Virtualmin, Dovecot, POP3 - can't get them to work

Help! (Home for newbies)
1

| SYSTEM INFORMATION||
| OS type and version | Debian 12 |
| Virtualmin version | 7.50.0 GPL |

Folks, I am not even sure if the problem is with Virtualmin, I am completely new to it (I used cPanel for the last few years, but my experience is limited even there) - but I have to start asking questions somewhere :wink:

Debian image freshly installed by my hosting company, Virtualmin freshly installed using standard script. I added a virtual server, configured DNS (hosted by my hosting company), added certificates from Let’s Encrypt, copied my php based website to the public_html directory - 100% succes, site up and running, everything worked as expected.

Then I added an email user and tried to use dovecot/POP3 to check for mails - and the default configuration doesn’t seem to work. My email client (The Bat!) connects, but authentication fails. I did some digging and it looks like the problem can be between dovecot and pam - logs suggest that when testing dovecot locally (sudo doveadm auth test) pam receives username@domain.ext as a username (and finds the password in the shadow file, where it was put by Virtualmin), but when invoked through POP3 it receives just username (with no domain) and fails to find the user, so it has no password to compare to (log shows password was correctly passed to dovecot/pam).

I guess my question is: should it work automagically? Did I miss some configuration step related to the user database in a format pam can read? Should I dig into dovecot configuration to make it pass data to pam in a correct way, or is there something I should modify on the Virtualmin?

Thanks in advance for any hints.

2

It should work out of the box. I’ve rarely used Debian but it shouldn’t matter.

Have you tried username without the domain name (the short name)

image
image1742×626 63.8 KB

Post the error in the log, hard for anyone to help without them.

3

It should work right out of the box, if you use the username exactly as shown in the Username field on the Edit Users page for your domain. If you’re using the default username format of user@domain.tld, you should configure your mail client with a username of literally user@domain.tld (not just user, with the expectation that someone somewhere will add the domain name you’re connecting to).

4

I could be doing something wrong, but I don’t see how to make the short name, I am selecting the virtual server I created and when I click “add email user” (or any other user as far as I can tell) Virtualmin adds the domain on its own (and username@my.domain is what lands in both users and shadow files).

image
image436×223 14.8 KB

But I don’t think short names would work in general, as of now I have one virtual server, but I want to host 4 domains and assign emails to them separately, so some mechanism of differentiating between feedback@firstdomain and feedback@seconddomain will be necessary

parts of the log that I think are important:

when I try to fetch mails using my email client:

Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth: Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth: Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth: Debug: auth client connected (pid=744554)
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: pop3-login: Debug: SSL: where=0x10, ret=1: before SSL initialization
(
just some SSL messages
)
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: pop3-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth: Debug: client in: AUTH 1 PLAIN service=pop3 secured=tls session=1EbSvpRDix9Q7mQn lip=167.114.115.4 rip=my.ip.xxx.xxx lport=995 rport=8075 local_name=mail.my.domain resp=>
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth: Debug: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): Performing passdb lookup
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): Server accepted connection (fd=13)
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): Sending version handshake
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<1>: Handling PASSV request
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<1>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): Performing passdb lookup
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<1>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): lookup service=dovecot
Nov 14 21:33:15 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<1>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): #1/1 style=1 msg=Password:
Nov 14 21:33:15 vps.domain.name.ext auth[744559]: pam_unix(dovecot:auth): check pass; user unknown
Nov 14 21:33:15 vps.domain.name.ext auth[744559]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=username rhost=my.ip.xxx.xxx
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth-worker(744559): conn unix:auth-worker (pid=744555,uid=109): auth-worker<1>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): pam_authenticate() failed: Authentication failure (Password mismatch?) (given password: mypassword)
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth: Debug: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): Finished passdb lookup
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth: Debug: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): Performing passdb lookup
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<1>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): Finished passdb lookup
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<1>: Finished: password_mismatch
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<2>: Handling PASSV request
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<2>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): Performing passdb lookup
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<2>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): lookup service=dovecot
Nov 14 21:33:18 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<2>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): #1/1 style=1 msg=Password:
Nov 14 21:33:18 vps.domain.name.ext auth[744559]: pam_unix(dovecot:auth): check pass; user unknown
Nov 14 21:33:18 vps.domain.name.ext auth[744559]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=username rhost=my.ip.xxx.xxx
Nov 14 21:33:19 vps.domain.name.ext dovecot[604424]: auth-worker(744559): conn unix:auth-worker (pid=744555,uid=109): auth-worker<2>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): pam_authenticate() failed: Authentication failure (Password mismatch?) (given password: mypassword)
Nov 14 21:33:19 vps.domain.name.ext dovecot[604424]: auth-worker(744559): Debug: conn unix:auth-worker (pid=744555,uid=109): auth-worker<2>: pam(username,my.ip.xxx.xxx,<1EbSvpRDix9Q7mQn>): Finished passdb lookup

testing if dovecot accepts me as a user:

sudo doveadm auth test username@my.domain mypassword
passdb: username@my.domain auth succeeded
extra fields:
user=username@my.domain

and the log reads

Nov 14 21:38:45 vps.domain.name.ext proftpd[746347]: pam_listfile(proftpd:auth): Refused user root for service proftpd
Nov 14 21:38:45 vps.domain.name.ext proftpd[746347]: pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd746347 ruser=root rhost=120.26.239.198 user=root
Nov 14 21:38:45 vps.domain.name.ext sudo[746389]: debian : TTY=pts/0 ; PWD=/home/debian ; USER=root ; COMMAND=/usr/bin/doveadm auth test username@my.domain mypassword
Nov 14 21:38:45 vps.domain.name.ext sudo[746389]: pam_unix(sudo:session): session opened for user root(uid=0) by debian(uid=1000)
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth: Debug: auth client connected (pid=0)
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth: Debug: client in: AUTH 1 PLAIN service=doveadm debug resp=Ym9yZWtAcmVmcmFjdG9tZXRlci5wbABib3Jla0ByZWZyYWN0b21ldGVyLnBsAHB0ZXJvY3luZG9z (previous base64 data may contain sensitive data)
NNov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth: Debug: pam(username@my.domain): Performing passdb lookup
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: Loading modules from directory: /usr/lib/dovecot/modules/auth
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: Module loaded: /usr/lib/dovecot/modules/auth/lib20_auth_var_expand_crypt.so
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): Server accepted connection (fd=13)
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): Sending version handshake
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): auth-worker<1>: Handling PASSV request
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): auth-worker<1>: pam(username@my.domain): Performing passdb lookup
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): auth-worker<1>: pam(username@my.domain): lookup service=dovecot
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): auth-worker<1>: pam(username@my.domain): #1/1 style=1 msg=Password:
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): auth-worker<1>: pam(username@my.domain): Finished passdb lookup
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth: Debug: pam(username@my.domain): Finished passdb lookup
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth: Debug: auth(username@my.domain): Auth request finished
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth: Debug: client passdb out: OK 1 user=username@my.domain
Nov 14 21:38:45 vps.domain.name.ext dovecot[604424]: auth-worker(746392): Debug: conn unix:auth-worker (pid=746374,uid=109): auth-worker<1>: Finished
Nov 14 21:38:45 vps.domain.name.ext sudo[746389]: pam_unix(sudo:session): session closed for user root

5

thanks, that’s what I was missing!

6

If you’re only hosting one, or a small number of friendly, domains, you can change the username format to not include the domain name in Virtualmin Configuration if you prefer it.

Because these are real system users, that would mean you can’t have a webmaster in two different domains without at least one of them being further qualified by something (adding domain name is how Virtualmin qualifies clashing names).

Screenshot showing Virtualmin Configuration->Defaults for new domains with "Include domain name in usernames" highlighted
Screenshot showing Virtualmin Configuration->Defaults for new domains with "Include domain name in usernames" highlighted1916×1311 431 KB

7

Probably not great advice even though it’s true. Have even 2 domains and there is a high chance that there will be two admin@ addresses and so on.
I found it better to just make it a hard rule that everyone uses their full email address.

1 Like
8

I think I was extremely clear about the implications of choosing to not include the domain name in all users. :man_shrugging:

9

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.