Re: [SOGo] Authentication using ldap-md5 password fails
For MD5, hex encoding is the default. You can change that by modifying
the scheme from {MD5} to {MD5.b64}
See also the documentation of userPasswordAlgorithm in the installation
guide. [1]
Nicolas
[1]
https://github.com/Alinto/sogo/blob/master/Documentation/SOGoInstallationGuide.asciidoc
Am 12.12.23 um 10:25 schrieb Владимир Вишняков (vishnyakov@gmail.com):
Sorry, but rollback is not possible.
I needed to move the mailer to another server. A backup was made on
the old server, on the new server I launched mailcow, then deployed
the backup using the backup_and_restore.sh script( (supplied with
mailcow).
All containers started successfully, imap / smtp are working for all
users.
Sogo also worked, but I tested it on a user with {BLF-CRYPT} password.
A couple of days later, a person contacted me who could not enter
sogo. I started looking into it and realized that only users with an
md5 hash cannot log in.
SOGO current version: 5.9.0
Old ver - i think Sogo 5.8.0, I can't look anymorе, old server is down.
вт, 12 дек. 2023 г. в 13:30, qhivert :
Hello, you’ve updated from what sogo version to what? If you
rollback your mailcow does it work again?
Quentin
*From:*users-requ...@sogo.nu *On Behalf Of
*
*Sent:* mardi 12 décembre 2023 07:22
*To:* users@sogo.nu
*Subject:* [SOGo] Authentication using ldap-md5 password fails
Good afternoon
I use a mailcow: dockerized mail server with an integrated
container SOGO. After the update, sogo stopped allowing users
whose password hash was generated using the {MD5} algorithm. Users
whose password is generated by {BLF-CRYPT} are authenticated
normally. I turned on the logs, in the logs I can see access to
the database and retrieval of the password hash, but the password
is not accepted.
Dec 12 10:26:01 260deb884b40 2023-12-12 10:26:01.627 sogod[69:69]
SQL:
SELECT c_password FROM _sogo_static_view WHERE c_uid =
'pp_pet...@xx.xx';
Dec 12 10:26:01 260deb884b40 2023-12-12 10:26:01.627 sogod[69:69]
query has results, entering fetch-mode.
...
SOGoRootPage Login from 'MY.IP.AD.DR' for user 'pp_pet...@xx.xx'
might not have worked - password policy: 65535 grace: -1 expire:
-1 bound: 0
"c_password" field on _sogo_static_view contains hash like:
{MD5}ZVN1hovmmV34NCxjRKIDVw==
Base64 encoded MD5 hash
userPasswordAlg setting:
userPasswordAlgoritm
ldap-md5
i also try md5
What could be the problem?Plz help me fix it
Re: [SOGo] SMTP TLS verification
Hi, You could add the external hostname to /etc/hosts, which then would resolve to localhost again. Alternatively, you could also make the non-TLS port bind on localhost only, in this way it isnt exposed externally (passing -o smtp_bind_address in master.cf). Nicolas Am 15.04.23 um 17:36 schrieb "Simon Wilson" (si...@simonandkate.net): I see with SOGoSMTPServer that I can set "smtp://localhost:587/?tls=YES=allowInsecureLocalhost" - however this only works when the SMTP server is at localhost. I use a non-localhost SMTP server which uses Let's Encrypt certs for Postfix, but pinned to external domain names. Thus when using internal addressing for this server the certificate verification fails when submitted to by SOGo. Is there a way to accept insecure non-localhost? Otherwise I have to open submission port externally and loop back to it, which is not a preferred option.
Re: [SOGo] DNS A record round robin
As sogo does not resolve by itself the hostname, I'd recommend setting up your resolver to return the records accordingly. This can be also done on a per-host basis. E.g. by configuring systemd-resolved (which randomizes) or unbound (which defaults to round-robin) locally on the host via resolv.conf. Nicolas Am 08.11.22 um 12:42 schrieb Marco Moock (marco.mo...@urz.uni-heidelberg.de): Hello, at work we have 2 IMAP servers. There is a hostname with 2 A records. Does sogo do DNS round-robin by using them randomly or does sogo use just the first and only uses the second if the first is unreachable? Currently the requests only go to the machine listed in the 1st A.
Re: [SOGo] Install source
You didnt install libytnef0-dev, thats why libSOGo cant be built, hence the following error. Am 31.08.22 um 12:17 schrieb mich (supp...@foxnet.be): Hello I am at the make function of the SOGo compilation, but I have an error: Making all for framework SOGo... Compiling file SOGoBuild.m ... Creating derived_src/NSFramework_SOGo.m... Compiling file derived_src/NSFramework_SOGo.m ... Linking framework SOGo ... /usr/bin/ld: cannot find -lytnef collect2: error: ld returned 1 exit status Copying resources into the framework wrapper... Creating SOGo.framework/Versions/5/Resources/Info-gnustep.plist... make[3]: Nothing to be done for 'internal-master-library-all'. make[3]: Nothing to be done for 'internal-master-tool-all'. Making all in Appointments ... Making all for wobundle Appointments... gcc -shared \ -rdynamic -Wl,--no-as-needed -lcurl -shared-libgcc -pthread -fexceptions -o Appointments.SOGo/./Appointments \ ./obj/Appointments.obj/Product.m.o ./obj/Appointments.obj/NSArray+Appointments.m.o ./obj/Appointments.obj/iCalAlarm+SOGo.m.o ./obj/Appointments.obj/iCalCalendar+SOGo.m.o ./obj/Appointments.obj/iCalEntityObject+SOGo.m.o ./obj/Appointments.obj/iCalRepeatableEntityObject+SOGo.m.o ./obj/Appointments.obj/iCalEvent+SOGo.m.o ./obj/Appointments.obj/iCalEventChanges+SOGo.m.o ./obj/Appointments.obj/iCalPerson+SOGo.m.o ./obj/Appointments.obj/iCalToDo+SOGo.m.o ./obj/Appointments.obj/SOGoCalendarComponent.m.o ./obj/Appointments.obj/SOGoAppointmentObject.m.o ./obj/Appointments.obj/SOGoTaskObject.m.o ./obj/Appointments.obj/SOGoComponentOccurence.m.o ./obj/Appointments.obj/SOGoAppointmentOccurence.m.o ./obj/Appointments.obj/SOGoTaskOccurence.m.o ./obj/Appointments.obj/SOGoAppointmentFolder.m.o ./obj/Appointments.obj/SOGoAppointmentFolderICS.m.o ./obj/Appointments.obj/SOGoAppointmentFolderObject.m.o ./obj/Appointments.obj/SOGoAppointmentFolderXML.m.o ./obj/Appointments.obj/SOGoAppointmentInboxFolder.m.o ./obj/Appointments.obj/SOGoWebAppointmentFolder.m.o ./obj/Appointments.obj/SOGoAppointmentFolders.m.o ./obj/Appointments.obj/SOGoFreeBusyObject.m.o ./obj/Appointments.obj/SOGoUser+Appointments.m.o ./obj/Appointments.obj/SOGoUserFolder+Appointments.m.o ./obj/Appointments.obj/SOGoCalendarProxy.m.o ./obj/Appointments.obj/SOGoAptMailNotification.m.o ./obj/Appointments.obj/SOGoAptMailInvitation.m.o ./obj/Appointments.obj/SOGoAptMailDeletion.m.o ./obj/Appointments.obj/SOGoAptMailICalReply.m.o ./obj/Appointments.obj/SOGoAptMailUpdate.m.o ./obj/Appointments.obj/SOGoAptMailReceipt.m.o ./obj/Appointments.obj/SOGoAptMailReminder.m.o ./obj/Appointments.obj/SOGoEMailAlarmsManager.m.o ./obj/Appointments.obj/MSExchangeFreeBusySOAPRequest.m.o ./obj/Appointments.obj/MSExchangeFreeBusy.m.o \ -L../SOGo/SOGo.framework/Versions/Current/sogo/ -lSOGo -L../../SOGo/./obj/ -L../../SOPE/NGCards/./obj/ -lNGCards -L../../SOPE/GDLContentStore/./obj/ -lGDLContentStore -L/usr/local/lib -Wl,-rpath,/usr/lib/sogo -L../../SOPE/GDLContentStore/obj/ -L/root/GNUstep/Library/Libraries -L/usr/local/lib -L/usr/lib -lNGObjWeb -lNGMime -lNGStreams -lNGExtensions -lGDLAccess -lNGObjWeb -lNGMime -lNGLdap -lNGStreams -lNGExtensions -lEOControl -lDOM -lSaxObjC -lSBJson -lgnustep-base-lobjc -lm /usr/bin/ld: cannot find -lSOGo collect2: error: ld returned 1 exit status make[3]: *** [/usr/share/GNUstep/Makefiles/wobundle.make:173: Appointments.SOGo/./Appointments] Error 1 make[2]: *** [/usr/share/GNUstep/Makefiles/Master/rules.make:297: Appointments.all.wobundle.variables] Error 2 make[1]: *** [/usr/share/GNUstep/Makefiles/Master/serial-subdirectories.make:53: internal-all] Error 2 make: *** [/usr/share/GNUstep/Makefiles/Master/serial-subdirectories.make:53: internal-all] Error 2 2, let's say, the 1st: /usr/bin/ld: cannot find -lytnef Is the second : /usr/bin/ld: cannot find -lSOGo Any ideas? Debian 11. Michel Le 31/08/22 11:20, « Christian Mack(christian.m...@uni-konstanz.de) » a écrit : Hello Configuration depends a lot on your preferences and setup. Have you read and understood the SOGo Installation and Configuration Guide? https://www.sogo.nu/files/docs/SOGoInstallationGuide.html If you only want a hobby setup or one for small user base with low effort on your side, you should check out mailcow. https://mailcow.email/ Kind regards, Christian Mack Am 30.08.22 um 09:24 schrieb mich (supp...@foxnet.be): > Helllo > > Ok, is then the configuration of sogo, I am that it process, using apache, mysql, dovecot, exim? > Good to you > > Michel > > > Le 29/08/22 12:11, « Christian Mack(christian.m...@uni-konstanz.de) » a écrit : > > Hello > > How about the following FAQ? > https://www.sogo.nu/support/faq/how-do-i-compile-sogo.html > > > Kind regards,
Re: [SOGo] ANN: SOGo v5.7.1 released!
Hi Luca, is it be possible that localhost resolved to the ipv6 localhost, ie. ::1 and your imap proxy is not listening on ipv6? The ipv6 support is new in sogo 5.7.1 Nicolas Am 23.08.22 um 10:10 schrieb Luca Olivetti (l...@wetron.es): El 23/8/22 a les 9:32, Luca Olivetti (l...@wetron.es) ha escrit: It seems the problem is due to imapproxy (I tried to remove cas authentication and even with the built-in auth it couldn't login to the authentication server). If I connect directly to the imap server then it works. that should be "it couldn't login to the imap server" In any case the only thing that's been upgraded is SOGo. I traced the connection to the imapproxy port with tcpdump and I could see that for some reason SOGo cannot manage to connect to "localhost", changing it to "127.0.0.1" made it work again i.e. I changed SOGoIMAPServer = imap://localhost:1143; to SOGoIMAPServer = imap://127.0.0.1:1143; For the record, using "localhost" SOGo replied with RST,ACK to every SYN coming from the proxy. Now, if only I could find a similar easy fix for https://www.mail-archive.com/users%40sogo.nu/msg31396.html Bye
Re: [SOGo] Need help with external SMTP-server
Hi Marina, > I am able to send a mail from address us...@abcd.tld to > us...@domain1.tld when using SOGo's webfrontend. But using the > Webfrontend I cannot send an email to external services like > user.n...@gmail.com or anything like that. This sounds like a configuration problem on the postfix configuration. Is it handling incoming email differently when they come from the inside of your network? > Jan 13 12:26:04 sogod [27233]: |SOGo| starting method 'POST' on uri > '/SOGo/so/orange/Mail/0/folderINBOX/folderDrafts/newDraft1610537152-1/send' > Jan 13 12:26:05 sogod [27233]: [WARN] > <0x0x55f51340a7c0[SOGoUserDefaults]> expected an NSString for > 'SOGoMailComposeFontSize' (ignored) > Jan 13 12:26:05 sogod [27233]: [ERROR] <0x0x55f513552a50[SOGoMailer]> > Could not connect to the SMTP server smtp://abc.tld > Jan 13 12:26:05 sogod [27233]: |SOGo| request took 0.666737 seconds to > execute > > > I mean, why do I get a relay-denied-error from the recipient's > server?! Why does sogo try to send via google or yahoo or whoever, I > want to send via my smtp-server defined in sogo.conf - this gives me a > headache. Where do you see the relay denied error? > *Second Case: * > Keeping everything the same but changing the smtp-line in sogo.conf to > > SOGoSMTPServer = "smtp://abc.tld:587/?tls=YES"; > > results in an errormessage in the browser-window saying: > Requires state 2, now 1 > > and in the log I find: > > Jan 13 12:36:31 sogod [29373]: |SOGo| starting method 'POST' on uri > '/SOGo/so/orange/Mail/0/folderINBOX/folderDrafts/newDraft1610537787-1/send' > Jan 13 12:36:31 sogod [29373]: [WARN] > <0x0x5562213901e0[SOGoUserDefaults]> expected an NSString for > 'SOGoMailComposeFontSize' (ignored) > 2021-01-13 12:36:31.750 sogod[29373:29373] ERROR(-[NGActiveSSLSocket > startTLS]): couldn't setup SSL connection on host > abc.tld (error:0001:lib(0):func(0):reason(1))... > 2021-01-13 12:36:31.750 sogod[29373:29373] SMTP: unable to perform > STARTTLS on socket > Jan 13 12:36:31 sogod [29373]: [ERROR] <0x0x5562213bdf60[SOGoMailer]> > Could not connect to the SMTP server smtp://abc.tld:587/?tls=YES > Jan 13 12:36:31 sogod [29373]: |SOGo| request took 0.566150 seconds to > execute > This is odd, is it possible that certificate validation fails? Can you try from the command line: openssl s_client -starttls smtp -connect abc.tld:587 | openssl x509 -noout -text And then validate the given hostname is in the certificates subject or alternative name. > *Third case: * > > Changing the smtp-line to > > SOGoSMTPServer = "smtp://abc.tld:465"; > Port 465 is typically SMTPS. So change smtp:// to smtps:// Nicolas -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] 5.0.1: Possible imaps error
Hi Lars, You have passed tlsVerifyMethod=allowInsecureLocalhost instead of tlsVerifyMode Ie. `Mode` vs `Method`. So the TLS validation will default to normal host name validation and then fail (as expected). Nicolas Am 06.11.20 um 16:57 schrieb Lars Liedtke (lied...@punkt.de): Addition: using imap://localhost:143/?tls=YES=allowInsecureLocalhost" leads to Nov 06 16:34:12 sogod [60950]: [ERROR] <0x0x807446b28[NGImap4ConnectionManager]> IMAP4 login failed: host=localhost, user=ry86, pwd=yes url=imaps://ry86@localhost/?tls=YES=default base=(null) base-class=(null)) = <0x0x80742b148[NGImap4Client]: login=ry86(pwd) socket=>> using imap://localhost:143 works. This is not a big Problem, bc were on localhost; but it seems a bug, whichmight affect others as well Cheers Lars -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] SOGo 5.0.0 Login Problem -> SOGo 5.0.1
HI Lars, Everything is working fine now in the production-system clone. I will have to play through the whole update process again, to make sure that works flawlessly but you helped me clarifiying the config very much, indeed. Maybe this could be clarified in the documentation as well(?). I would be willing to do that with providing a pull request, in a couple of days. I'm happy this works! Would be great to help others not to fall into the same trap. The only thing that bugs me a bit, is that the WebUI simply goes blank, when there are certain configuration errors. Do you see a way to improve this? Certainly, I think this needs to be handled properly by the exception handling. However, I am no expert in objc in this. Maybe file a bug report. best regards, Nicolas -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] SOGo 5.0.0 Login Problem -> SOGo 5.0.1
Hi Lars, ERROR(-[NGImap4Client _processUnknownCommandParserException:]): catched non-IMAP4 parsing exception NGSocketException: NGActiveSocket is not open Nov 04 12:25:43 sogod [85659]: [ERROR] <0x0x8123bd708[NGImap4ConnectionManager]> IMAP4 login failed: > host=localhost, user=ry86, pwd=yes > url=imaps://ry86@localhost:993/?tls=YES=allowInsecureLocalhost > base=(null) > base-class=(null)) > = <0x0x80c3c7028[NGImap4Client]: login=ry86(pwd) socket= address=<0x0x80caeb758[NGInternetSocketAddress]: host=localhost port=42967>>> Please do not combine imaps (imap over TLS, default port 993) and IMAP with STARTTLS (port 143, and the TLS connection is established on the same socket after the handshake). What you probably wanted was one of these: * imaps://localhost:993/?tlsVerifyMode=allowInsecureLocalhost or * imap://localhost:143/?tls=YES=allowInsecureLocalhost Cheers, Nicolas -- users@sogo.nu https://inverse.ca/sogo/lists
Re: [SOGo] SOGo 5.0.0 Login Problem -> SOGo 5.0.1
Hi Lars, Any ideas on that? It is no problem running 5.0.0 for us for now, I just wanted to share this, as it might be helpful. Or should I run SOGo 5.0.1 with SOPE 5.0.0 on commit 099e8b0ec8251dbddeff337fe728d9398ba744b2? This Log is not really helpful (at least not to me), unfortunately. If you have time and want to figure out what commit is causing this, I'd suggest to start with 5.0.0 both SOGo and SOPE and then upgrade SOPE to 5.0.1 and then if it still works try to bisect which SOGo commit is causing the login problems. cheers, Nicolas -- users@sogo.nu https://inverse.ca/sogo/lists
[SOGo] SOGo 5.0.0 Login Problem
Hi, this error: 2020-10-01 17:35:39.988 sogod[14915:101031] EXCEPTION: 0x80c39b878> NAME:NSInvalidArgumentException REASON:-[NSURL queryComponents]: unrecognized selector sent to instance 0x80c39b7e8 INFO:(null) Indicates your SOPE version is not up-to-date. Make sure you are building with at least SOPE 5.0.0 (tagged as `SOPE-5.0.0` in git). Also if you're using starttls for smtp or imap, better use the latest HEAD, otherwise you're going to suffer from leaking file descriptors. Cheers, Nicolas -- users@sogo.nu https://inverse.ca/sogo/lists
