1 Topic by 00

  • 00
  • Member
  • Offline
  • Registered: 2016-10-27
  • Posts: 9

Topic: locked out of iredmail

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====Hello,

I've installed latest version of irm on centos 7 using mariadb/mysql. Web server is apache, managing irm accounts with iredadmin, not the pro version, and installed irm everal times and each time for some reason get either locked out, The IP address is unreachable. This usually means that there is no route to the specified host or network error. I initially was able to login to my account and after a few hours, I get these error messages or it appears I get locked out? I don't know for sure what caused it. Is there an error log or config file somewhere where I can find out?

Thanks!

00




==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by phyt

  • phyt
  • Member
  • Offline
  • Registered: 2016-05-11
  • Posts: 10

Re: locked out of iredmail

Check your fail2ban logging see if your ip adress is in there.

Log file: Fail2ban logs to default syslog log file.
on RHEL/CentOS/OpenBSD/FreeBSD, it's /var/log/messages.
on Debian/Ubuntu, it's /var/log/syslog.

3 Reply by 00 (edited by 00 2016-10-27 06:13:19)

  • 00
  • Member
  • Offline
  • Registered: 2016-10-27
  • Posts: 9

Re: locked out of iredmail

I didn't install fail2ban in this particular installation. Checked/searched the /var/log/messages, didn't see my ip.

Thanks!

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: locked out of iredmail

Is your IP blocked in iptables? Check output:

iptables -L -n

Without fail2ban, iRedMail doesn't configure other software to block bad client automatically. You may need to check non-iRedMail components - maybe your network firewall/router, etc.

5 Reply by 00 (edited by 00 2016-10-27 12:10:50)

  • 00
  • Member
  • Offline
  • Registered: 2016-10-27
  • Posts: 9

Re: locked out of iredmail

IP wasn't blocked in iptables.

Reinstalled everything including fail2ban. This time though, I deleted root mariadb/mysql password and left it blank because irm was giving error that it could not access root@localhost. Chose to use my iptables I set up and chose to select irm mysql configuration. Went to the addresses given and was able to get into sogo irm admin and mail login. 

The only remaining issue is login for awstats does not allow me in with my issued user name postmaster and password.

https://myhostname.com/awstats/awstats.pl?config=web

One last thing too, I just realized I'll need to put a root password back for mariadb/mysql. Will this interfere with irm's operations?


Thanks!

00

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: locked out of iredmail

00 wrote:

The only remaining issue is login for awstats does not allow me in with my issued user name postmaster and password.

Your Apache doesn't support SSHA512 password, so you have to reset your password to MD5.

00 wrote:

One last thing too, I just realized I'll need to put a root password back for mariadb/mysql. Will this interfere with irm's operations?

iRedMail has a backup script (/var/vmail/backup/backup_mysql.sh) which requires MySQL root password, if you changed it, please also update this file.

7 Reply by 00

  • 00
  • Member
  • Offline
  • Registered: 2016-10-27
  • Posts: 9

Re: locked out of iredmail

hello,

Thanks! Changed to password to my new one.

I do recall editing an apache file in a few other previous installations to change from SSHA512 to md5 but don't remember what the file was. I looked at the /etc/httpd/conf/httpd.conf but didn't see anything to edit in there.

I'll keep looking and report back when I find it.

Thanks again

8 Reply by 00 (edited by 00 2016-10-28 20:42:42)

  • 00
  • Member
  • Offline
  • Registered: 2016-10-27
  • Posts: 9

Re: locked out of iredmail

I did find this on  iRedMail password hashes supported:

http://www.iredmail.org/docs/password.hashes.html

"WARNING: MD5, PLAIN-MD5 and plain password are weak, please don't use them."

so... could you please clarify what you mean about resetting your password to MD5 since apache doesn't support SSHA512?

Thanks.

00

9 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,768

Re: locked out of iredmail

Apache doesn't support SSHA512, so user auth in Awstats doesn't works. You have two ways to solve it:

*) If you really want to authenticate users against SQL db in Awstats, you have to reset your password to a password hash supported by Apache. MD5 is one of the supported hashes.
*) You can switch to basic http auth based on file (no SQL db required), create separated user/passwords and store in the file.

10 Reply by 00

  • 00
  • Member
  • Offline
  • Registered: 2016-10-27
  • Posts: 9

Re: locked out of iredmail

Thanks for explaning that. I appreciate your time.

00