Problem after update to 1.8.7

cannot log to any email after updating to 1.8.7 it’s telling me Authentication failed

Try to install dovecot on your server. This will fix the issue

it installing it automaticly no?

Maybe it not installed, you can check and make sure.

Run this command “journalctl -f | grep dovecot” and show me the output

ok no problem ill do it

its working because i have restore my server to 1.8.5 but when i do this with 1.8.7 or 1.8.6 its not working like it give output but it’s sayign that i cannot login.

[root@chamanweb ~]# journalctl -f | grep dovecot
Jul 16 21:49:22 chamanweb.ca dovecot[18131]: imap-login: Login: user=mmarquette@mad-max.ca, method=PLAIN, rip=::1, lip=::1, mpid=22414, TLS, session=<U/hRrNGNmrsAAAAAAAAAAAAAAAAAAAAB>
Jul 16 21:49:22 chamanweb.ca dovecot[18131]: imap(mmarquette@mad-max.ca): Logged out in=11 out=424
Jul 16 21:49:23 chamanweb.ca dovecot[18131]: imap-login: Login: user=mmarquette@mad-max.ca, method=PLAIN, rip=::1, lip=::1, mpid=22416, TLS, session=
Jul 16 21:49:23 chamanweb.ca dovecot[18131]: imap(mmarquette@mad-max.ca): Logged out in=80 out=1417
Jul 16 21:49:24 chamanweb.ca dovecot[18131]: imap-login: Login: user=mmarquette@mad-max.ca, method=PLAIN, rip=::1, lip=::1, mpid=22418, TLS, session=<l/5urNGNnrsAAAAAAAAAAAAAAAAAAAAB>
Jul 16 21:49:24 chamanweb.ca dovecot[18131]: imap(mmarquette@mad-max.ca): Logged out in=624 out=37964
Jul 16 21:49:24 chamanweb.ca dovecot[18131]: imap-login: Login: user=mmarquette@mad-max.ca, method=PLAIN, rip=::1, lip=::1, mpid=22420, TLS, session=<8MpyrNGNoLsAAAAAAAAAAAAAAAAAAAAB>
Jul 16 21:49:24 chamanweb.ca dovecot[18131]: imap(mmarquette@mad-max.ca): Logged out in=380 out=1462
Jul 16 21:49:29 chamanweb.ca dovecot[18131]: imap-login: Login: user=mmarquette@mad-max.ca, method=PLAIN, rip=::1, lip=::1, mpid=22422, TLS, session=
Jul 16 21:49:29 chamanweb.ca dovecot[18131]: imap(mmarquette@mad-max.ca): Logged out in=28 out=815
Jul 16 21:49:34 chamanweb.ca dovecot[18131]: imap-login: Login: user=mmarquette@mad-max.ca, method=PLAIN, rip=::1, lip=::1, mpid=22424, TLS, session=
Jul 16 21:49:34 chamanweb.ca dovecot[18131]: imap(mmarquette@mad-max.ca): Logged out in=521 out=60349
Jul 16 21:49:35 chamanweb.ca dovecot[18131]: imap-login: Login: user=mmarquette@mad-max.ca, method=PLAIN, rip=::1, lip=::1, mpid=22426, TLS, session=
Jul 16 21:49:35 chamanweb.ca dovecot[18131]: imap(mmarquette@mad-max.ca): Logged out in=521 out=55332

I had the same problem with the error of authorization in version 1.8.7. In my case, I had to change passwords to e-mails in the panel. Because checksums of the md5 passwords didn’t match .

https://< Server IP Address>:8090/email/changeEmailAccountPassword

The problem is because the script changed them to MD5 in 1.8.6 and now they are converted to CRYPT in 1.8.7. Since MD5 is a hash and not a pure password, there is no way to recover the original passwords. This is a major mistake on CyberPanel’s part. I just updated to 1.8.7 since it said was an urgent update when, in reality, it introduced email issues for me again. There is also a new issue. I cannot make new email accounts even with CyberPanel. The system error is: Cannot create email account. Error message: ‘passwordByPass’

the changing password thingy work

but i’m having this problem also
Cannot create email account. Error message: ‘passwordByPass’

Not able to create backup also.

I also cannot change passwords using this: https://panel.mydomainname.com/email/changeEmailAccountPassword.

I am trying to enter the password: *********$

When I try to enter it, I get the following error:
Cannot delete email account. Error message: Data supplied is not accepted.

It appears $ do not work in changing passwords with your current implementation. Please fix!

Did you guys clear your browser cache to fix passwordByPass issue? You have cached java script files.

WORKING.

but not able to delete ftp account

and not able to log on a specific domain

plombier-laval24h
login: plombierl
pass: vm5410el

Jul 17 14:11:32 chamanweb pure-ftpd: (?@96.127.204.186) [INFO] TLS: Enabled TLSv1/SSLv3 with ECDHE-RSA-AES128-GCM-SHA256, 128 secret bits cipher
Jul 17 14:11:39 chamanweb pure-ftpd: (?@96.127.204.186) [WARNING] Authentication failed for user [plombierl]
Jul 17 14:11:47 chamanweb pure-ftpd: (?@96.127.204.186) [WARNING] Authentication failed for user [plombierl]
Jul 17 14:11:47 chamanweb pure-ftpd: (?@96.127.204.186) [INFO] Logout.

Did you guys clear your browser cache to fix passwordByPass issue? You have cached java script files.

Yes. Running with a cleared browser cache, I still get the error “Cannot delete email account. Error message: Data supplied is not accepted.”. It is because “$” is not accepted as a valid character in the password changing mechanism. It is not that I cannot change passwords. I cannot use “$” in my passwords anymore, which I stated earlier:

I also cannot change passwords using this: https://panel.mydomainname.com/email/changeEmailAccountPassword.

I am trying to enter the password: *********$

When I try to enter it, I get the following error:
Cannot delete email account. Error message: Data supplied is not accepted.

It appears $ do not work in changing passwords with your current implementation. Please fix!

I have the problem that I can not login to my mail-accounts, even when I change the passwords and I don’t use “$” in my passwords

@mmarquette

The logged in user owns the website for which you are trying to delete the FTP account?

@Hifihedgehog

Can not delete or create, you mentioned Cannot delete email account. I am aware of that password change issue, I will take care.

@moneke I believe you have similar problem → https://forums.cyberpanel.net/discussion/comment/5012/#Comment_5012

You can go through @Hifihedgehog posts, he explained well.

@Hifihedgehog

Can not delete or create, you mentioned Cannot delete email account. I am aware of that password change issue, I will take care.

For some reason, the error message when changing passwords, when I attempt to use the “$” character, says this:

Cannot delete email account. Error message: Data supplied is not accepted.

My best guess is that it is probably an error message you intended for the delete email account section, and that you may have mistakenly placed that error message under the password change section as well. I don’t have any issues deleting emails.

@Hifihedgehog

Ok thank you. Will soon allow those characters in change password.

no im logging as admin, so it should not do anything wrong,
and im also not able to login with this account.

@Hifihedgehog

Ok thank you. Will soon allow those characters in change password.

Awesome! And thank you for your tremendous help over these last fast and furious few weeks.

By the way, I am trying to update my tutorial for adding the password changing plugin in Rainloop. I tried using this code but it doesn’t quite work. Could you take a look when you get a chance?

UPDATE :table SET password = ENCRYPT(:newpass) WHERE emailOwner_id = :domain AND email = :email AND password = ENCRYPT(:oldpass)

the bug is resolve for the account i was not able to login but still not able to delete account Cannot delete account. Error message: You are not authorized to access this resource.

the bug is resolve for the account i was not able to login but still not able to delete account Cannot delete account. Error message: You are not authorized to access this resource.

How did you resolve the bug that you can’t login to your mail accounts? This would help me too I guess

I have the same issue, how can I solve the Rainloop can´t login

and dovecot is not working

Guys every i click menu always shown this error

{“errorMessage”: “Session reuse detected, IPAddress logged.”, “error_message”: “Session reuse detected, IPAddress logged.”}

any idea?

https://< Server IP Address>:8090/email/changeEmailAccountPassword

i just did that.

after upgrading just change all the email password to a newpassword and that it it work here without problem.

https://< Server IP Address>:8090/email/changeEmailAccountPassword

i just did that.

after upgrading just change all the email password to a newpassword and that it it work here without problem.

I have changed the Email password several times and is not working, I make a clean installation

then i don’t know me it have work

@CyberPanel said:
@moneke I believe you have similar problem → https://forums.cyberpanel.net/discussion/comment/5012/#Comment_5012

You can go through @Hifihedgehog posts, he explained well.

Thanks for your answer! I followed exactly the mentioned steps, but it didn’t worked

> @CyberPanel said:
> @moneke I believe you have similar problem -> https://forums.cyberpanel.net/discussion/comment/5012/#Comment_5012
>
> You can go through @Hifihedgehog posts, he explained well.

Thanks for your answer! I followed exactly the mentioned steps, but it didn’t worked

Did you upgrade from 1.8.5 or prior to 1.8.6. and from 1.8.6 to 1.8.7? If so, what happened was this. Originally, CyberPanel used to store email passwords in unencrypted, plain text format. With 1.8.6, old passwords were supposed to be migrated to CRYPT but due to an oversight, they were migrated with MD5 whereas any new accounts were properly created with CRYPT. With 1.8.7, if you had already migrated with 1.8.6, those MD5 were converted to CRYPT but since MD5 is already encrypted, the double encryption rendered all passwords unreadable since the system expects just one level of encryption.

As a result, as you might expect, all my email passwords are trashed. Fortunately for me, though, I do have an automatic inter-day incremental backup of my entire server which includes my MariaDB SQL database tables that goes back 30 days. As such, I have asked CyberPanel support to reapply the original passwords from that backup for the email users table (e_users) that I have restored from a recent backup. So the bottom line is, unless you have a backup of your old passwords like I do, you will have to reset them.

> @CyberPanel said:
> @moneke I believe you have similar problem -> https://forums.cyberpanel.net/discussion/comment/5012/#Comment_5012
>
> You can go through @Hifihedgehog posts, he explained well.

Thanks for your answer! I followed exactly the mentioned steps, but it didn’t worked

Did you upgrade from 1.8.5 or prior to 1.8.6. and from 1.8.6 to 1.8.7? If so, what happened was this. Originally, CyberPanel used to store email passwords in unencrypted, plain text format. With 1.8.6, old passwords were supposed to be migrated to CRYPT but due to an oversight, they were migrated with MD5 whereas any new accounts were properly created with CRYPT. With 1.8.7, if you had already migrated with 1.8.6, those MD5 were converted to CRYPT but since MD5 is already encrypted, the double encryption rendered all passwords unreadable since the system expects just one level of encryption.

As a result, as you might expect, all my email passwords are trashed. Fortunately for me, though, I do have an automatic inter-day incremental backup of my entire server which includes my MariaDB SQL database tables that goes back 30 days. As such, I have asked CyberPanel support to reapply the original passwords from that backup for the email users table (e_users) that I have restored from a recent backup. So the bottom line is, unless you have a backup of your old passwords like I do, you will have to reset them.

Thanks for answering!

I don’t care if I have to reset my passwords. The problem is, that even after following your instructions from the link, that I can’t access my mails when changing the account passwords and that I don’t know how to solve the problem without detailed instructions. I am running Version 1.8.7 currently.

Thanks for answering!

I don’t care if I have to reset my passwords. The problem is, that even after following your instructions from the link, that I can’t access my mails when changing the account passwords and that I don’t know how to solve the problem without detailed instructions. I am running Version 1.8.7 currently.

The issue is potentially the passwords got double encrypted, first in 1.8.6 with MD5 and then in 1.8.7 with CRYPT. That was a migration bug that CyberPanel introduced with these releases. You can only have one level of encryption at a time since Dovecot doesn’t know how to deal with multiple levels of encryption. And so if you happened to upgrade to 1.8.6 and then 1.8.7, your passwords are quite possibly trashed (you cannot reverse MD5 hashing), in which case you would need to reset them. After resetting them, though, you should be able to then access your emails.

I understand. But how do I really reset them, when just changing the password doesn’t have any effect?

I understand. But how do I really reset them, when just changing the password doesn't have any effect?

You should be able to change your passwords. The only reasons that I have encountered for not being able to reset passwords after this update are either (1) you did not clear your browser cache or (2) you are trying to use the ‘$’ character in a password (this is a bug). If you make sure to have cleared your browser’s cache for all time and you have also refrained from using the ‘$’ character in your passwords, the password changing page should work.

I understand. But how do I really reset them, when just changing the password doesn't have any effect?

You should be able to change your passwords. The only reasons that I have encountered for not being able to reset passwords after this update are either (1) you did not clear your browser cache or (2) you are trying to use the ‘$’ character in a password (this is a bug). If you make sure to have cleared your browser’s cache for all time and you have also refrained from using the ‘$’ character in your passwords, the password changing page should work.

Cache is cleared (tried with several browsers) and I don’t use “$”

@moneke

For change password avoid these characters `` $ & ( ) [ ] { } ; : ‘ < >`

However it should be fixed later.