# vpopmail/courier-imap/squirrelmail

## lackofabettername

This may be the wrong forum, and for that I apologize.  Here's my problem.  I followed the first version of this how-to a few months ago to get my mail server up and running.  Last week, I suddenly couldn't log in via squirrelmail, nor could I log in through Evolution.  A little more investigation showed me that I could not longer receive mail on my server either.  So, I referred back to the how-to and went step by step through the process again.

I got my server to the point where it would receive mail, but for some reason it will not allow me to log in.  I have reset the vpopmail server for the account in question countless times, I've tried setting up new accounts (none of which worked either), nothing seems to work.  I've gone through the logs:

```
Jul 14 01:59:33 2punk spamd[20278]: processing message <001101c0b7eb$b557c680$02

f73f9b@users.sourceforge.net> for root:89.

Jul 14 01:59:33 2punk spamd[20278]: clean message (0.0/5.0) for root:89 in 0.1 s

econds, 303 bytes.

Jul 14 01:59:33 2punk spamd[19711]: connection from localhost [127.0.0.1] at por

t 32892

Jul 14 01:59:33 2punk spamd[20284]: processing message <9PS291LhupY> for root:89

.

Jul 14 01:59:43 2punk spamd[20284]: clean message (0.0/5.0) for root:89 in 9.7 s

econds, 1544 bytes.

Jul 14 02:44:21 2punk imapd: Connection, ip=[127.0.0.1]

Jul 14 02:44:26 2punk imapd: LOGIN FAILED, ip=[127.0.0.1]

Jul 14 02:44:26 2punk imapd: DISCONNECTED, ip=[127.0.0.1], headers=0, body=0
```

This is obviously an authentication issue, but I can't for the life of me figure out why.  I've made sure courier-imap uses vauthchkpw (vpopmail's authentication), I've installed and set up SquirrelMail's vpopmail plugin.  I've run out of ideas.

Anyone know how to fix this?

Thanks.

----------

## CompNerd

This is a shot in the dark, but you may want to check your authentication configuration.  I was having a similar problem where I was unable to get authenticated, turned out that I had a mistake in my authentication configuration.

CompNerd

----------

## lackofabettername

I agree, it probably is something in my auth. configuration.  But I've looked through everything and can't find the issue (I'm sure it's a really stupid one too...typo or something).  Here are the relavent files (please let me know if I'm missing any):

/etc/courier-imap/authdeamonrc:

```
##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $

#

# Copyright 2000-2001 Double Precision, Inc.  See COPYING for

# distribution information.

#

# authdaemonrc created from authdaemonrc.dist by sysconftool

#

# Do not alter lines that begin with ##, they are used when upgrading

# this configuration.

#

# This file configures authdaemond, the resident authentication daemon.

#

# Comments in this file are ignored.  Although this file is intended to

# be sourced as a shell script, authdaemond parses it manually, so

# the acceptable syntax is a bit limited.  Multiline variable contents,

# with the \ continuation character, are not allowed.  Everything must

# fit on one line.  Do not use any additional whitespace for indentation,

# or anything else.

##NAME: authmodulelist:0

#

# The authentication modules that are linked into authdaemond.  The

# default list is installed.  You may selectively disable modules simply

# by removing them from the following list.  The available modules you

# can use are: authcustom authcram authuserdb authvchkpw authmysql authpam

authmodulelist="authvchkpw"

##NAME: authmodulelistorig:1

#

# This setting is used by Courier's webadmin module, and should be left

# alone

authmodulelistorig="authcustom authcram authuserdb authvchkpw authmysql authpam"

##NAME: daemons:0

#

# The number of daemon processes that are started.  authdaemon is typically

# installed where authentication modules are relatively expensive: such

# as authldap, or authmysql, so it's better to have a number of them running.

# PLEASE NOTE:  Some platforms may experience a problem if there's more than

# one daemon.  Specifically, SystemV derived platforms that use TLI with

# socket emulation.  I'm suspicious of TLI's ability to handle multiple

# processes accepting connections on the same filesystem domain socket.

#

# You may need to increase daemons if as your system load increases.  Symptoms

# include sporadic authentication failures.  If you start getting

# authentication failures, increase daemons.  However, the default of 5

# SHOULD be sufficient.  Bumping up daemon count is only a short-term

# solution.  The permanent solution is to add more resources: RAM, faster

# disks, faster CPUs...

daemons=5

##NAME: version:0

#

# When you have multiple versions of authdaemond.* installed, authdaemond

# just picks the first one it finds.  Set "version" to override that.

# For example:  version=authdaemond.plain

version=""

##NAME: authdaemonvar:0

#

# authdaemonvar is here, but is not used directly by authdaemond.  It's

# used by various configuration and build scripts, so don't touch it!

authdaemonvar=/var/lib/courier-imap/authdaemon
```

/etc/courier-imap/autdaemond.conf:

```
# Copyright 1999-2004 Gentoo Foundation

# Distributed under the terms of the GNU General Public License v2

# $Header: /var/cvsroot/gentoo-x86/net-mail/courier-imap/files/authdaemond.conf,v 1.3 2004/06/26 23:30:58 robbat2 Exp $

# This file should contain your chosen authenticator

# Valid choices are..

#

# AUTHDAEMOND="authdaemond.mysql"

# AUTHDAEMOND="authdaemond.ldap"

# AUTHDAEMOND="authdaemond.plain"

#

AUTHDAEMOND="authdaemond.plain"
```

/etc/courier-imap/imapd:

```
##VERSION: $Id: imapd.dist.in,v 1.27 2004/01/24 20:09:26 mrsam Exp $

#

# imapd created from imapd.dist by sysconftool

#

# Do not alter lines that begin with ##, they are used when upgrading

# this configuration.

#

#  Copyright 1998 - 2004 Double Precision, Inc.  See COPYING for

#  distribution information.

#

#  This configuration file sets various options for the Courier-IMAP server

#  when used with the couriertcpd server.

#  A lot of the stuff here is documented in the manual page for couriertcpd.

#

#  NOTE - do not use \ to split long variable contents on multiple lines.

#  This will break the default imapd.rc script, which parses this file.

#

##NAME: ADDRESS:0

#

#  Address to listen on, can be set to a single IP address.

#

# ADDRESS=127.0.0.1

ADDRESS=0

##NAME: PORT:1

#

#  Port numbers that connections are accepted on.  The default is 143,

#  the standard IMAP port.

#

#  Multiple port numbers can be separated by commas.  When multiple port

#  numbers are used it is possible to select a specific IP address for a

#  given port as "ip.port".  For example, "127.0.0.1.900,192.68.0.1.900"

#  accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1

#  The previous ADDRESS setting is a default for ports that do not have

#  a specified IP address.

PORT=143

##NAME: AUTHSERVICE:0

#

#  It's possible to authenticate using a different 'service' parameter

#  depending on the connection's port.  This only works with authentication

#  modules that use the 'service' parameter, such as PAM.  Example:

#

#  AUTHSERVICE143=imap

#  AUTHSERVICE993=imaps

##NAME: MAXDAEMONS:0

#

#  Maximum number of IMAP servers started

#

MAXDAEMONS=40

##NAME: MAXPERIP:0

#

#  Maximum number of connections to accept from the same IP address

MAXPERIP=4

##NAME: PIDFILE:0

#

#  File where couriertcpd will save its process ID

#

PIDFILE=/var/run/imapd.pid

##NAME: TCPDOPTS:0

#

# Miscellaneous couriertcpd options that shouldn't be changed.

#

TCPDOPTS="-nodnslookup -noidentlookup"

##NAME: AUTHMODULES:0

#

# Authentication modules.  Here's the default list:

#

#    authdaemon

#

# The default is set during the initial configuration.

#

AUTHMODULES="authvchkpw"

##NAME: AUTHMODULES_ORIG:0

#

# For use by webadmin

AUTHMODULES_ORIG="authdaemon"

##NAME: DEBUG_LOGIN:0

#

# Dump additional login diagnostics to syslog

#

# DEBUG_LOGIN=0   - turn off login debugging

# DEBUG_LOGIN=1   - turn on login debugging

# DEBUG_LOGIN=2   - turn on login debugging + log passwords too

DEBUG_LOGIN=0

##NAME: IMAP_CAPABILITY:1

#

# IMAP_CAPABILITY specifies what most of the response should be to the

# CAPABILITY command.

#

# If you have properly configured Courier to use CRAM-MD5 or CRAM-SHA1

# authentication (see INSTALL), set IMAP_CAPABILITY as follows:

#

# IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

#

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"

##NAME: KEYWORDS_CAPABILITY:0

#

# IMAP_KEYWORDS=1 enables custom IMAP keywords.  Set this option to 0 to

# disable custom keywords.

IMAP_KEYWORDS=1

##NAME: SMAP1_CAPABILITY:0

#

# EXPERIMENTAL

#

# To enable the experimental "Simple Mail Access Protocol" extensions,

# uncomment the following setting.

#

# SMAP_CAPABILITY=SMAP1

##NAME: IMAP_CAPABILITY_ORIG:1

#

# For use by webadmin

IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

##NAME: IMAP_IDLE_TIMEOUT:0

#

# This setting controls how often

# the server polls for changes to the folder, in IDLE mode (in seconds).

IMAP_IDLE_TIMEOUT=60

##NAME: IMAP_CAPABILITY_TLS:0

#

# The following setting will advertise SASL PLAIN authentication after

# STARTTLS is established.  If you want to allow SASL PLAIN authentication

# with or without TLS then just comment this out, and add AUTH=PLAIN to

# IMAP_CAPABILITY

IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

##NAME: IMAP_TLS_ORIG:0

#

# For use by webadmin

IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"

##NAME: IMAP_DISABLETHREADSORT:0

#

# Set IMAP_DISABLETHREADSORT to disable the THREAD and SORT commands -

# server side sorting and threading.

#

# Those capabilities will still be advertised, but the server will reject

# them.  Set this option if you want to disable all the extra load from

# server-side threading and sorting.  Not advertising those capabilities

# will simply result in the clients reading the entire folder, and sorting

# it on the client side.  That will still put some load on the server.

# advertising these capabilities, but rejecting the commands, will stop this

# silliness.

#

IMAP_DISABLETHREADSORT=0

##NAME: IMAP_CHECK_ALL_FOLDERS:0

#

# Set IMAP_CHECK_ALL_FOLDERS to 1 if you want the server to check for new

# mail in every folder.  Not all IMAP clients use the IMAP's new mail

# indicator, but some do.  Normally new mail is checked only in INBOX,

# because it is a comparatively time consuming operation, and it would be

# a complete waste of time unless mail filters are used to deliver

# mail directly to folders.

#

# When IMAP clients are used which support new mail indication, and when

# mail filters are used to sort incoming mail into folders, setting

# IMAP_CHECK_ALL_FOLDERS to 1 will allow IMAP clients to announce new

# mail in folders.  Note that this will result in slightly more load on the

# server.

#

IMAP_CHECK_ALL_FOLDERS=0

##NAME: IMAP_OBSOLETE_CLIENT:0

#

# Set IMAP_OBSOLETE_CLIENT if your IMAP client expects \\NoInferiors to mean

# what \\HasNoChildren really means.

IMAP_OBSOLETE_CLIENT=0

##NAME: IMAP_ULIMITD:0

#

# IMAP_ULIMITD sets the maximum size of the data segment of the server

# process.  The value of IMAP_ULIMITD is simply passed to the "ulimit -d"

# command (or ulimit -v).  The argument to ulimi sets the upper limit on the

# size of the data segment of the server process, in kilobytes.  The default

# value of 65536 sets a very generous limit of 64 megabytes, which should

# be more than plenty for anyone.

#

# This feature is used as an additional safety check that should stop

# any potential denial-of-service attacks that exploit any kind of

# a memory leak to exhaust all the available memory on the server.

# It is theoretically possible that obscenely huge folders will also

# result in the server running out of memory when doing server-side

# sorting (by my calculations you have to have at least 100,000 messages

# in a single folder, for that to happen).

IMAP_ULIMITD=65536

##NAME: IMAP_USELOCKS:0

#

# Setting IMAP_USELOCKS to 1 will use dot-locking to support concurrent

# multiple access to the same folder.  This incurs slight additional

# overhead.  Concurrent multiple access will still work without this setting,

# however occasionally a minor race condition may result in an IMAP client

# downloading the same message twice, or a keyword update will fail.

#

# IMAP_USELOCKS=1 is strongly recommended when shared folders are used.

IMAP_USELOCKS=1

##NAME: IMAP_SHAREDINDEXFILE:0

#

# The index of all accessible folders.  Do not change this setting unless

# you know what you're doing.  See README.sharedfolders for additional

# information.

IMAP_SHAREDINDEXFILE=/etc/courier-imap/shared/index

##NAME: IMAP_ENHANCEDIDLE:0

#

# If Courier was compiled with the File Alteration Monitor, setting

# IMAP_ENHANCEDIDLE to 1 enables enhanced IDLE mode, where multiple

# clients may open the same folder concurrently, and receive updates to

# folder contents in realtime.  See the imapd(8) man page for additional

# information.

#

# IMPORTANT: IMAP_USELOCKS *MUST* also be set to 1, and IDLE must be included

# in the IMAP_CAPABILITY list.

#

IMAP_ENHANCEDIDLE=0

##NAME: IMAP_TRASHFOLDERNAME:0

#

# The name of the magic trash Folder.  For MSOE compatibility,

# you can set IMAP_TRASHFOLDERNAME="Deleted Items".

#

# IMPORTANT:  If you change this, you must also change IMAP_EMPTYTRASH

IMAP_TRASHFOLDERNAME=Trash

##NAME: IMAP_EMPTYTRASH:0

#

# The following setting is optional, and causes messages from the given

# folder to be automatically deleted after the given number of days.

# IMAP_EMPTYTRASH is a comma-separated list of folder:days.  The default

# setting, below, purges 7 day old messages from the Trash folder.

# Another useful setting would be:

#

# IMAP_EMPTYTRASH=Trash:7,Sent:30

#

# This would also delete messages from the Sent folder (presumably copies

# of sent mail) after 30 days.  This is a global setting that is applied to

# every mail account, and is probably useful in a controlled, corporate

# environment.

#

# Important: the purging is controlled by CTIME, not MTIME (the file time

# as shown by ls).  It is perfectly ordinary to see stuff in Trash that's

# a year old.  That's the file modification time, MTIME, that's displayed.

# This is generally when the message was originally delivered to this

# mailbox.  Purging is controlled by a different timestamp, CTIME, which is

# changed when the file is moved to the Trash folder (and at other times too).

#

# You might want to disable this setting in certain situations - it results

# in a stat() of every file in each folder, at login and logout.

#

IMAP_EMPTYTRASH=Trash:7

##NAME: IMAP_MOVE_EXPUNGE_TO_TRASH:0

#

# Set IMAP_MOVE_EXPUNGE_TO_TRASH to move expunged messages to Trash.  This

# effectively allows an undo of message deletion by fishing the deleted

# mail from trash.  Trash can be manually expunged as usually, and mail

# will get automatically expunged from Trash according to IMAP_EMPTYTRASH.

#

# NOTE: shared folders are still expunged as usual.  Shared folders are

# not affected.

#

IMAP_MOVE_EXPUNGE_TO_TRASH=0

##NAME: OUTBOX:0

#

# The next set of options deal with the "Outbox" enhancement.

# Uncomment the following setting to create a special folder, named

# INBOX.Outbox

#

# OUTBOX=.Outbox

##NAME: SENDMAIL:0

#

# If OUTBOX is defined, mail can be sent via the IMAP connection by copying

# a message to the INBOX.Outbox folder.  For all practical matters,

# INBOX.Outbox looks and behaves just like any other IMAP folder.  If this

# folder doesn't exist it must be created by the IMAP mail client, just

# like any other IMAP folder.  The kicker: any message copied or moved to

# this folder is will be E-mailed by the Courier-IMAP server, by running

# the SENDMAIL program.  Therefore, messages copied or moved to this

# folder must be well-formed RFC-2822 messages, with the recipient list

# specified in the To:, Cc:, and Bcc: headers.  Courier-IMAP relies on

# SENDMAIL to read the recipient list from these headers (and delete the Bcc:

# header) by running the command "$SENDMAIL -oi -t -f $SENDER", with the

# message piped on standard input.  $SENDER will be the return address

# of the message, which is set by the authentication module.

#

# DO NOT MODIFY SENDMAIL, below, unless you know what you're doing.

#

SENDMAIL=/usr/sbin/sendmail

##NAME: HEADERFROM:0

#

# For administrative and oversight purposes, the return address, $SENDER

# will also be saved in the X-IMAP-Sender mail header.  This header gets

# added to the sent E-mail (but it doesn't get saved in the copy of the

# message that's saved in the folder)

#

# WARNING - By enabling OUTBOX above, *every* IMAP mail client will receive

# the magic OUTBOX treatment.  Therefore advance LARTing is in order for

# _all_ of your lusers, until every one of them is aware of this.  Otherwise if

# OUTBOX is left at its default setting - a folder name that might be used

# accidentally - some people may be in for a rude surprise.  You can redefine

# the name of the magic folder by changing OUTBOX, above.  You should do that

# and pick a less-obvious name.  Perhaps brand it with your organizational

# name ( OUTBOX=.WidgetsAndSonsOutbox )

HEADERFROM=X-IMAP-Sender

##NAME: IMAPDSTART:0

#

# IMAPDSTART is not used directly.  Rather, this is a convenient flag to

# be read by your system startup script in /etc/rc.d, like this:

#

#  . /etc/courier-imap/imapd

#

#  case x$IMAPDSTART in

#  x[yY]*)

#        /usr/lib/courier-imap/imapd.rc start

#        ;;

#  esac

#

# The default setting is going to be NO, so you'll have to manually flip

# it to yes.

IMAPDSTART=YES

##NAME: MAILDIRPATH:0

#

# MAILDIRPATH - directory name of the maildir directory.

#

MAILDIRPATH=Maildir

#Hardwire a value for ${MAILDIR}

MAILDIR=.maildir

#Put any program for ${PRERUN} here

PRERUN=
```

Everything seems to be in order.  This is what I had before, so as far as I know it should work.  Again, vpopmail and courier-imap are working together nicely...I can receive mail to the correct directory (/var/vpopmail/domains/mydomain.com/myaccount/.maildir), but cannot authenticate.

Can anyone see a problem here?

----------

## lackofabettername

Interesting development...

I tailed my mail.log and tried to connect via squirrelmail:

```
Jul 14 04:25:07 2punk imapd: Connection, ip=[127.0.0.1]

Jul 14 04:25:07 2punk imapd: could not connect to mysql update server Access denied for user: 'root@localhost' (Using password: YES) with database

Jul 14 04:25:07 2punk imapd: could not connect to mysql update server Access denied for user: 'root@localhost' (Using password: YES)

Jul 14 04:25:12 2punk imapd: LOGIN FAILED, ip=[127.0.0.1]

Jul 14 04:25:12 2punk imapd: DISCONNECTED, ip=[127.0.0.1], headers=0, body=0
```

Why is it trying to connect to mysql as root?  Vpopmail is supposed to connect to mysql with vpopmail@localhost with the specified password in /etc/vpopmail.conf.

Any guesses as to why courier-imap is overlooking vpopmail's authentication and using its own?  I think this is why I can't log in.

----------

## CompNerd

Hmm, could you post the vpopmail configuration?  Just remove the password from the file when posting.

On a side note, it really helps if you strip the comments out of the configurations when posting. Here is a link that explains how to do that easily.

CompNerd

----------

## lackofabettername

/etc/vpopmail.conf:

```
localhost|0|vpopmail|passwd|vpopmail

localhost|0|vpopmail|passwd|vpopmail
```

I just noticed that the "0" is supposed to represent the port to connect to.  Should that be the port mysql is running on?

 *Quote:*   

> On a side note, it really helps if you strip the comments out of the configurations when posting.

 

I left the comments in this one for anyone not familiar with courier-imap's config files in the event that there is some sort of logical error.  Thanks for the tip though, I'm sure I'll use it at some point.  :Very Happy: 

----------

## lackofabettername

Tried changing the port in /etc/vpopmail.conf to the one mysql is running on...no change.

Any guesses as to why vpopmail is trying to log into mysql as root?

----------

## CompNerd

Hmm, have you checked your vpopmail.mysql file?

CompNerd

----------

## lackofabettername

 *CompNerd wrote:*   

> Hmm, have you checked your vpopmail.mysql file

 

It's identical to my /etc/vpopmail.conf.   :Confused: 

Any more ideas?

----------

## CompNerd

As far as I know, the only possible cause could be the cpopmail.mysql file, as that is where it looks to get the vpopmail user and password for the mysql connection.

Sorry.

CompNerd

----------

## lackofabettername

Well, thanks for the effort...it's much appreciated.

Does anyone have any guesses as to what my problem is?

----------

## JohnGalt00

Bump, cause I'm having the same logging in with root problem.

My install was working fine, and then I upgraded vpopmail. In the process, it changed the format of /etc/vpopmail.conf file.

----------

## JohnGalt00

Ok, I had unintentionally upgraded to the unstable version (5.4.x) . Downgraded to the stable version (5.2.x), and everything started working again. HTH

----------

