Can't login to Webmail using dovecot master password

[Andriy]

Hello. I have a question. Now I want to enable login to any customer's mailbox without user's password using dovecot master password without using cPanel session IDs.

I've configured dovecot and tested this config on server without cPanel. All working good: I can login to any mailbox using master password - - Removed-

I tried to configure dovecot on server with cPanel. Dovecot configured successfully and I can log in with dovecot master password via telnet:

[[email protected] dovecot]# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
1 login [email protected]/[email protected] unencrypted password
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE NAMESPACE NOTIFY COMPRESS=DEFLATE QUOTA] Logged in

Doveadm auth also working correctly:

[[email protected] dovecot]# doveadm auth test [email protected]/[email protected]
Password:
passdb: [email protected]/[email protected] auth succeeded
extra fields:
 [email protected]
 [email protected]
 [email protected]

But when I trying to login with master password via cPanel's webmail, I can't. I get the error: The login is invalid. See attached image.

I've checked /usr/local/cpanel/logs/login_log and found next records:

[2018-01-14 10:26:33 +0800] info [webmaild] 192.168.60.124 - [email protected] "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN webmaild: user password hash is missing from system (user probably does not exist)

In maillog nothing. So, I have some questions, one answer on it can resolve my issue:

1. How to connect to user's mailbox directly via dovecot without cPanel's user check?
2. How enable in cPanel dovecot master password authentication without using cpanel sessions (WHM API 1 Functions - create_user_session - Software Development Kit - cPanel Documentation) ?
3. How to disable user check?

So, what must I do? Who have any ideas?

 

[cPWilliamL]

Hi @Andriy,

I'm afraid this isn't something you would be able to change, as this webmail is served by cpsrvd, which is compiled in; the changes would need to be made in cPanel's core code. I'd recommend submitting a feature request.

Thanks,

 

[haneef95]

Brilliant! @Andriy, may I know how you enabled master password please?

Basically, we're on a shared hosting and would like to move our emails over to Office 365/Exchange Online. We don't want to change user's passwords, so, I'm hoping to use the Dovecot's Master User/Password feature (or any other suitable solution for that mater) to connect to IMAP for all emails (within a cPanel user), using the same password.

Since, this is a shared hosting, the only access I have are:

1. the cPanel login (not WHM) at server8.hosting.com:2083, using 'my_hosting_username' and 'my_hosting_password'
2. the user directory at '/home/my_hosting_username/'
3. all the emails are stored in '/home/my_hosting_username/mail', so, I'm able to access those folders as well.
4. When I telnet IMAP (server8.hosting.com:143) and login using 'my_hosting_username' and 'my_hosting_password'. I'm able to list all the email folders within that cPanel account. So, that includes [email protected]

So, in my scenario, how can I create a master user that is able to IMAP to any user that are in mydomain.com or within my cPanel user?

P.S: I found another solution (App-specific password), but, like the Master User solution that requires me to edit configuration files that aren't available for me to access.

So, that leads me onto another idea. Can cPanel users have their own dovecot configuration files?

Thanks,

 

[cPanelMichael]

Hello @haneef95

It's not possible to modify the Dovecot configuration without root access to the system.

One potential workaround would be to take the following steps:

1. Make a backup of the shadow file associated with the domain name located at /home/username/etc/domain.tld/shadow. EX:

cp -a /home/username/etc/domain.tld/shadow /home/username/etc/domain.tld/shadow-backup

2. Change the passwords for all email accounts that you need access to via the "Email Accounts" option in cPanel.

3. Perform whichever actions you need to perform in order to transfer the email data to another application.

4. Once the data is moved over, move the previous shadow file back into place and removed the cached password data. EX:

mv /home/username/etc/domain.tld/shadow /home/username/etc/domain.tld/shadow-no-longer-needed
mv /home/username/etc/domain.tld/shadow-backup /home/username/etc/domain.tld/shadow
rm /home/username/etc/domain.tld/@pwcache/*

This way, you have temporary access to authenticate to the email accounts for mail transfer purposes, and the original email passwords are restored after you've completed the transfer.

Thank you.