1

Topic: Login succeeds, then subsequent login fails for same account

======== Required information ====
- iRedMail version: iRedMail-0.9.2
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache v2.2.15
- Linux/BSD distribution name and version: Red Hat Enterprise Linux Server release 6.6 (Santiago) (x86_64)
- Related log if you're reporting an issue: /var/log/dovecot.log
====

This was a new install a few days ago.  Everything is working as expected. The following 5 test accounts have been created and tested for send/receive.

mysql> select user_id, username, created from roundcubemail.users order by created;
+---------+-----------------------------------+---------------------+
| user_id | username                          | created             |
+---------+-----------------------------------+---------------------+
|       1 | postmaster@ma.securimate.com      | 2015-06-20 00:55:15 |
|       2 | subscriber@ma.securimate.com      | 2015-06-20 11:08:40 |
|       3 | somesubscriber@ma.securimate.com  | 2015-06-20 11:12:46 |
|       4 | with_underscore@ma.securimate.com | 2015-06-20 11:48:19 |
|       5 | with.dot@ma.securimate.com        | 2015-06-21 16:53:43 |
+---------+-----------------------------------+---------------------+
5 rows in set (0.00 sec)

mysql> select address, created, active from vmail.alias order by created;
+-----------------------------------+---------------------+--------+
| address                           | created             | active |
+-----------------------------------+---------------------+--------+
| postmaster@ma.securimate.com      | 2015-06-18 23:00:57 |      1 |
| subscriber@ma.securimate.com      | 2015-06-20 16:08:14 |      1 |
| somesubscriber@ma.securimate.com  | 2015-06-20 16:12:16 |      1 |
| with_underscore@ma.securimate.com | 2015-06-20 16:34:25 |      1 |
| with.dot@ma.securimate.com        | 2015-06-21 21:51:00 |      1 |
+-----------------------------------+---------------------+--------+
5 rows in set (0.00 sec)

They all work, however, sometimes after a successful login, subsequent attempts to login fail unexpectedly and repeatedly.  Changing the password does not help.  Clearing the session cookie and reloading the page does not help.  It simply won't log into the same account that was previously authenticated.

Entries like this appear in /var/log/dovecot.log

Jun 22 03:40:21 auth-worker(18673): Info: mysql(127.0.0.1): Connected to database vmail
Jun 22 03:40:23 imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<suscriber@ma.securimate.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=</E6DCBMZXQB/AAAB>
Jun 22 03:45:16 auth-worker(18736): Info: mysql(127.0.0.1): Connected to database vmail
Jun 22 03:45:18 imap-login: Info: Disconnected (auth failed, 1 attempts in 2 secs): user=<suscriber@ma.securimate.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured, session=<qR8XGhMZbwB/AAAB>

I've added my IP to fail2ban to keep from getting banned from the site.

I know beyond doubt that the "Login failed." message are occurring with the correct account credentials.

It happened yesterday, then they all started working again today.  Now 2 of the 5 accounts are resulting in "Login failed." for no apparent reason.

Any ideas?

Thanks in advance for any helpful feedback you may provide.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Login succeeds, then subsequent login fails for same account

Try to restart iptables and fail2ban services, make sure your client ip addresses are not blocked. Or even disable them temporarily for several days for testing.

Try to login with other mail client applications instead of SOGo, to locate whether or not it's a SOGo issue.

3

Re: Login succeeds, then subsequent login fails for same account

Thank you for your quick reply.  BTW, our company will purchase pro this week if I can demonstrate this is a suitable setup for our purpose.  SPF and DKIM are both confirmed working.  It's our intention to use these mail server accounts for originating notices from our clients to their 3rd party clients in hopes of increasing our successful delivery ration and to promote a more transparent connection between our company (Seucrimate, Inc) and our customers to their 3rd parties.

I checked iptables with:  iptables -L INPUT -v -n
and found no blocked IP addresses, but I restarted iptables and fail2ban anyway.

Also, my IP, along with that of our development and production server (which will originate the application notices) are also excluded in fail2ban's jail.conf.

Here's the exclusion for my IP in jail.conf

[root@703672-ma ~]
# grep '72.48.240.102' /etc/fail2ban/jail.conf
ignoreip = 127.0.0.1/8 72.48.240.102 166.78.74.186 174.143.166.66

I'll go set up some tests with smtp authentication for the 5 test accounts and report the results shortly.

4

Re: Login succeeds, then subsequent login fails for same account

The SMTP tests were unsuccessful.  Here's the dialog with one of the accounts.

user: somesubscriber@ma.securimate.com, pass: XXXXXXXXXXX
2015-06-22 08:20:59    SERVER -> CLIENT: 220 dev.securimate.com ESMTP Postfix
2015-06-22 08:20:59    CLIENT -> SERVER: EHLO ma.securimate.com
2015-06-22 08:20:59    SERVER -> CLIENT: 250-dev.securimate.com
                                         250-PIPELINING
                                         250-SIZE 10240000
                                         250-VRFY
                                         250-ETRN
                                         250-STARTTLS
                                         250-AUTH LOGIN PLAIN
                                         250-ENHANCEDSTATUSCODES
                                         250-8BITMIME
                                         250 DSN
2015-06-22 08:20:59    CLIENT -> SERVER: STARTTLS
2015-06-22 08:20:59    SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2015-06-22 08:20:59    CLIENT -> SERVER: EHLO ma.securimate.com
2015-06-22 08:20:59    SERVER -> CLIENT: 250-dev.securimate.com
                                         250-PIPELINING
                                         250-SIZE 10240000
                                         250-VRFY
                                         250-ETRN
                                         250-AUTH LOGIN PLAIN
                                         250-ENHANCEDSTATUSCODES
                                         250-8BITMIME
                                         250 DSN
2015-06-22 08:20:59    CLIENT -> SERVER: AUTH LOGIN
2015-06-22 08:20:59    SERVER -> CLIENT: 334 VXNlcm5hbWU6
2015-06-22 08:20:59    CLIENT -> SERVER: c29tZXN1YnNjcmliZXJAbWEuc2VjdXJpbWF0ZS5jb20=
2015-06-22 08:20:59    SERVER -> CLIENT: 334 UGFzc3dvcmQ6
2015-06-22 08:20:59    CLIENT -> SERVER: (verified base64 password)
2015-06-22 08:21:00    SERVER -> CLIENT: 535 5.7.8 Error: authentication failed: authentication failure
2015-06-22 08:21:00    SMTP ERROR: Password command failed: 535 5.7.8 Error: authentication failed: authentication failure
2015-06-22 08:21:00    CLIENT -> SERVER: QUIT
2015-06-22 08:21:00    SERVER -> CLIENT: 221 2.0.0 Bye
2015-06-22 08:21:00    SMTP connect() failed.

The TLS connection appears to succeed and the hand-off of Username and Password is successful.  It's the actual authentication process that either isn't triggered or fails in some other way.

5

Re: Login succeeds, then subsequent login fails for same account

Could you please turn on debug mode in Dovecot, then test with IMAP client?
Reference: http://www.iredmail.org/docs/debug.dovecot.html

Looks like there's something wrong in user account stored in SQL database (vmail.mailbox or vmail.alias), i need Dovecot debug log for troubleshooting.