CyberPanel on AWS - cannot use RainLoop after snapshot restore - advice?

As the title says, I am hosting a number of critical sites on a CyberPanel install on an AWS ec2.

During the creation of this instance I intended to assign an elastic IP (stable IP) however in doing so it changed the initial IP assigned which broke a number of processes. I have since been able to change the IP in the machineIP file and have re-establish loopback so the REST-API works again.

However since doing this I have not been successful in logging into the RainLoop Admin, and therefore have never set it up.

I have confirmed I have the correct RainLoop admin password (/usr/local/CyberCP/public/rainloop.php)
however everytime I try to log in tells me authentication failed.

What are some things I should be looking at?

the logs show: (IPs x’d out)
Feb 1 22:36:24 localhost dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, TLS handshaking: SSL_accept() failed: error:14201044:SSL routines:tls_choose_sigalg:internal error, session=<RYn0h/zWSO6saBjd>

The rip changes in each log entry and the lip reflects the machine’s private ip I am not sure what the error code represents… any ideas?

OS: Ubuntu 20.04.3 LTS
CyberPanel: 2.1.1
Dovecot: 2.3.7.2
Postfix: 3.4.13

Thank you all

Hello again, this is a bump of this issue
I just set up a whole new instance and I am still receiving the “Authentication failed” error while trying to log into the Rainloop admin account. The password is accurate as displayed in the application.ini.

Could this be a bug?

But AWS instances wont allow sending emails, why you need rainloop?

That’s simply untrue.
Unless, have you’ve disabled rainloop intentionally?

On AWS the ports are disabled by default, but can be enabled upon request.

If you have got your ports opened, thats ok then.

Did you install aws from marketplace or manually?

Ports are open and marketplace

it used to work early last year - since then, even on new instances I cannot enter the admin page.

You should use our installation guide and install the latest version of CyberPanel.

2.1.1 is way old.

Set up a vm and install CyberPanel on it.

Do the upgrade commands not function?
I’ve followed the instructions it appeared to complete correctly but is still at 2.1.1
Is there something not listed in the instructions I should be doing differently?

first:
do yum or aptget update upgrade
second:

sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)

in one line then press enter to use current latest version

Thanks, I had already done this.

What I am seeing at the end after running the command is

Saving to: ‘upgrade.py’                                                                                                 
                                                                                                                        
upgrade.py          100%[===================>]  96.97K  --.-KB/s    in 0.02s                                            
                                                                                                                        
2022-03-04 14:59:52 (5.73 MB/s) - ‘upgrade.py’ saved [99297/99297]  

Am I supposed to run something after this file saves to actually install it?
I do not see this in the instructions.

that is part of the automate upgrading sequence
just wait… until back to # bash

That’s what I would expect but the terminal simply closes afterwards.

well that is something not normal…

cant help you about that…

Updates Installed

CP version now 2.1.2
Rainloop still will not authorize the login. continuing to research

Can you share logs when you try to login?

Sure,

[14:50:46.536][c589d6cb] INFO[DATA]: [DATE:05.03.22][OFFSET:-00][RL:1.16.0][PHP:7.3.33-1+focal][IP:76.235.103.79][PID:17884][LiteSpeed][litespeed]
[14:50:46.536][c589d6cb] INFO[DATA]: [APC:off][MB:on][PDO:mysql,sqlite][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2]
[14:50:46.536][c589d6cb] REQUEST[NOTE]: [GET] https://sld.tld:8090/rainloop/?/Lang/0/Admin/en_US/1c6a6bc68ba5f92d85485ab98a7fc6d4/
[14:50:46.537][c589d6cb] INFO[MEMORY]: Memory peak usage: 2MB
[14:50:46.538][c589d6cb] INFO[TIME]: Time delta: 0.011991024017334

[14:51:41.002][24963d68] INFO[DATA]: [DATE:05.03.22][OFFSET:-00][RL:1.16.0][PHP:7.3.33-1+focal][IP:76.235.103.79][PID:17884][LiteSpeed][litespeed]
[14:51:41.002][24963d68] INFO[DATA]: [APC:off][MB:on][PDO:mysql,sqlite][Streams:tcp,udp,unix,udg,ssl,tls,tlsv1.0,tlsv1.1,tlsv1.2]
[14:51:41.002][24963d68] REQUEST[NOTE]: [POST] https://sld.tld:8090/rainloop/?/Ajax/&q[]=/0/
[14:51:41.003][24963d68] AJAX[NOTE]: Action: DoAdminLogin
[14:51:41.008][24963d68] POST[DATA]: {"Login":"admin","Password":"*******","Action":"AdminLogin","XToken":"1ed3b1f08b7aefbb0a93d72bd1cf55b5"}
[14:51:41.013][24963d68] INFO[NOTICE]: RainLoop\Exceptions\ClientException: AuthError[102] in /usr/local/CyberCP/public/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Actions.php:3915
Stack trace:
#0 /usr/local/CyberCP/public/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/ServiceActions.php(174): RainLoop\Actions->DoAdminLogin()
#1 /usr/local/CyberCP/public/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Service.php(151): RainLoop\ServiceActions->ServiceAjax('')
#2 /usr/local/CyberCP/public/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Service.php(62): RainLoop\Service->localHandle()
#3 /usr/local/CyberCP/public/rainloop/rainloop/v/1.16.0/app/libraries/RainLoop/Service.php(85): RainLoop\Service->__construct()
#4 /usr/local/CyberCP/public/rainloop/rainloop/v/1.16.0/app/handle.php(94): RainLoop\Service::Handle()
#5 /usr/local/CyberCP/public/rainloop/rainloop/v/1.16.0/include.php(243): include('/usr/local/Cybe...')
#6 /usr/local/CyberCP/public/rainloop/index.php(13): include('/usr/local/Cybe...')
#7 {main}
[14:51:41.014][24963d68] AJAX[DATA]: {"Action":"AdminLogin","Result":false,"ErrorCode":102,"ErrorMessage":"","ErrorMessageAdditional":"","Time":22}
[14:51:41.014][24963d68] INFO[MEMORY]: Memory peak usage: 2MB
[14:51:41.014][24963d68] INFO[TIME]: Time delta: 0.022711992263794

My research on the github for RainLoop shows an old solution to a similar issue was to toggle the “Use Short Login” setting however, that’s not an option in the 1.16.0 config.

I found this: Unfortunately this was not a solution.

replacing
deb [arch=amd64] https://repo.dovecot.org/ce-2.3-latest/ubuntu/bionic bionic main
with
deb https://repo.dovecot.org/ce-2.3-latest/ubuntu/focal focal main
since I have ubuntu 20.04.

However, during this update of dovecot it was not clear if I should keep the original config, do a 3 way merge or save the maintainer’s version. Perhaps I performed this update incorrectly. Some clearer instructions would help.

Firstly, do your logs show the "Invalid password in passdb: crypt() failed: Invalid argument” …
If no, then this cannot be the problem to your solution. Btw, I kept the original configs.
I have linked to the original source for my solution try looking in the original post.
Workaround for (some) Problems: Can´t login in Rainloop - General Discussion - CyberPanel Community.

Please follow the solution shared above, also share the dovecot logs not rainloop.

Thanks for clarifying which logs to look for - I wouldn’t have known, as I am not aware if my problem is with Dovecot or Rainloop or what.

Mar 10 15:01:52 localhost postfix/smtpd[57865]: fatal: no SASL authentication mechanisms

Perhaps this is an issue with postfix? How am I supposed to do this?

postfix conf

postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_sender_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter: mua_helo_restrictions
postconf: warning: /etc/postfix/main.cf: undefined parameter: virtual_mailbox_limit_maps
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin ddd $daemon_directory/$process_name $process_id & sleep 5
dovecot_destination_recipient_limit = 1
html_directory = no
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 30720000
milter_default_action = accept
mydestination = localhost, localhost.localdomain
myhostname = localhost
mynetworks = 127.0.0.0/8
newaliases_path = /usr/bin/newaliases.postfix
non_smtpd_milters = $smtpd_milters
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_security_level = may
smtpd_data_restrictions = check_policy_service unix:/var/log/policyServerSocket
smtpd_milters = inet:127.0.0.1:8891
smtpd_policy_service_default_action = DUNNO
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem
smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem
smtpd_use_tls = yes
tls_server_sni_maps = hash:/etc/postfix/vmail_ssl.map
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf
virtual_gid_maps = static:5000
virtual_mailbox_base = /home/vmail
virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_create_maildirsize=yes
postconf: warning: /etc/postfix/main.cf: unused parameter: virtual_maildir_extended=yes

You can use CyberPanel cloud to reset your email settings, 98% of the times issue get resolved with that.

I see you post that for just about every problem people have with your system.
It looks like you have these forums just to funnel people to your paid solution.

How do I fix this?

Good Point

actually i was thinking about this. but since i have no problem(yet) i dont want to say this…

You do know that Email Debugger is free to use? Its been free to use for a long time now, you can request its access via our helpdesk.

What do I gain for helping you use the email debugger for free ?

You have a great system and rightfully you should be proud of that.
But, it seems like you get a lot of requests for help. And it must become very stressful trying to solve all these issues for people.
What value does a knowledgeable end user and more autonomy of your user base provide to you?

Research into successful business models suggest if you organize and display solutions the end user can leverage to solve their own problems you gain a more knowledgeable user base, greater respect from the community that uses your software which they display by becoming ambassadors of your work. Free advertising that leads to greater leverage to pull users away from cPanel, NGINX and Apache systems giving you a larger market share. Free advertisement by a community that values you as a person, developer and coach has far reaching value. Losing that has a damaging impact on your health, the success of your work and possibly your career.

I’m very sorry for being a bother, these requests must take up a lot of your time and really irritate you. Have you considered dropping rainloop support for snappymail?

It seems it is a fork of Rainloop with mobile compatibility. I will look into this, but not sure if there are any other changes.

Also most of the issues happen due to dovecot which actually do stuff in backend, Rainloop is just the client.

I can log into an email account, but I cannot log into the admin.
I have logging enabled on dovecot and rainloop.
What telling signs am I looking for that will help me know I’m on the right path to solving this?

Since Snappymail is a fork of Rainloop it appears to be a good replacement. It looks like Rainloop has several unaddressed security flaws and various issues with its usability. No doubt you are dealing with headaches caused by this aging software. Snappymail is under current development and has updated security and usability. Thanks for checking into it!