IMAP Error: Login failed - Roundcube

Question

I'm trying to login to Roundcube only the program won't let me.

I can login to the said account from the shell and mail is setup and working correctly on my server for user 'admin'. It's RC that is the problem. If I check my logs:

/usr/local/www/roundcube/logs/errors

they show:

[21-Sep-2013 17:19:02 +0100]: IMAP Error: Login failed for admin from ip.ip.ip.ip. Could not connect to ip.ip.ip.ip:143: 
Connection refused in /usr/local/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 184 
(POST /roundcube/?_task=login&_action=login)

which doesn't give me many clues really, just leads me to:

public function connect($host, $user, $pass, $port=143, $use_ssl=null) {}

from

rcube_imap.php

Stuff I've tried, editing:

/usr/local/www/roundcube/config/main.inc.php

with:

// IMAP AUTH type (DIGEST-MD5, CRAM-MD5, LOGIN, PLAIN or null to use
// best server supported one)
//$rcmail_config['imap_auth_type'] = LOGIN; 
$rcmail_config['imap_auth_type'] = null;

// Log IMAP conversation to <log_dir>/imap or to syslog
$rcmail_config['imap_debug'] = /var/log/imap;

With a failed login attempt

/var/log/imap

doesn't even get written to, leaving me no clues. I'm using dovecot and Sendmail on a FreeBSD box with full root access. It's not an incorrect username password combination for sure.

Several Googles on the string 'Roundcube: Connection to storage server failed' are fruitless.

EDIT:

I needed an entry in

/etc/rc.conf

dovecot_enable="YES"

Schoolboy error.

Answer 1

I had the same problem with a letsencrypt certificate and resolve it by disabling peer authentication:

$config['imap_conn_options'] = array(
    'ssl' => array('verify_peer' => true, 'verfify_peer_name' => false),
    'tls' => array('verify_peer' => true, 'verfify_peer_name' => false),
);

Afterwards you can set the connection string like this (starttls):

$config['default_host'] = 'tls://your-host.tld';
$config['default_port'] = '143';
$config['smtp_server'] = 'tls://your-host.tld';
$config['smtp_port'] = '25';

Or like this (ssl approach):

$config['default_host'] = 'ssl://your-host.tld';
$config['default_port'] = '993';
$config['smtp_server'] = 'ssl://your-host.tld';
$config['smtp_port'] = '587';

Make sure you use the fully qualified hostname of the certificate in the connection string (like your-host.tld) and not an internal hostname (like localhost).

Hope that helps someone else.

Answer 2

Change the maildir to whatever your system uses.

Change Dovecot mail_location setting to

mail_location = maildir:~/Mail

Change Postfix home_mailbox setting to

home_mailbox = Mail/

Restart services and away you go
Taken from this fedoraforum post

Answer 3

If you run fail2ban, then dovecot might get banned following failed Roundcube login attempts. This has happened to me twice already...

First, check if this is indeed the case:

sudo fail2ban-client status dovecot

If you get an output similar to this:

Status for the jail: dovecot
|- Filter
|  |- Currently failed: 1
|  |- Total failed: 8
|  `- File list:    /var/log/mail.log
`- Actions
   |- Currently banned: 1
   |- Total banned: 2
   `- Banned IP list:   X.X.X.X

i.e. the Currently banned number is higher than 0, then fail2ban was a bit overeager and you have to "unban" dovecot.

Run the fail2ban client in interactive mode:

sudo fail2ban-client -i

and at the fail2ban> prompt enter the following:

set dovecot unbanip X.X.X.X

where X.X.X.X is the IP address of your Dovecot server.

Exit from the interactive client and run sudo fail2ban-client status dovecot again. The Currently banned: field now should have a value of 0. What's more important, RoundCube should work again :-)