AAAAAAXTGOCSU | unsubscribe ] . You are receiving this because you authored the thread. Message ID: ***@***.***>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/composer/smarty/smarty-4.3.1
v2
3.4.1
3.4.0
3.3.0
3.2.1
3.2.0
3.1.1
3.1.0
3.0.15
3.0.14
3.0.13
3.0.12
3.0.11
2.2.4
3.0.10
3.0.9
3.0.8
3.0.7
3.0.6
3.0.5
3.0.4
3.0.3
3.0.2
3.0.1
3.0.0
2.2.3
2.2.2
2.2.1
2.2.0
2.1.0
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.1
2.0.0
0.3.4
0.3.3
0.3.2
0.3.1
0.3
Labels
Clear labels   
bug

   
feature

   
feature

   
improvement

   
improvement

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
feature
feature
improvement
improvement
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/ViMbAdmin-opensolutions#248
No description provided.