Unsupported authentication mechanism

[dainbramage]

After upgrading to Ubuntu 22.04 and Roundcube 1.6.1 I am not able to login

Code: [Select]

● php8.1-fpm.service - The PHP 8.1 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.1-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-02-06 09:26:45 NZDT; 8h ago
       Docs: man:php-fpm8.1(8)
   Main PID: 1053323 (php-fpm8.1)
     Status: "Processes active: 0, idle: 2, Requests: 6, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 28584)
     Memory: 19.1M
        CPU: 1.681s
     CGroup: /system.slice/php8.1-fpm.service
             ├─1053323 "php-fpm: master process (/etc/php/8.1/fpm/php-fpm.conf)" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─1053337 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             └─1053339 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

Feb 06 09:26:45 mail.odysseytours.nz systemd[1]: Starting The PHP 8.1 FastCGI Process Manager...
Feb 06 09:26:45 mail.odysseytours.nz systemd[1]: Started The PHP 8.1 FastCGI Process Manager.
Feb 06 09:27:23 mail.odysseytours.nz roundcube[1053337]: <ihqm485t> IMAP Error: Login failed for info@shesheds.co.nz against 127.0.0.1 from 192.168.1.1. Unsupported authentication mechanism. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
Feb 06 09:27:27 mail.odysseytours.nz roundcube[1053339]: <ihqm485t> IMAP Error: Login failed for info@shesheds.co.nz against 127.0.0.1 from 192.168.1.1. Unsupported authentication mechanism. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
Feb 06 09:27:33 mail.odysseytours.nz roundcube[1053337]: <ihqm485t> IMAP Error: Login failed for info@shesheds.co.nz against 127.0.0.1 from 192.168.1.1. Unsupported authentication mechanism. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
Feb 06 18:19:53 mail.odysseytours.nz roundcube[1053337]: <ihqm485t> IMAP Error: Login failed for postmaster@odysseytours.nz against 127.0.0.1 from 192.168.1.1. Unsupported authentication mechanism. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
Feb 06 18:19:58 mail.odysseytours.nz roundcube[1053339]: <ihqm485t> IMAP Error: Login failed for postmaster@odysseytours.nz against 127.0.0.1 from 192.168.1.1. Unsupported authentication mechanism. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
~

Does anyone know how to solve this?

Thank you.

[Dmitry42]

Im not sure, but i think you must check your RC config. May be it was upgraded not clearly.

There was some changes like imap_host and etc.

Compare your config main option with 1.6.1 config.inc.default

P.S.
At the end you can try upgrade by rewriting old files by new files. I recommend stop web-server when you upgrade your RC and start it again after.

[dainbramage]

Code: [Select]

NOTICE: New .htaccess file saved as .htaccess.new.
NOTICE: The 'installer' directory still exists. You should remove it after the upgrade.

Running update script at target...
WARNING: Replaced config options:
(These config options have been replaced or renamed)
- 'default_host' was replaced by 'imap_host'
- 'smtp_server' was replaced by 'smtp_host'
Do you want me to fix your local configuration? (y/N)
y
. backing up the current config file(s)...
. writing /opt/www/roundcubemail-1.4.7/config/config.inc.php...
Done.
Your configuration files are now up-to-date!
Executing database schema update.
Updating database schema (2021081000)... [OK]
Updating database schema (2021100300)... [OK]
Updating database schema (2022081200)... [OK]
-----------------------------------------------------------------------------
ATTENTION: Update dependencies by running `php composer.phar update --no-dev`
-----------------------------------------------------------------------------
This instance of Roundcube is up-to-date.
Have fun!
All done.
mike@mail:~/Downloads/roundcubemail-1.6.1$ sudo php composer.phar update --no-dev
Could not open input file: composer.phar

It looks like imap_host and smtp_host got updated correctly.

I tried using the original config before upgrade, no change.

Do you know why it is not able to open the input file composer.phar?

[Dmitry42]

All your service work after OS update ? Dovecot work ? SMTP work ? Can you use it from another mail program ?

If its work with another, then need check RC
Can you upload here your RC config ? Or check RC config for SSL/TLS and port prefix for "host"
RC config check:
// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
//$rcmail_config['imap_auth_type'] = null;

Dovecot check:
config 10-auth.conf

[dainbramage]

Thank you for your reply. Here is RC config:

<?php

/* Local configuration for Roundcube Webmail */

// ----------------------------------
// IMAP
// ----------------------------------
// The IMAP host (and optionally port number) chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// Enter hostname with prefix ssl:// to use Implicit TLS, or use
// prefix tls:// to use STARTTLS.
// If port number is omitted it will be set to 993 (for ssl://) or 143 otherwise.
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %s - domain name after the '@' from e-mail address provided at login screen
// For example %n = mail.domain.tld, %t = domain.tld
// WARNING: After hostname change update of mail_host column in users table is
//          required to match old user data records with the new host.
$config['imap_host'] = '127.0.0.1:143';

// ----------------------------------
// SMTP
// ----------------------------------
// SMTP server host (and optional port number) for sending mails.
// Enter hostname with prefix ssl:// to use Implicit TLS, or use
// prefix tls:// to use STARTTLS.
// If port number is omitted it will be set to 465 (for ssl://) or 587 otherwise.
// Supported replacement variables:
// %h - user's IMAP hostname
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
// %d - domain (http hostname $_SERVER['HTTP_HOST'] without the first part)
// %z - IMAP domain (IMAP hostname without the first part)
// For example %n = mail.domain.tld, %t = domain.tld
// To specify different SMTP servers for different IMAP hosts provide an array
// of IMAP host (no prefix or port) and SMTP server e.g. ['imap.example.com' => 'smtp.example.net']
$config['smtp_host'] = 'tls://127.0.0.1:587';

// ----------------------------------
// SQL DATABASE
// ----------------------------------
// Database connection string (DSN) for read+write operations
// Format (compatible with PEAR MDB2): db_provider://user:password@host/database
// Currently supported db_providers: mysql, pgsql, sqlite, mssql, sqlsrv, oracle
// For examples see http://pear.php.net/manual/en/package.database.mdb2.intro-dsn.php
// Note: for SQLite use absolute path (Linux): 'sqlite:////full/path/to/sqlite.db?mode=0646'
//       or (Windows): 'sqlite:///C:/full/path/to/sqlite.db'
// Note: Various drivers support various additional arguments for connection,
//       for Mysql: key, cipher, cert, capath, ca, verify_server_cert,
//       for Postgres: application_name, sslmode, sslcert, sslkey, sslrootcert, sslcrl, sslcompression, service.
//       e.g. 'mysql://roundcube:@localhost/roundcubemail?verify_server_cert=false'
$config['db_dsnw'] = 'mysqli://roundcube:i2KmqVFDcU2ell7xmE1ThoQr6RdWgw4E@127.0.0.1:3306/roundcubemail';

// LOGGING
$config['log_driver'] = 'syslog';

// Syslog facility to use, if using the 'syslog' log driver.
// For possible values see installer or http://php.net/manual/en/function.openlog.php
$config['syslog_facility'] = LOG_MAIL;

// IMAP authentication method (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null).
// Use 'IMAP' to authenticate with IMAP LOGIN command.
// By default the most secure method (from supported) will be selected.
$config['imap_auth_type'] = 'LOGIN';

// Required if you're running PHP 5.6 or later
$config['imap_conn_options'] = array (
  'ssl' =>
  array (
    'verify_peer' => false,
    'verify_peer_name' => false,
  ),
);

// If you know your imap's folder delimiter, you can specify it here.
// Otherwise it will be determined automatically
$config['imap_delimiter'] = '/';

// SMTP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or empty to use
// best server supported one)
$config['smtp_auth_type'] = 'LOGIN';

// Required if you're running PHP 5.6 or later
$config['smtp_conn_options'] = array (
  'ssl' =>
  array (
    'verify_peer' => false,
    'verify_peer_name' => false,
  ),
);

// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';

// SYSTEM
$config['force_https'] = true;

// Allow browser-autocompletion on login form.
// 0 - disabled, 1 - username and host only, 2 - username, host, password
$config['login_autocomplete'] = 2;

// check client IP in session authorization
$config['ip_check'] = true;

// This key is used for encrypting purposes, like storing of imap password
// in the session. For historical reasons it's called DES_key, but it's used
// with any configured cipher_method (see below).
// For the default cipher_method a required key length is 24 characters.
$config['des_key'] = 'pQgx6mibDdDdEiygXmyNQFsP';

// Encryption algorithm. You can use any method supported by OpenSSL.
// Default is set for backward compatibility to DES-EDE3-CBC,
// but you can choose e.g. AES-256-CBC which we consider a better choice.
$config['cipher_method'] = 'AES-256-CBC';

// Message size limit. Note that SMTP server(s) may use a different value.
// This limit is verified when user attaches files to a composed message.
// Size in bytes (possible unit suffix: K, M, G)
$config['max_message_size'] = '15M';

// Add this user-agent to message headers when sending. Default: not set.
$config['useragent'] = 'Roundcube Webmail';

// Use user's identity as envelope sender for 'return receipt' responses,
// otherwise it will be rejected by iRedAPD plugin `reject_null_sender`.
$config['mdn_use_from'] = true;

// Hide version number
//$config['username_domain'] = 'odysseytours.nz';
$config['mime_types'] = '/etc/mime.types';

// three columns
//$config['skip_deleted'] = true;
// PLUGINS
$config['plugins'] = ['managesieve', 'password'];

// USER INTERFACE
$config['create_default_folders'] = true;

// if in your system 0 quota means no limit set this option to true
$config['quota_zero_as_unlimited'] = true;

// Set the spell checking engine. Possible values:
// - 'googie'  - the default (also used for connecting to Nox Spell Server, see 'spellcheck_uri' setting)
// - 'pspell'  - requires the PHP Pspell module and aspell installed
// - 'enchant' - requires the PHP Enchant module
// - 'atd'     - install your own After the Deadline server or check with the people at http://www.afterthedeadline.com before using their API
// Since Google shut down their public spell checking service, the default settings
// connect to http://spell.roundcube.net which is a hosted service provided by Roundcube.
// You can connect to any other googie-compliant service by setting 'spellcheck_uri' accordingly.
$config['spellcheck_engine'] = 'pspell';

// USER PREFERENCES
$config['default_charset'] = 'UTF-8';

//$config['addressbook_sort_col'] = 'name';
$config['draft_autosave'] = 60;

// If true all folders will be checked for recent messages
$config['check_all_folders'] = true;

// Default messages listing mode. One of 'threads' or 'list'.
$config['default_list_mode'] = 'threads';

// 0 - Do not expand threads
// 1 - Expand all threads automatically
// 2 - Expand only threads with unread messages
$config['autoexpand_threads'] = 2;

// Default font size for composed HTML message.
// Supported sizes: 8pt, 10pt, 12pt, 14pt, 18pt, 24pt, 36pt
$config['default_font_size'] = '12pt';

// Enables display of email address with name instead of a name (and address in title)
$config['message_show_email'] = true;

mysql is producing errors:

Code: [Select]

root@mail:~# tail /var/log/mysql/error.log
2023-02-11  8:01:01 465 [Warning] Aborted connection 465 to db: 'iredadmin' user: 'iredadmin' host: 'localhost' (Got an error reading communication packets)
2023-02-11  8:02:14 474 [Warning] Aborted connection 474 to db: 'iredapd' user: 'iredapd' host: 'localhost' (Got an error reading communication packets)
2023-02-11  9:01:01 580 [Warning] Aborted connection 580 to db: 'vmail' user: 'vmailadmin' host: 'localhost' (Got an error reading communication packets)
2023-02-11  9:01:01 579 [Warning] Aborted connection 579 to db: 'iredapd' user: 'iredapd' host: 'localhost' (Got an error reading communication packets)
2023-02-11  9:01:01 578 [Warning] Aborted connection 578 to db: 'iredadmin' user: 'iredadmin' host: 'localhost' (Got an error reading communication packets)
2023-02-11  9:02:56 588 [Warning] Aborted connection 588 to db: 'iredapd' user: 'iredapd' host: 'localhost' (Got an error reading communication packets)
2023-02-11 10:01:01 704 [Warning] Aborted connection 704 to db: 'iredapd' user: 'iredapd' host: 'localhost' (Got an error reading communication packets)
2023-02-11 10:01:01 706 [Warning] Aborted connection 706 to db: 'vmail' user: 'vmailadmin' host: 'localhost' (Got an error reading communication packets)
2023-02-11 10:01:01 705 [Warning] Aborted connection 705 to db: 'iredadmin' user: 'iredadmin' host: 'localhost' (Got an error reading communication packets)
2023-02-11 10:02:18 708 [Warning] Aborted connection 708 to db: 'iredapd' user: 'iredapd' host: 'localhost' (Got an error reading communication packets)

This is what is in /var/log/mail.log

Code: [Select]

Feb 11 10:56:15 mail postfix/pipe[1884126]: 4PCR0X6KSMz6ls: to=<postmaster@odysseytours.nz>, orig_to=<root@mail.odysseytours.nz>, relay=dovecot, delay=97202, delays=97202/0.02/0/0.05, dsn=4.3.0, status=deferred (temporary failure)
Feb 11 10:56:15 mail dovecot: auth-worker(1884137): Error: conn unix:auth-worker (pid=1884125,uid=130): auth-worker<1>: passwd(postmaster@odysseytours.nz): getpwnam() failed: Address family not supported by protocol
Feb 11 10:56:15 mail dovecot: lda(postmaster@odysseytours.nz)<1884127><>: Error: auth-master: userdb lookup(postmaster@odysseytours.nz): Auth USER lookup failed
Feb 11 10:56:15 mail dovecot: lda(postmaster@odysseytours.nz)<1884127><>: Debug: auth-master: userdb lookup(postmaster@odysseytours.nz): auth USER input:
Feb 11 10:56:15 mail dovecot: lda(postmaster@odysseytours.nz)<1884127><>: Debug: auth-master: userdb lookup(postmaster@odysseytours.nz): Userdb lookup failed
Feb 11 10:56:15 mail dovecot: lda(1884127): Fatal: Internal error occurred. Refer to server log for more information.
Feb 11 10:56:15 mail postfix/pipe[1884123]: 4PBjqd4nspz5M8: to=<postmaster@odysseytours.nz>, orig_to=<root@mail.odysseytours.nz>, relay=dovecot, delay=197714, delays=197714/0.02/0/0.06, dsn=4.3.0, status=deferred (temporary failure)
The address family not supported by protocol error I find really puzzling as a I have

Code: [Select]

listen = *
set in /etc/dovecot/dovecot.conf

Code: [Select]

root@mail:~# doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 5.15.0-58-generic x86_64 Ubuntu 22.04.1 LTS
# Hostname: mail.odysseytours.nz
listen = *
mail_debug = yes
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = " imap lmtp sieve pop3"
service stats {
  unix_listener stats-reader {
    group = vmail
    mode = 0660
    user = vmail
  }
  unix_listener stats-writer {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl_cert = </etc/dovecot/private/dovecot.pem
ssl_cipher_list = EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
userdb {
  driver = passwd
}

Here is /etc/dovecot/conf.d/10-auth.conf

Code: [Select]

##
## Authentication processes
##

# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
#disable_plaintext_auth = yes

# Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
# bsdauth and PAM require cache_key to be set for caching to be used.
#auth_cache_size = 0
# Time to live for cached data. After TTL expires the cached record is no
# longer used, *except* if the main database lookup returns internal failure.
# We also try to handle password changes automatically: If user's previous
# authentication was successful, but this one wasn't, the cache isn't used.
# For now this works only with plaintext authentication.
#auth_cache_ttl = 1 hour
# TTL for negative hits (user not found, password mismatch).
# 0 disables caching them completely.
#auth_cache_negative_ttl = 1 hour

# Space separated list of realms for SASL authentication mechanisms that need
# them. You can leave it empty if you don't want to support multiple realms.
# Many clients simply use the first one listed here, so keep the default realm
# first.
#auth_realms =

# Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm =

# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

# Username character translations before it's looked up from databases. The
# value contains series of from -> to characters. For example "#@/@" means
# that '#' and '/' characters are translated to '@'.
#auth_username_translation =

# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
#auth_username_format = %Lu

# If you want to allow master users to log in by specifying the master
# username within the normal username string (ie. not using SASL mechanism's
# support for it), you can specify the separator character here. The format
# is then <username><separator><master username>. UW-IMAP uses "*" as the
# separator, so that could be a good choice.
#auth_master_user_separator =

# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous

# Maximum number of dovecot-auth worker processes. They're used to execute
# blocking passdb and userdb queries (eg. MySQL and PAM). They're
# automatically created and destroyed as needed.
#auth_worker_max_count = 30

# Host name to use in GSSAPI principal names. The default is to use the
# name returned by gethostname(). Use "$ALL" (with quotes) to allow all keytab
# entries.
#auth_gssapi_hostname =

# Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file.
#auth_krb5_keytab =

# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
#auth_use_winbind = no

# Path for Samba's ntlm_auth helper binary.
#auth_winbind_helper_path = /usr/bin/ntlm_auth

# Time to delay before replying to failed authentications.
#auth_failure_delay = 2 secs

# Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no

# Take the username from client's SSL certificate, using
# X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName.
#auth_ssl_username_from_cert = no

# Space separated list of wanted authentication mechanisms:
#   plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
#   gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain

##
## Password and user databases
##

#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>

#!include auth-deny.conf.ext
#!include auth-master.conf.ext

!include auth-system.conf.ext
#!include auth-sql.conf.ext
#!include auth-ldap.conf.ext
#!include auth-passwdfile.conf.ext
#!include auth-checkpassword.conf.ext
#!include auth-static.conf.ext

Any help with this would be much appreciated.

[Dmitry42]

In RC you have
$config['smtp_auth_type'] = 'LOGIN';

In Dovecot 10-auth you have
auth_mechanisms = plain

Auth type  mismatch!

Comment/remove $config['smtp_auth_type'] = 'LOGIN' in/from RC-config file. Then RC will use server auth type.

P.S.

In my server i use "auth_mechanisms = plain login" in 10-auth.conf and remove "$config['smtp_auth_type'] =" from RC config.

[Dmitry42]

I think mail.log errors go away after you change your config like I wrote, but if they stay - write here and we will think again )

[dainbramage]

I am getting a different error message now.

Code: [Select]

● php8.1-fpm.service - The PHP 8.1 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.1-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2023-02-11 19:53:32 NZDT; 24h ago
       Docs: man:php-fpm8.1(8)
   Main PID: 4508 (php-fpm8.1)
     Status: "Processes active: 0, idle: 2, Requests: 16, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 28584)
     Memory: 25.3M
        CPU: 4.268s
     CGroup: /system.slice/php8.1-fpm.service
             ├─4508 "php-fpm: master process (/etc/php/8.1/fpm/php-fpm.conf)" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─4670 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             └─4671 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""

Feb 11 21:21:29 mail.odysseytours.nz roundcube[4671]: <e18he7p0> IMAP Error: Login failed for postmaster@odysseytours.nz against 127.0.0.1 from 127.0.0.1. AUTHENTICATE PLAIN: Authentication failed. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
Feb 11 21:21:43 mail.odysseytours.nz roundcube[4670]: <e18he7p0> IMAP Error: Login failed for postmaster@odysseytours.nz against 127.0.0.1 from 127.0.0.1. AUTHENTICATE PLAIN: Authentication failed. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
Feb 11 21:27:21 mail.odysseytours.nz roundcube[4671]: <e18he7p0> IMAP Error: Login failed for postmaster@odysseytours.nz against 127.0.0.1 from 127.0.0.1. AUTHENTICATE PLAIN: Authentication failed. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)
Feb 11 21:27:34 mail.odysseytours.nz roundcube[4670]: <e18he7p0> IMAP Error: Login failed for postmaster@odysseytours.nz against 127.0.0.1 from 127.0.0.1. AUTHENTICATE PLAIN: Authentication failed. in /opt/www/roundcubemail-1.4.7/program/lib/Roundcube/rcube_imap.php on line 211 (POST /mail/?_task=login&_action=login)

Does you know what this reference to "auth-master" is? There is a file in /etc/docecot/conf.d named "auth-master.conf.ext", is it anything to do with that?

Code: [Select]

Feb 15 20:58:46 mail.odysseytours.nz dovecot[2543271]: auth: Error: passwd(postmaster@odysseytours.nz): getpwnam() failed: Address family not supported by protocol
Feb 15 20:58:46 mail.odysseytours.nz dovecot[1142569]: lda(postmaster@odysseytours.nz)<1142569><>: Error: auth-master: userdb lookup(postmaster@odysseytours.nz): Auth USER lookup failed
Feb 15 20:58:46 mail.odysseytours.nz dovecot[1142569]: lda(postmaster@odysseytours.nz)<1142569><>: Debug: auth-master: userdb lookup(postmaster@odysseytours.nz): auth USER input:
Feb 15 20:58:46 mail.odysseytours.nz dovecot[1142569]: lda(postmaster@odysseytours.nz)<1142569><>: Debug: auth-master: userdb lookup(postmaster@odysseytours.nz): Userdb lookup failed
Feb 15 20:58:46 mail.odysseytours.nz dovecot[1142569]: lda(1142569): Fatal: Internal error occurred. Refer to server log for more information.

[Dmitry42]

As I can understand you use OS authentication (in your config /etc/dovecot/conf.d/10-auth.conf at the end we can see string !include auth-system.conf.ext) - here must be Auth settings for users from OS.

But I think somewhere you Include auth-master.conf.ext in configuration, or somewhere in config you use
passdb {
....
master = yes
......
}

auth-master.conf.ext used for setup master-user auth - its like superuser/admin user who can login in to users mailbox with admin credential.

# By adding master=yes setting inside a passdb you make the passdb a list
# of "master users", who can log in as anyone else.
# <doc/wiki/Authentication.MasterUsers.txt>