A Few Dovecot Issues - PAM Connect...


I’m new to virtualmin/webmin and I just migrated a cpanel server over. I got everything working properly except until I tried to setup thunderbird with imap accounts and I have been trying to fix this for hours.

No matter the config, I could not get a connection. I am able to telnet to dovecot and login that way with no problem. I enabled all the dovecot logging info and here is what I get when trying to connect via thunderbird

dovecot log:
2012-08-06 23:56:38 auth-worker(default): Info: pam(webmaster,-MY.IP-): lookup service=dovecot
2012-08-06 23:56:38 auth-worker(default): Info: pam(webmaster,-MY.IP-): #1/1 style=1 msg=Password:
2012-08-06 23:56:39 auth-worker(default): Info: pam(webmaster,-MY.IP-): pam_authenticate() failed: Authentication failure (password mismatch?) (given password: -MY Entered Password-)
2012-08-06 23:56:41 auth(default): Info: client out: FAIL 2 user=webmaster
2012-08-06 23:56:51 imap-login: Info: Disconnected (auth failed, 2 attempts): user=webmaster@WEBSITE.COM, method=PLAIN, rip=-MY.IP-, lip=, TLS

The auth log:
Aug 7 00:00:39 web dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown
Aug 7 00:00:39 web dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=webmaster@WEBSITE.COM rhost=-MY.IP-

I noticed the first line of the auth log says “user unknown”. I am not sure what that is about epically since the second line of ruser has the username

I also noticed that if I telnet in and login, there is no record in the logs.

The next problem is that if I change the password for the user via virtualmin, it is not being updated - at least not for email accounts. How I found out about this is via telnet login. I had to use the old password.

Any suggestions would be greatly appreciated!
Thank you.

I came up with a working solution but I would prefer a better one.

I changed the dovecot config to use the /etc/shadow file for verifying the password. The only problem with this is how the usernames must be entered. It must match exactly what is in the shadow file. which is something like webmaster.ACCOUNT-NAME. You can’t enter a email address.I am sure you can write a script to find the right shadow entry based on email address which I may end up doing if a better solution is not found.


By default, Virtualmin uses the username format of “user.domain”.

It’s possible to use the user@domain.tld format – you can set that in System Settings -> Server Templates -> Default -> Mail for Domain, and at the bottom you’ll see the option to change “Format for usernames that include domain”.

However, if your usernames are already in the user.domain format, there’s no way to change that format for existing users, you can only change it for new users.

If you can, my suggestion would be to change the setting in the Server Templates, and then re-import your cPanel backups.