IMAP Login impossible, but webmail works fine

h8h · June 26, 2015, 4:12pm

I’ve already solved this odd behaviour by changing the password at the admin form.

My box was under attack (many false login attempts) . At that time a user tried to sign on and dovecot slow responses. The user gets a failure from outlook and was not able to login anymore. But webmail just works fine. I told him to change the password on the roundcube password form, but the password form also says that the current password is wrong. The last attempt I did was to change the password at the miab admin interface and everything works out fine.

Is there another authentication mechansim for roundcube / php? I don’t think so, but any thoughts?

Thanks so far, have a nice weekend

H8H

JoshData · June 26, 2015, 8:27pm

No it’s the same login system. There was another thread about character encoding issues making things work differently between Roundcube and IMAP though.

h8h · June 28, 2015, 3:15pm

Ok thanks, but its not the encoding issue, becaue everything works fine until someone Dos the box …

radek · June 28, 2015, 5:50pm

Hi, can you find some error log messages?

# cat /var/log/syslog | grep drop

I am thinking about process_limit: Mailserver Limits

h8h · June 28, 2015, 7:31pm

Sorry, logs are essential for this business though here they are:

Jun 22 05:37:16 srv dovecot: imap-login: Error: socket(/var/run/dovecot/config) failed: Cannot allocate memory
Jun 22 05:37:16 srv dovecot: imap-login: Error: socket(/var/run/dovecot/config) failed: Cannot allocate memory
Jun 22 05:37:16 srv dovecot: imap-login: Fatal: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Cannot allocate memory
Jun 22 05:37:16 srv dovecot: master: Error: service(imap-login): command startup failed, throttling for 2 secs
Jun 22 05:37:17 srv dovecot: pop3-login: Error: socket(pop3) failed: Cannot allocate memory
Jun 22 05:37:17 srv dovecot: pop3-login: Error: net_connect_unix(pop3) failed: Cannot allocate memory
Jun 22 05:37:17 srv dovecot: pop3-login: Internal login failure (pid=9957 id=1) (internal failure, 1 successful auths): user=<xxx>, method=PLAIN, rip=xxx, lip=xxx, TLS, session=
Jun 22 05:38:06 srv postfix/smtpd[9969]: warning: connect to private/tlsmgr: Cannot allocate memory
Jun 22 05:38:06 srv postfix/smtpd[9969]: warning: problem talking to server private/tlsmgr: Cannot allocate memory
Jun 22 05:38:07 srv postfix/smtpd[9969]: warning: connect to private/tlsmgr: Cannot allocate memory
Jun 22 05:38:07 srv postfix/smtpd[9969]: warning: problem talking to server private/tlsmgr: Cannot allocate memory
Jun 22 05:38:07 srv postfix/smtpd[9969]: warning: no entropy for TLS key generation: disabling TLS support
Jun 22 05:38:07 srv postfix/smtpd[9970]: fatal: inet_addr_local[getifaddrs]: getifaddrs: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: warning: connect to private/anvil: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: warning: problem talking to server private/anvil: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: warning: SASL: Connect to private/auth failed: Cannot allocate memory
Jun 22 05:38:08 srv postfix/smtpd[9969]: fatal: no SASL authentication mechanisms
Jun 22 05:38:08 srv postfix/master[9349]: warning: process /usr/lib/postfix/smtpd pid 9970 exit status 1
Jun 22 05:38:08 srv postfix/master[9349]: warning: /usr/lib/postfix/smtpd: bad command startup -- throttling
Jun 22 05:38:09 srv postfix/master[9349]: warning: process /usr/lib/postfix/smtpd pid 9969 exit status 1

First login attempt by an authorized user (via outlook 2013)

Jun 22 08:02:31 srv dovecot: auth: Error: PLAIN(xxx,xxxx,<xxx>): Request 10617.1 timed out after 150 secs, state=1

Next try (via outlook 2013)

Jun 22 08:04:02 srv dovecot: auth: Error: PLAIN(xxx,xxxx,<xxx>): Request 10628.1 timed out after 150 secs, state=1

After dovecot / postfix restart, he tries again (via outlook 2013)

imap-login: Disconnected (auth failed, 9 attempts in 109 secs): user=<xxx>, method=PLAIN, rip=xxxx, lip=xxx, TLS: Disconnected, session=<xxx>
Jun 22 10:10:54 srv dovecot: imap-login: Disconnected: Too many invalid commands (no auth attempts in 0 secs): user=<>, rip=xxx, lip=xxx, session=<xxx>

But login via webmail / localhost works fine for him

Jun 22 11:17:47 srv dovecot: imap-login: Login: user=xxxx, method=PLAIN, rip=::1, lip=::1, mpid=xxxx, TLS, session=<xxx>
Jun 22 11:17:47 srv dovecot: imap(xxxx): Disconnected: Logged out in=91 out=908

Not webmail / outlook 2013

Jun 22 11:17:51 srv dovecot: imap-login: Disconnected (auth failed, 1 attempts in 7 secs): user=<xxxxx>, method=PLAIN, rip=xxx, lip=xxx, TLS: Disconnected, session=<xxxx>

radek · June 28, 2015, 8:13pm

Cannot allocate memory

Looks like you have not enough free RAM. Check memory consumption on that machine and let us know.

h8h · June 28, 2015, 8:23pm

Thanks. Thats another issue, I’ve 3GB of Ram but I think the tcp numsocks are the main problem. But the most significant problem is that the sqlite database gets corrupted or something else broke and I don’t know why the user is able to login via webmail and not via an email client. He does not change anything nor password or email connection settings.

ATM the box uses 650MB

             total       used       free     shared    buffers     cached
Mem:          4.0G       1.0G       3.0G       172M         0B       377M
-/+ buffers/cache:       646M       3.4G
Swap:         3.0G         0B       3.0G

or more human unreadable

             total       used       free     shared    buffers     cached
Mem:       4194304    1050956    3143348     176344          0     387104
-/+ buffers/cache:     663852    3530452
Swap:      3145728          0    3145728