Mail authorization problems after upgrade to 1.7.0

After upgrade to 1.7.0 i got many errors like
auth: Info: passwd-file([email protected],XXX.XXX.XXX.XXX,<dfadasdfasdffdsg>): Password mismatch
It happened because after rebuild mail domain, all hash schemas became BLF-CRYPT. But I have some old mail boxes, migrated from vestacp with MD5 and SSHA512. After rebuild, they became BLF-CRYPT and authorization broken.
I restore these settings from backup, but have question.
Is there some way to avoid a situation like this in the future, except recreate new passwords for users? I know that it is a necessary way for security, but.

We should never update the password for the mail accounts on rebuild:

Wonder what the contents was of /usr/local/hestia/data/users/user/mail/

I’m having the same issue.

I didn’t do anything special - my server just automatically updated to 1.7.0 and now I get the same errors in my /var/log/dovecot.log file:

Mar 26 19:56:05 auth: Info: missing passwd file: /etc/exim4/domains//passwd
Mar 26 19:56:24 imap-login: Info: Login: user=[email protected], method=PLAIN, rip=X.X.X.X, lip=X.X.X.X, mpid=732197, TLS, session=
Mar 26 19:56:28 imap([email protected])<732197>: Info: Disconnected: Connection closed (IDLE running for 0.001 + waiting input for 0.016 secs, 2 B in + 10 B out, state=wait-input) in=743 out=2906 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0

…and I’m unable to login to my mail both via. Outlook and Roundcube (as expected)

Is there a fix for this? - eg. simply reset the mailbox password or do I delete and re-create the mailbox :frowning:

Can you DM me the contents of /usr/local/hestia/data/users/{user}/mail/domain.conf of a an affected domain?

Sent - Thank you @eris

Yes, I found stored wrong password hashes in /usr/local/hestia/data/users/user/mail/ .
І know what happened, now. Thank you.
When I migrated from old vesta server I manually migrate data from exim directory after create same users on new server but forgot about and data there.

Same problem, after the update all emails with MD5 hashed password are inaccessible from Roundcube, new accounts with BLF-CRYPT hashed password work normally.



Strange issue…

Have no idea why it broke…

It appears Debian 11 drops MD5 password compatibility.

Can you check if you didn’t accidentally updated the config files in /etc/dovecot/conf.d/auth-passwdfile.conf.ext