I recently migrated to NS8 and noticed an issue within the Mail Module related to an impersonated login.
I’m unsure about the purpose and cause of the impersonated login from my local node’s VPN IP address.
I’m uncertain whether this is part of the expected configuration or an error in my setup.
Is this related to imapsync?
After the migration, there is an imapsync instance, and I’m unsure of its purpose since the migration has already been completed.
Has anyone experienced this issue after migrating to NS8? Any advice or pointers on how to resolve this would be greatly appreciated!
If the remote IMAP server is a NethServer 7, the IMAP admin user is vmail and its password can be read from /var/lib/nethserver/secrets/vmail . The username with a *vmail suffix (e.g. username@domain.com*vmail ) and the vmail password has to be set in the IMAP synchronization panel.
From the log, the impersonated login from my local node’s VPN IP address:
2025-01-30T19:07:27+07:00 [1:mail1:dovecot] imap-login: Login: user=<firstname_lastname>, method=PLAIN, rip=10.5.4.1, lip=10.5.4.1, mpid=2517, secured, session=<93YLRess5KMKBQQB>
2025-01-30T19:07:27+07:00 [1:mail1:dovecot] imap-postlogin: Error: <5>impersonated login MASTER_USER=vmail USER=firstname_lastname AUTH_USER=vmail IP=10.5.4.1 LOCAL_IP=10.5.4.1
2025-01-30T19:07:27+07:00 [1:mail1:dovecot] imap(firstname_lastname)<2517><93YLRess5KMKBQQB>: Disconnected: Logged out in=91 out=910 deleted=0 expunged=0 trashed=0 hdr_count=0 hdr_bytes=0 body_count=0 body_bytes=0
I’m uncertain whether this is part of the expected configuration or an error in my setup.
I’m uncertain whether this is part of the expected configuration or an error in my setup.
This imapsync configuration was left over from the migration process, and I’m not sure if it’s still needed since the migration has already been completed.
If migration is completed you don’t need it and should be safe to remove it.
Unsure if there are more left overs from migration.
If I recall correctly, the manual has a procedure to clean it…
EDIT:
unless you had pop3 connector and now imapsync tasks:
POP3 connector
The migration involves transferring POP3 Connector settings to NS8 Imapsync module, together with Email application. Configurations of accounts using the IMAP protocol are translated to working Imapsync tasks. For accounts using POP3, it is necessary to review the settings and commence synchronization manually.
I have already stopped imapsync using systemctl stop user@1005.service, but I am still seeing the same impersonation login error message. Do you have any advice on this?
On my previous NS7 setup, I did not configure the POP3 connector. Would it be okay to delete imapsync?
I found the vmail user’s password stored in /etc/dovecot/users by running: runagent -m mail1 podman exec -ti dovecot cat /etc/dovecot/users
Output: vmail:{plain}password::::::
I then attempted authentication for the vmail user: runagent -m mail1 podman exec -ti dovecot doveadm auth test vmail password
Result:
passdb: vmail auth failed
extra fields:
user=vmail
Next, I tested authentication with impersonation (vmail*user1): runagent -m mail1 podman exec -ti dovecot doveadm auth test vmail*user1 password
Result:
passdb: vmail*user1 auth failed
extra fields:
user=user1
Please advise how to reset password of vmail and modify /etc/dovecot/users.
I don’t understand your goal. I see that the log message from imap-postlogin is misleading because it incorrectly includes the “Error” string, e.g.:
This happens because the imap-postlogin script writes that informational message to its stderr descriptor, which is then interpreted as a generic error.
Impersonation is required by Webtop and Imapsync to access a user’s mailbox. These applications need to know vmail’s password, which is obtained during installation through a privileged action.
If you change vmail’s password on the Mail side, you must reconfigure Webtop and Imapsync accordingly. I strongly recommend refraining from changing it.
