Authentication failed only on host1 issue
cuenta0gow opened this issue · comments
Hi, I'm doing a migration of several accounts from CPanel - Roundcube (as host1) to Plesk - Roundcube (as host 2).
All the accounts are being migrated perfectly but one. The problematic account contains a slash character "/" in its password. The password is the same for host1 and host2, but login only fails in host1, when host2 tries to login it works.
I already tried to manually run the imapsync command with the following, but none of this made it work:
- passw/ord
- 'passw/ord'
- "passw/ord"
- '"passw/ord"'
- passw/ord (backslash as an escape character)
- 'passw/ord'
- "passw/ord"
- '"passw/ord"'
I know the easy solution is to change the password, but for some reason customers go crazy if you change their passwords, so I would like to know please whats the best way to allow passwords with special characters and find out what is wrong here or what I'm missing. I always used single quotes in passwords which contain special characters and that worked until now.
I attach an imapsync run with debug mode on: (I tried to anonymize sensitive data, hope you can understand it)
There you may see the success login on [IPaddress_2] (or host2) and the error login on [IPaddress_1] (or host1)
[root@name domain.com]# imapsync --dry --host1 IPaddress_1 --user1 account@domain.com --password1 'passw/ord' --host2 IPaddress_2 --user2 account@domain.com --password2 'passw/ord' --tls1 --tls2 --debugimap1 --debugimap2
Here is imapsync 2.268 on host anon_hostname, a linux system with 2.6/3.7 free GiB of RAM, 13.67% used by processes.
with Perl 5.16.3 and Mail::IMAPClient 3.43
Transfer started at jueves 11 abril 2024-04-11 10:10:48 +0200 CEST
PID is 17662 my PPID is 14331
Log file is LOG_imapsync/2024_04_11_10_10_48_678_account@domain.com_account@domain.com.txt ( to change it, use --logfile path ; or use --nolog to turn off logging )
Load is 0.00 0.01 0.05 2/236 on 4 cores
Real user id is root (uid 0)
Effective user id is root (euid 0)
$RCSfile: imapsync,v $ $Revision: 2.268 $ $Date: 2023/10/27 11:55:30 $
Command line used, run by /usr/bin/perl:
/usr/bin/imapsync --dry --host1 IPaddress_1 --user1 account@domain.com --password1 MASKED --host2 IPaddress_2 --user2 account@domain.com --password2 MASKED --tls1 --tls2 --debugimap1 --debugimap2
Current directory is /root/imapsync/domain.com
Temp directory is /root/tmp ( to change it use --tmpdir dirpath )
Creating temp directory /root/tmp
kill -QUIT 17662 # special behavior: call to sub catch_exit
kill -TERM 17662 # special behavior: call to sub catch_exit
kill -INT 17662 # special behavior: call to sub catch_reconnect
kill -HUP 17662 # special behavior: call to sub catch_print
kill -USR1 17662 # special behavior: call to sub toggle_sleep
File /root/tmp/imapsync.pid does not exist
PID file is /root/tmp/imapsync.pid ( to change it, use --pidfile filepath ; to avoid it use --pidfile "" )
Writing my PID 17662 in /root/tmp/imapsync.pid
Writing also my logfile name in /root/tmp/imapsync.pid : LOG_imapsync/2024_04_11_10_10_48_678_account@domain.com_account@domain.com.txt
Modules version list ( use --no-modulesversion to turn off printing this Perl modules list ):
Authen::NTLM 1.09
CGI Not installed
Compress::Zlib 2.061
Crypt::OpenSSL::RSA 0.28
Data::Uniqid 0.12
Digest::HMAC_MD5 1.01
Digest::HMAC_SHA1 1.03
Digest::MD5 2.52
Digest::SHA 5.85
Encode 2.51
Encode::IMAPUTF7 1.05
File::Copy::Recursive 0.38
File::Spec 3.40
Getopt::Long 2.4
HTML::Entities 3.69
IO::Socket 1.34
IO::Socket::INET 1.33
IO::Socket::INET6 2.69
IO::Socket::IP 0.21
IO::Socket::SSL 2.081
IO::Tee 0.64
JSON 2.59
JSON::WebToken 0.10
LWP 6.05
MIME::Base64 3.13
Mail::IMAPClient 3.43
Net::Ping 2.38
Net::SSLeay 1.55
Term::ReadKey 2.30
Test::MockObject 1.20120301
Time::HiRes 1.9725
Unicode::String 2.10
Info: will resync flags for already transferred messages. Use --noresyncflags to not resync flags.
SSL debug mode level is --debugssl 1 (can be set from 0 meaning no debug to 4 meaning max debug)
Info: turned ON syncinternaldates, will set the internal dates (arrival dates) on host2 same as host1.
Host1: will try to use LOGIN authentication on host1
Host2: will try to use LOGIN authentication on host2
Host1: imap connection timeout is 120 seconds
Host2: imap connection timeout is 120 seconds
Host1: imap connection keepalive is on on host1. Use --nokeepalive1 to disable it.
Host2: imap connection keepalive is on on host2. Use --nokeepalive2 to disable it.
Host1: IMAP server [IPaddress_1] port [143] user [account@domain.com]
Host2: IMAP server [IPaddress_2] port [143] user [account@domain.com]
Host1: connecting and login on host1 [IPaddress_1] port [143] with user [account@domain.com]
Connecting with IO::Socket::IP PeerAddr IPaddress_1 PeerPort 143 Proto tcp Timeout 120 Debug 1
Connected to IPaddress_1
Read: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
Host1 IP address: IPaddress_1 Local IP address: local_IP
Host1 banner: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
Sending: 1 CAPABILITY
Sent 14 bytes
Read: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN
1 OK Pre-login capabilities listed, post-login capabilities have more.
Host1 capability before authentication: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH
Sending: 2 STARTTLS
Sent 12 bytes
Read: 2 OK Begin TLS negotiation now.
Host1: Socket successfully converted to SSL
Sending: 3 CAPABILITY
Sent 14 bytes
Read: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE LITERAL+ AUTH=PLAIN AUTH=LOGIN
Read: 3 OK Pre-login capabilities listed, post-login capabilities have more.
Host1: IPaddress_1 says it has CAPABILITY for AUTHENTICATE LOGIN
Sending: 4 LOGIN account@domain.com [Redact: Count=4 Showcredentials=OFF]
Sent 56 bytes
Read: 4 NO [AUTHENTICATIONFAILED] Authentication failed.
ERROR: 4 NO [AUTHENTICATIONFAILED] Authentication failed. at /usr/local/share/perl5/Mail/IMAPClient.pm line 1388.
Mail::IMAPClient::__ANON__('4 NO [AUTHENTICATIONFAILED] Authentication failed.\x{d}\x{a}') called at /usr/local/share/perl5/Mail/IMAPClient.pm line 1424
Mail::IMAPClient::_get_response('Mail::IMAPClient=HASH(0x3de8c30)', 4, undef) called at /usr/local/share/perl5/Mail/IMAPClient.pm line 1350
Mail::IMAPClient::_imap_command_do('Mail::IMAPClient=HASH(0x3de8c30)', 'LOGIN account@domain.com passw/ord') called at /usr/local/share/perl5/Mail/IMAPClient.pm line 1248
Mail::IMAPClient::_imap_command('Mail::IMAPClient=HASH(0x3de8c30)', 'LOGIN account@domain.com passw/ord') called at /usr/local/share/perl5/Mail/IMAPClient.pm line 601
Mail::IMAPClient::login('Mail::IMAPClient=HASH(0x3de8c30)') called at /usr/bin/imapsync line 9187
main::authenticate_imap('Mail::IMAPClient=HASH(0x3de8c30)', IPaddress_1, 143, 'account@domain.com', 'passw/ord', undef, 1, 1, 100, ...) called at /usr/bin/imapsync line 9064
main::login_imap(IPaddress_1, 143, 'account@domain.com', 'passw/ord', undef, 1, 1, 100, 'HASH(0x1d08a68)', ...) called at /usr/bin/imapsync line 2085
main::single_sync('HASH(0x25b35f8)', 'HASH(0x1d08a68)', 'HASH(0x25b3610)') called at /usr/bin/imapsync line 1374
ERROR: 4 NO [AUTHENTICATIONFAILED] Authentication failed. at /usr/local/share/perl5/Mail/IMAPClient.pm line 1298.
Mail::IMAPClient::_imap_command('Mail::IMAPClient=HASH(0x3de8c30)', 'LOGIN account@domain.com passw/ord') called at /usr/local/share/perl5/Mail/IMAPClient.pm line 601
Mail::IMAPClient::login('Mail::IMAPClient=HASH(0x3de8c30)') called at /usr/bin/imapsync line 9187
main::authenticate_imap('Mail::IMAPClient=HASH(0x3de8c30)', IPaddress_1, 143, 'account@domain.com', 'passw/ord', undef, 1, 1, 100, ...) called at /usr/bin/imapsync line 9064
main::login_imap(IPaddress_1, 143, 'account@domain.com', 'passw/ord', undef, 1, 1, 100, 'HASH(0x1d08a68)', ...) called at /usr/bin/imapsync line 2085
main::single_sync('HASH(0x25b35f8)', 'HASH(0x1d08a68)', 'HASH(0x25b3610)') called at /usr/bin/imapsync line 1374
Host1 info: authmech [LOGIN] user [account@domain.com] authuser [] IsUnconnected []
Host1 failure: Error login on [IPaddress_1] with user [account@domain.com] auth [LOGIN]: 4 NO [AUTHENTICATIONFAILED] Authentication failed.
Host1: failed login on [IPaddress_1] with user [account@domain.com] auth [LOGIN]
Host2: connecting and login on host2 [IPaddress_2] port [143] with user [account@domain.com]
Connecting with IO::Socket::IP PeerAddr IPaddress_2 PeerPort 143 Proto tcp Timeout 120 Debug 1
Connected to IPaddress_2
Read: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
Host2 IP address: IPaddress_2 Local IP address: local_IP
Host2 banner: * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5] Dovecot ready.
Sending: 1 CAPABILITY
Sent 14 bytes
Read: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5
1 OK Pre-login capabilities listed, post-login capabilities have more.
Host2 capability before authentication: IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH
Sending: 2 STARTTLS
Sent 12 bytes
Read: 2 OK Begin TLS negotiation now.
Host2: Socket successfully converted to SSL
Sending: 3 CAPABILITY
Sent 14 bytes
Read: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN AUTH=LOGIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5
Read: 3 OK Pre-login capabilities listed, post-login capabilities have more.
Host2: IPaddress_2 says it has CAPABILITY for AUTHENTICATE LOGIN
Sending: 4 LOGIN account@domain.com [Redact: Count=4 Showcredentials=OFF]
Sent 56 bytes
Read: * CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE QUOTA
4 OK Logged in
Host2: success login on [IPaddress_2] with user [account@domain.com] auth [LOGIN] or [LOGIN]
Host2 Buffer I/O: 4096
++++ Listing 1 errors encountered during the sync ( avoid this listing with --noerrorsdump ).
Err 1/1: Host1 failure: Error login on [IPaddress_1] with user [account@domain.com] auth [LOGIN]: 4 NO [AUTHENTICATIONFAILED] Authentication failed.
The most frequent error is ERR_AUTHENTICATION_FAILURE_USER1. Check the credentials for account@domain.com.
Exiting with return value 161 (EXIT_AUTHENTICATION_FAILURE_USER1) 1/50 nb_errors/max_errors PID 17662
Removing pidfile /root/tmp/imapsync.pid
Disconnecting from host2 IPaddress_2 user2 account@domain.com
Sending: 5 LOGOUT
Sent 10 bytes
Read: * BYE Logging out
5 OK Logout completed (0.001 + 0.000 secs).
Log file is LOG_imapsync/2024_04_11_10_10_48_678_account@domain.com_account@domain.com.txt ( to change it, use --logfile filepath ; or use --nolog to turn off logging )
What does the log of the mail service say during the login attempt?
What happens when you reverse the sync with --justlogin
?
Does the failure occur on --user1
or --user2
?
What happens when you reverse the sync with
--justlogin
? Does the failure occur on--user1
or--user2
?
I just tried with --justlogin
and login worked for both...
I can see these messages in the output:
`Host1: success login on [IPaddress1] with user [account@domain.com] auth [LOGIN] or [LOGIN]
Host2: success login on [IPaddress2] with user [account@domain.com] auth [LOGIN] or [LOGIN]
Host1: state Authenticated
Host2: state Authenticated`
I don't know what changed, I'm confused.
What does the log of the mail service say during the login attempt?
Sorry, I don't have access to mail service log on host1 server because is not my server, only have access to host2 server and that's the one where login worked.