Webmail Login Issues and 404 Error

admin1 · December 6, 2024, 5:30pm

I am experiencing an issue with webmail on some of the domains hosted on my server, and I’m looking for assistance in resolving it.

For several domains, users are getting the “Invalid Login” error even though the login credentials are correct. For other domains, instead of the login screen, I’m getting a “Hmm. We’re having trouble finding that site” message when trying to access webmail.

the following is the error logs i get
[07-Dec-2024 11:54:06 +0000]: IMAP Error: Login failed for [email protected] against localhost from 103.186.234.3 (X-Forwarded-For: 103.186.234.3). AUTHENTICATE PLAIN: Temporary authentication failure. [www.leseries.net:2024-12-07 11:54:06] in /var/lib/roundcube/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login)
^C

Dec 07 11:53:06 auth: Error: passwd-file([email protected],127.0.0.1,<8ARNxqwojuh/AAAB>): stat(/etc/exim4/domains/imltd.net/passwd) failed: Permission denied (euid=119(dovecot) egid=125(dovecot) missing +x perm: /etc/exim4/domains/imltd.net, we’re not in group 1003(eiml), dir owned by 1003:1003 mode=0750)
Dec 07 11:53:08 imap-login: Info: Disconnected: Connection closed (auth service reported temporary failure): user=[email protected], method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<8ARNxqwojuh/AAAB>

sahsanu · December 7, 2024, 2:07pm

You should check Dovecot’s log: /var/log/dovecot.log

Also, check the free space: df -h

admin1 · December 7, 2024, 2:27pm

The dovecot logs and disk space are as follows:

Dec 07 14:18:15 auth: Error: passwd-file([email protected],127.0.0.1,<YXZdza4odud/AAAB>): stat(/etc/exim4/domains/imltd.net/passwd) failed: Permission denied (euid=119(dovecot) egid=125(dovecot) missing +x perm: /etc/exim4/domains/imltd.net, we're not in group 1003(eiml), dir owned by 1003:1003 mode=0750)
Dec 07 14:18:17 imap-login: Info: Disconnected: Connection closed (auth service reported temporary failure): user=<[email protected]>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<YXZdza4odud/AAAB>
Dec 07 14:18:58 pop3-login: Info: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=103.186.234.23, lip=134.119.189.43, session=<RYvtz64o9NxnuuoX>
Dec 07 14:19:11 imap-login: Info: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=178.135.18.219, lip=134.119.189.43, TLS handshaking: Connection closed, session=<mVK20K4oHAayhxLb>
Dec 07 14:19:11 imap-login: Info: Disconnected: Connection closed (no auth attempts in 0 secs): user=<>, rip=178.135.18.219, lip=134.119.189.43, TLS handshaking: Connection closed, session=<k6G

root@www:/var/log# df -h
Filesystem      Size  Used Avail Use% Mounted on
tmpfs           2.0G  2.1M  2.0G   1% /run
/dev/sda2       428G  199G  209G  49% /
tmpfs           9.8G  1.2M  9.8G   1% /dev/shm
tmpfs           5.0M     0  5.0M   0% /run/lock
/usr/tmpDSK     9.8G   16K  9.8G   1% /tmp
/dev/sda3       974M  242M  665M  27% /boot
tmpfs           2.0G  4.0K  2.0G   1% /run/user/1004
root@www:/var/log#

sahsanu · December 7, 2024, 2:44pm

What happened here?

namei -mo /etc/exim4/domains/imltd.net/passwd

admin1 · December 7, 2024, 3:23pm

root@www:/var/log# namei -mo /etc/exim4/domains/imltd.net/passwd
f: /etc/exim4/domains/imltd.net/passwd
 drwxr-xr-x root        root       /
 drwxr-xr-x root        root       etc
 drwxr-xr-x Debian-exim adm        exim4
 drwxr-xr-x Debian-exim adm        domains
 lrwxrwxrwx eiml        eiml       imltd.net -> /home/eiml/conf/mail/imltd.net
   drwxr-xr-x root        root       /
   drwxr-xr-x hestiamail  hestiamail home
   drwxr-x--x root        root       eiml
   drwxr-xr-x root        root       conf
   drwxr-x--x eiml        eiml       mail
   drwxr-x--- eiml        eiml       imltd.net
 -rw-r----- eiml        eiml       passwd
root@www:/var/log#

sahsanu · December 7, 2024, 4:24pm

Did you modify the perms and owner/group for those dirs? I’m asking because you are not using the righ owner/group, this is what it should look like so you can compare:

f: /etc/exim4/domains/imltd.net/passwd
 drwxr-xr-x root        root /
 drwxr-xr-x root        root etc
 drwxr-xr-x root        root exim4
 drwxr-xr-x root        root domains
 lrwxrwxrwx root        root imltd.net -> /home/eiml/conf/mail/imltd.net
   drwxr-xr-x root        root /
   drwxr-xr-x root        root home
   drwxr-xr-x root        root eiml
   drwxr-xr-x root        root conf
   drwxr-x--x root        root mail
   drwxrwx--x Debian-exim mail imltd.net
 -rw-rw---- dovecot     mail passwd

You could try to rebuild the user:

sudo su -
v-rebuild-user eiml

admin1 · December 8, 2024, 10:27pm

Hello,

Some of the webmails show the following error. Why this happening

sahsanu · December 8, 2024, 10:31pm

The subdomain webmail.lehospital.com doesn’t have an A record assigned in Cloudflare, you should add one.

Regarding the other issue, the rebuild fixed the perms?

sahsanu · December 8, 2024, 11:14pm

If you are going to use Cloudflare as a Proxy, you should use Full mode or better Full Strict mode. Right now Cloudflare redirects https to http.

Show again the output of this command:

namei -mo /etc/exim4/domains/imltd.net/passwd

If rebuild didn’t fix it, you should modify manually the perms. If I’ve time, tomorrow I could do a script to do it for you.

admin1 · December 8, 2024, 11:17pm

root@www:/var/log/roundcube# namei -mo /etc/exim4/domains/imltd.net/passwd
f: /etc/exim4/domains/imltd.net/passwd
drwxr-xr-x root root /
drwxr-xr-x root root etc
drwxr-xr-x Debian-exim adm exim4
drwxr-xr-x Debian-exim adm domains
lrwxrwxrwx eiml eiml imltd.net → /home/eiml/conf/mail/imltd.net
drwxr-xr-x root root /
drwxr-xr-x hestiamail hestiamail home
drwxr-x–x eiml eiml eiml
drwxr-xr-x eiml eiml conf
drwxr-x–x eiml eiml mail
drwxr-x— root root imltd.net
-rwxrwxrwx dovecot eiml passwd

admin1 · December 8, 2024, 11:22pm

After updating the A records, the webmail loads the webmail page. But I can’t access it. Again login failed. it is showing the following error again:

[08-Dec-2024 23:13:49 +0000]: IMAP Error: Login failed for [email protected] against localhost from 103.186.234.3 (X-Forwarded-For: 103.186.234.3, 103.186.234.3). AUTHENTICATE PLAIN: Temporary authentication failure. [www.leseries.net:2024-12-08 23:13:49] in /var/lib/roundcube/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login)
[08-Dec-2024 23:14:10 +0000]: IMAP Error: Login failed for [email protected] against localhost from 103.186.234.3 (X-Forwarded-For: 103.186.234.3, 103.186.234.3). AUTHENTICATE PLAIN: Temporary authentication failure. [www.leseries.net:2024-12-08 23:14:10] in /var/lib/roundcube/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login)

sahsanu · December 9, 2024, 12:34am

Execute this as root to fix imltd.net:

chown -R Debian-exim:mail /home/eiml/conf/mail/imltd.net
chown root:eiml /home/eiml/conf/mail/imltd.net/apache*
chown root:eiml /home/eiml/conf/mail/imltd.net/nginx*
chown Debian-exim:mail /home/eiml/conf/mail/imltd.net/*letsencrypt
chown dovecot:mail /home/eiml/conf/mail/imltd.net/passwd
chmod 660 /home/eiml/conf/mail/imltd.net/passwd

If it doesn’t work is because you messed other dirs using the wrong chmod and chown commands (don’t do that again).

admin1 · December 9, 2024, 12:50am

ya, I tried this.

again shows the same error
[09-Dec-2024 00:49:33 +0000]: <3uq3d8e5> IMAP Error: Login failed for [email protected] against localhost from 103.186.234.3 (X-Forwarded-For: 103.186.234.3). AUTHENTICATE PLAIN: Authentication failed. in /var/lib/roundcube/program/lib/Roundcube/rcube_imap.php on line 211 (POST /?_task=login&_action=login)

sahsanu · December 9, 2024, 12:54am

If you modified the owner:group and perms as I posted, show the log for dovecot (/var/log/dovecot.log) for the same user [email protected]

admin1 · December 9, 2024, 1:06am

ya, it is working, let me try all other domains.

admin1 · December 9, 2024, 7:33pm

Hello,

I think the webmail issues are resolved, But My most important issue is that my team cannot use imltd.net on Outlook. Some can use webmail, and others can not.

on checking, the error logs:

An error occurred while sending mail: Outgoing server (SMTP) error. The server responded: TLS currently unavailable.

C
root@www:/var/log/exim4# ls -l /usr/local/hestia/ssl/certificate.crt /usr/local/hestia/ssl/certificate.key
-rw-r----- 1 root dovecot 1984 May 24 2024 /usr/local/hestia/ssl/certificate.crt
-rw-r----- 1 root dovecot 3272 May 24 2024 /usr/local/hestia/ssl/certificate.key
root@www:/var/log/exim4#
root@www:/var/log/exim4#
root@www:/var/log/exim4#

any issues with the permissions.

What’s puzzling is that the mail system worked previously with the permissions seemingly incorrect, and no changes were made to the server apart from PHP package updates. I am the only one with SSH access, so no unauthorized modifications should have occurred.

Is there a possibility that the recent PHP updates affected other configurations, such as permissions or ownership settings? This could potentially explain the issue, though PHP updates generally shouldn’t directly interfere with mail server configurations unless there are shared dependencies or processes that were impacted.

sahsanu · December 9, 2024, 11:06pm

No, I don’t think so.

Maybe you did it and can’t remember it or you executed some script that modified them…

If I’ve no error log or the conf that your users are using to connect to your mail server I only can guess.

Regarding IMAP:

If your users are using mail.imltd.net as server and port 143 (STARTTLS) or 993 (TLS) they should connect, you are serving the right cert:

❯ ssl_check mail.imltd.net 143
2024-12-09 23:54 - Checking mail.imltd.net on port 143

issuer=C = US, O = Let's Encrypt, CN = R11
subject=CN = mail.imltd.net
notBefore=Dec  9 14:42:10 2024 GMT
notAfter=Mar  9 14:42:09 2025 GMT
SANs: mail.imltd.net,webmail.imltd.net

❯ ssl_check mail.imltd.net 993
2024-12-09 23:54 - Checking mail.imltd.net on port 993

issuer=C = US, O = Let's Encrypt, CN = R11
subject=CN = mail.imltd.net
notBefore=Dec  9 14:42:10 2024 GMT
notAfter=Mar  9 14:42:09 2025 GMT
SANs: mail.imltd.net,webmail.imltd.net

If the error is due to permissions, you should check the dovecot.log again, as there might still be some permission errors.

Regarding SMTP:

Your are not serving any certificate for mail.imltd.net, neither your server name leseries.net and that is a big problem, you should check Exim to know what’s going on.

❯ ssl_check mail.imltd.net 25
2024-12-09 23:58 - Checking mail.imltd.net on port 25

❯ ssl_check mail.imltd.net 465
2024-12-09 23:58 - Checking mail.imltd.net on port 465

❯ ssl_check mail.imltd.net 587
2024-12-09 23:59 - Checking mail.imltd.net on port 587

Wait, are you saying that users on the same domain can access webmail while others can’t?

admin1 · December 9, 2024, 11:23pm

Thank you for your reply
users from the same domain can access webmail but not Outlook