After an upgrade of ISPconfig to the latest version, I told ISPConfig to “reconfigure” services. Roundcube started these entries in the /usr/share/roundcubemail/logs/imap.log:
[19-Dec-2021 23:26:53 +0000]: <21grgvah> [A61A] S: A0001 NO [UNAVAILABLE] Temporary authentication failure. [mail.domain.com:2021-12-19 23:26:53]
At first I thought this was a user password problem, but confirmed the user’s password was accurate. After quite a lot of debug, I found that it wasn’t a Roundcube login issue (I had properly upgraded that software), it was a dovecot issue. Roundcube authenticates against the dovecot imap server, the communication between roundcube and dovecot was working. It was dovecot that was broken when communicating to the SQL database (found in /var/log/maillog).
ISPConfig updates apparently are not writing dovecot-sql.conf files properly for dovecot. Some password characters that are acceptable by MySQL cause errors in dovecot’s attempts to read the sql configuration file. You need to encapsulate the login credentials in double quotes for the authentication to operate correctly. Unfortunately ISPConfig has been removing the quotes with every upgrade. UGH!
This is my blog entry to remember to correct this on mail servers configured like this.
Example fix in
Original ISPConfig3 Dovecot Config:
driver = mysql
connect = host=localhost dbname=dbispconfig user=ispconfiguser password=RandomPasswordWithSpecialChars port=3306
Modified Code to make Dovecot happy and properly authenticate to the database:
driver = mysql
connect = "host=localhost dbname=dbispconfig user=ispconfiguser password=RandomPasswordWithSpecialChars port=3306"
I don’t know which character is specifically breaking the connect line, I suspect it might be either # or * but I’m not sure which and haven’t tested it thoroughly. Hope this helps anyone else with this authentication problem.