1

Topic: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version:
- Linux/BSD distribution name and version:
- Any related log? Log is helpful for troubleshooting.
==== ==== Provide required information to help troubleshoot and get quick answer ====
- iRedMail version:  7.4 - 8.0
- Linux/BSD distribution name and version: Ubuntu 12.04 LTS
- Any related log? Log is helpful for troubleshooting.
====

First:
Installed iRedMail on Ubuntu 11 with MySQL backend.
Everything went as planned.
Imap working, SQL storing un / passwords.

Next:
Updated 7.4 to 8.0 based on instructions
http://iredmail.org/wiki/index.php?titl … .7.4-0.8.0

Next:
Updated Ubunto to 12.04 LTS
Tested IreadMail.  Everything still seems ok.

Next:
Installed SOGO as instructions found on this blog post:
http://www.wynni.com/iredmail-sogo-mysq … ntication/


Roundcube, No users can login.  (password error)
iRedAdmin - Newly created admins cannot login.
MySQL - passwords are stored as plain text.
Outlook - no longer can connect via IMAP.

Apache logs look ok.
Errors exist in dovecot log and mail.log

May 10 02:04:58 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<olga@domainxxxx.com>, method=PLAIN, rip=127.0.0.1, lip=127.0$
May 10 02:06:47 auth-worker: Info: mysql(127.0.0.1): Connected to database vmail
May 10 02:06:47 auth-worker: Error: sql(frank@domainxxxx.com,127.0.0.1): Password data is not valid for scheme PLAIN-MD5: Input isn't valid b$
May 10 02:06:49 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<frank@domainxxxx.com>, method=PLAIN, rip=127.0.0.1, lip=127.$
May 10 02:06:57 auth-worker: Error: sql(jello@domainxxxx.com,127.0.0.1): Password data is not valid for scheme PLAIN-MD5: Input length isn't $
May 10 02:06:59 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<jello@domainxxxx.com>, method=PLAIN, rip=127.0.0.1, lip=127.$
May 10 02:10:03 auth-worker: Info: mysql(127.0.0.1): Connected to database vmail
May 10 02:10:03 dict: Info: mysql(127.0.0.1): Connected to database vmail
May 10 02:14:59 auth-worker: Error: sql(frank@domainxxxx.com,127.0.0.1): Password data is not valid for scheme PLAIN-MD5: Input isn't valid b$
May 10 02:15:01 imap-login: Info: Aborted login (auth failed, 1 attempts): user=<frank@domainxxxx.com>, method=PLAIN, rip=127.0.0.1, lip=127.$
May 10 02:15:36 auth-worker: Error: sql(frank@domainxxxx.com,99.7.136.83): Password data is not valid for scheme PLAIN-MD5: Input isn't valid$
May 10 02:16:57 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<frank@domainxxxx.com>, method=PLAIN, rip=99.7.136.83, lip=10.$
May 10 02:16:57 auth-worker: Error: sql(frank@domainxxxx.com,99.7.136.83): Password data is not valid for scheme PLAIN-MD5: Input isn't valid$
May 10 02:17:01 auth-worker: Error: sql(frank@domainxxxx.com,99.7.136.83): Password data is not valid for scheme PLAIN-MD5: Input isn't valid$
May 10 02:17:02 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<frank@domainxxxx.com>, method=PLAIN, rip=99.7.136.83, lip=10.$
May 10 02:17:05 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<frank@domainxxxx.com>, method=PLAIN, rip=99.7.136.83, lip=10.$
May 10 02:17:09 auth-worker: Error: sql(frank@domainxxxx.com,99.7.136.83): Password data is not valid for scheme PLAIN-MD5: Input isn't valid$
May 10 02:17:11 imap-login: Info: Disconnected (auth failed, 1 attempts): user=<frank@domainxxxx.com>, method=PLAIN, rip=99.7.136.83, lip=10.$

Mail.log:
May 10 02:04:08 berlin postfix/master[1607]: daemon started -- version 2.9.1, configuration /etc/postfix
May 10 02:04:47 berlin roundcube: IMAP Error: Login failed for frank@domainxxxx.com from 99.7.136.83. AUTHENTICATE PLAIN: Authentication fail$
May 10 02:04:58 berlin roundcube: IMAP Error: Login failed for olga@domainxxxx.com from 99.7.136.83. AUTHENTICATE PLAIN: Authentication faile$
May 10 02:06:49 berlin roundcube: IMAP Error: Login failed for frank@domainxxxx.com from 99.7.136.83. AUTHENTICATE PLAIN: Authentication fail$
May 10 02:06:59 berlin roundcube: IMAP Error: Login failed for jello@domainxxxx.com from 99.7.136.83. AUTHENTICATE PLAIN: Authentication fail$
May 10 02:10:02 berlin postfix/pickup[1620]: ABCEA1FA07F: uid=33 from=<www-data>
May 10 02:10:02 berlin postfix/cleanup[2157]: ABCEA1FA07F: message-id=<20120510091002.ABCEA1FA07F@berlin.domainxxxx.com>
May 10 02:10:02 berlin postfix/qmgr[1619]: ABCEA1FA07F: from=<www-data@berlin.domainxxxx.com>, size=2134, nrcpt=1 (queue active)
May 10 02:10:02 berlin postfix/cleanup[2157]: DFEEA1FA07E: message-id=<20120510091002.ABCEA1FA07F@berlin.domainxxxx.com>
May 10 02:10:02 berlin postfix/local[2168]: ABCEA1FA07F: to=<root@berlin.domainxxxx.com>, relay=local, delay=0.4, delays=0.35/0.04/0/0.01, ds$
May 10 02:10:02 berlin postfix/qmgr[1619]: DFEEA1FA07E: from=<www-data@berlin.domainxxxx.com>, size=2282, nrcpt=1 (queue active)
May 10 02:10:02 berlin postfix/qmgr[1619]: ABCEA1FA07F: removed
May 10 02:10:03 berlin postfix/pipe[2170]: DFEEA1FA07E: to=<www@domainxxxx.com>, relay=dovecot, delay=0.52, delays=0/0.02/0/0.49, dsn=2.0.0, $
May 10 02:10:03 berlin postfix/qmgr[1619]: DFEEA1FA07E: removed
May 10 02:15:01 berlin roundcube: IMAP Error: Login failed for frank@domainxxxx.com from 99.7.136.83. AUTHENTICATE PLAIN: Authentication fail$
May 10 02:20:02 berlin postfix/pickup[1620]: 3F08C1FA07F: uid=33 from=<www-data>
May 10 02:20:02 berlin postfix/cleanup[2575]: 3F08C1FA07F: message-id=<20120510092002.3F08C1FA07F@berlin.domainxxxx.com>
May 10 02:20:02 berlin postfix/qmgr[1619]: 3F08C1FA07F: from=<www-data@berlin.domainxxxx.com>, size=2134, nrcpt=1 (queue active)
May 10 02:20:02 berlin postfix/cleanup[2575]: 4C6A51FA07E: message-id=<20120510092002.3F08C1FA07F@berlin.domainxxxx.com>
May 10 02:20:02 berlin postfix/qmgr[1619]: 4C6A51FA07E: from=<www-data@berlin.domainxxxx.com>, size=2282, nrcpt=1 (queue active)
May 10 02:20:02 berlin postfix/local[2582]: 3F08C1FA07F: to=<root@berlin.domainxxxx.com>, relay=local, delay=0.11, delays=0.09/0.01/0/0.01, d$
May 10 02:20:02 berlin postfix/qmgr[1619]: 3F08C1FA07F: removed
May 10 02:20:02 berlin postfix/pipe[2584]: 4C6A51FA07E: to=<www@domainxxxx.com>, relay=dovecot, delay=0.11, delays=0/0.01/0/0.1, dsn=2.0.0, s$
May 10 02:20:02 berlin postfix/qmgr[1619]: 4C6A51FA07E: removed




It seems like the instructions on the blog post do not work...
I am guessing that manually upgrading from 7.4 to 8.0 leaves some files missing.

I have added the following code to the iredutils.py file.
Do i need to upload anything else?



def getPlainMD5Password(p):
    p = str(p)
    try:
        from hashlib import md5
        return md5(p).hexdigest()
    except ImportError:
        import md5
        return md5.new(p).hexdigest()
        return p

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

A little bit of progress.
I updated: /usr/share/apache2/iredadmin/libs/iredutils.py

There is a typo on the instructions found on:
http://www.wynni.com/iredmail-sogo-mysq … ntication/
the def getSQLPassword(p) function needs to have a dash between PLAIN & MD5
Corrected code below:  (at last i assume it is)

def getSQLPassword(p):
    #if SQL_DEFAULT_PASSWD_SCHEME == 'MD5':
     if SQL_DEFAULT_PASSWD_SCHEME == 'PLAIN-MD5':
         #return getMD5Password(p)
         return getPlainMD5Password(p)
     else:
         # PLAIN text.
         return p



Now Both Roundcube / Outlook are working correctly.
What remains broken:
1. Cannot login to SOGO
2. Cannot login with any admin other than postmaster into the IRedMail admin site.

3

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

You can make it simpler with below process:

1: Install a Ubuntu 12.04 LTS.
2: Install iRedMail-0.8.0 on Ubuntu 12.04. There's no patch needed in the iRedAdmin (open source edition) shipped in iRedMail-0.8.0, what you need to do is just setting default password scheme to PLAIN-MD5 in libs/settings.py, then restart Apache service.

SQL_DEFAULT_PASSWD_SCHEME = 'PLAIN-MD5'

3: Update /etc/dovecot/dovecot-mysql.conf, set default_pass_scheme to 'PLAIN-MD5' (Reference):

default_pass_scheme = PLAIN-MD5

4: Create a new mail user with iRedAdmin, test Roundcube and SOGo with this newly created mail user.

Let me know whether it works for you or not.

4

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

Where is libs/settings.py?

I cannot re-install from scratch.  Have to keep our existing MYSQL and a few other scripts.
What i have been doing is going back to snapshots, over and over agian.
As for Sogo i have no idea what is going on.  Just know the tutorial you had does not work with either 7 or 8.

And as for the admin passwords, it must be somewhere in the code where it chooses the encryption.
Will upgrade to pro resolve this issue?

5

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

frankbasti wrote:

Where is libs/settings.py?

It exists in the iRedAdmin (open source edition) shipped in iRedMail-0.8.0.

frankbasti wrote:

And as for the admin passwords, it must be somewhere in the code where it chooses the encryption.

iRedMail hashes password in salted MD5 in MySQL backend by default, but as far as i know, SOGo requires PLAIN MD5. So you cannot use existing passwords in SOGo directly.

frankbasti wrote:

Will upgrade to pro resolve this issue?

No.

6

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

can i replace the whole IredAdmin (open source) when upgrading to 8.0?
what is the procedure for upgrading the admin

7

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

frankbasti wrote:

can i replace the whole IredAdmin (open source) when upgrading to 8.0?
what is the procedure for upgrading the admin

Sure. Just point the symbol link (/var/www/iredadmin) to the new version, but don't forget to set correct file owner (iredadmin:iredadmin) and permission (0700).
The permission of config file, settings.ini, should be 0400.

8

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

Zhang -
After much failures I finally decided to follow your original instructions of doing a fresh install.
1st. Install Ubuntu 12.04 LTS
2nd. Install IredMail 8.0
3rd. Follow the instructions on wynni.com/iredmail-sogo-mysql-authentication tutorial

I can officially confirm that the instructions do not work, and the user is not able to login.
Before you mentioned that it might be something SogoUsing Plain MD5 while you use MD5 Salt. 
Is there a way to make Iredmail use plain md5 also?

Frank

9

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

The tutorial is incorrect in many places but the author has been making fixes as i forward them to him.
I think its best that if anyone wants to write a tutorial they spend a few minutes to test it out first.

In anycase, in step5 SOGoUserSources of the tutorial the sogod command needs to use md5 instead of sha.
sha will not work!!!

defaults write sogod SOGoUserSources '({canAuthenticate = YES; displayName = "SOGo Users"; id = users; isAddressBook = YES; type = sql; userPasswordAlgorithm = md5; .. .. . . . .. . . .  (put the rest of his code here to match your password).

After evaluating sogo, I can truly say its a garbage alternative to outlook.
Both Group-Office / Tine2 have done a way better job with carddav, caldav, and even activesync!!!

10

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

frankbasti wrote:

After evaluating sogo, I can truly say its a garbage alternative to outlook.

Sorry to hear that. sad

frankbasti wrote:

Both Group-Office / Tine2 have done a way better job with carddav, caldav, and even activesync!!!

Thanks for sharing. smile

11

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

check now the now tutorial ....
http://www.wynni.com/

12

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

The tutorial is now correct. 
The errors mainly had to do with MD5 vs Crypt vs MD5 Salt.

I was able to get everything working including activesync with Sogo Sync.
Still, in my opinion, its a poor alternative to a MS Exchange.
But its free, so its worth giving it a shot.

13

Re: 8.0 Upgrade SOGO Instructions Fail with Manual Upgrade of iRedMail

Can you share you instructions for activesync whit sogosync?
thanks

wynni