Join Log in
Score:0
SKNB avatar Server

Configuring Roundcube password plugin with Postfix/Dovecot

kr flag
SKNB

I am using Roundcube v1.6.0, and I am trying to get the Password Plugin to work properly.

However, I am getting the following error message (in browser):

Could not save new password.
Encryption function missing.

Why does Roundcube want to access my private key?

I am using Postfix/Dovecot configured for virtual users with Postfixadmin.

Configuration

/srv/live/php/roundcubemail-1.6.0/logs/errors.log

[13-Dec-2022 11:16:31 -0500]: PHP Error: Password plugin: Failed to execute command: /usr/bin/doveadm pw -s 'CRAM-MD5'.  
Error: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 12: ssl_cert: Can't open file /etc/ssl/private/fullchain.pem: Permission denied in /srv/live/php/roundcubemail-1.6.0/plugins/password/password.php on line 747 (POST /?_task=settings&_action=plugin.password-save)

edit: I mistakenly listed the below as the Roundcube main config file; this is the password plugin config

/srv/live/php/roundcubemail-1.6.0/plugins/password

$config['password_driver'] = 'sql';
$config['password_strength_driver'] = 'zxcvbn';
$config['password_zxcvbn_min_score'] = 5;
$config['password_confirm_current'] = true;
$config['password_minimum_length'] = 8;
$config['password_minimum_score'] = 0;
$config['password_algorithm'] = 'dovecot';
$config['password_algorithm_options'] = [];
$config['password_algorithm_prefix'] = '';
$config['password_dovecotpw'] = '/usr/bin/doveadm pw';
$config['password_dovecotpw_method'] = 'CRAM-MD5';
$config['password_dovecotpw_with_method'] = true;

/etc/dovecot/dovecot-sql.conf

driver = mysql
connect = host=localhost dbname=postfix_db user=postfix password=<redacted>
default_pass_scheme = MD5-CRYPT
user_query = SELECT '/var/www/mail/vmail/%d/%n' as home, 'maildir:/var/www/mail/vmail/%d/%n' as mail, 2000 AS uid, 2000 AS gid, concat('dirsize:storage=',  quota) AS quota FROM mailbox WHERE username = '%u' AND active = '1'
# Get the password
password_query = SELECT username as user, password, '/var/www/mail/vmail/%d/%n' as userdb_home, 'maildir:/var/www/mail/vmail/%d/%n' as userdb_mail, 2000 as userdb_uid, 2000 as userdb_gid FROM mailbox WHERE username = '%u' AND active = '1'
# If using client certificates for authentication, comment the above and uncomment the following
#password_query = SELECT null AS password, ‘%u’ AS user

Thank you so much in advance for your help!

sidenote: I was unable to find any posts detailing my exact problem.

I did find two posters with rather similar setups/errors that were solved by changing Dovecot's password schema from MD5 to bcrypt. I am not sure why that might help; but since I was planning to do this anyway please let me know if this is somehow the solution.

995
1 + 0
Score:0
SKNB avatar Server
kr flag
SKNB

It was a long journey, but I fixed it. Ended up going to the Postfixadmin git and finding this issue with this post. The subsequent error Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied was solved thanks to this post

To summarize:

1. Make new dovecot config file

You will first make a new file in /etc/dovecot/ (or wherever your dovecot config files lives).
I call mine ssl-keys.conf. The permissions for this file are 0600 (owner is root:root)

This will contain only two (2) lines that are moved from your primary dovecot config file (presumably dovecot.conf):

ssl-keys.conf

ssl_cert                   = </etc/ssl/private/fullchain.pem
ssl_key                    = </etc/ssl/private/privkey.pem

2. Modify the main dovecot config file

In dovecot.conf, add the following lines

!include_try ssl-keys.conf

service stats {
    unix_listener stats-reader {
        group = vmail
        mode = 0666
    }

    unix_listener stats-writer {
        group = vmail
        mode = 0666
    }
}

Make sure postfixadmin is part of the dovecot/vmail group (where vmail is your mail or virtual user group).

If you have not done so already, remove the lines from dovecot.conf that you added to new file ssl-keys.conf. Leave everything else as is.

3. Modify the dovecot database config file

In your Dovecot database config file (dovecot-sql.conf for me) modify the following:

default_pass_scheme = BLF-CRYPT

In your Roundcube password plugin config file, modify the following (the rest is the same as my OP):

$config['password_dovecotpw_method'] = 'BLF-CRYPT';
$config['password_dovecotpw'] = '/usr/bin/doveadm pw -r 12';
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.