Unencrypted IMAP Server Password Error

Use this forum if you want to discuss a problem or ask a question related to a hMailServer beta release.
Post Reply
CDX
New user
New user
Posts: 5
Joined: 2020-04-16 19:49

Unencrypted IMAP Server Password Error

Post by CDX » 2020-04-16 20:20

Hey everyone.

I am currently using hMailServer to run as the mail server for a cyber defence exercise in a course I'm taking.
One of the requirements for the course is to support unencrypted IMAP connections.

I'm attempting to connect to the unencrypted IMAP server through my configured account on Thunderbird, but I continue getting a wrong password error.
I was previously using a STARTTLS (Optional) encrypted connection with an SSL certificate for both my SMTP and IMAP servers and everything worked correctly (i.e. I could send/receive secure email between machines using my domain).

Would anyone be able to explain why I continue to receive this password error message?
I know for a fact the password is correct considering I used the exact same password with the encrypted IMAP connection and was able to establish secure email communications.

I've included attachments to display my current mail configuration.

Thunderbird Security Settings:
Connection Security: None
Authentication Method: Password, transmitted insecurely

hMailServer TCP/IP Port IMAP Configuration:
Protocol: IMAP
TCP/IP Address: (My machine's IP)
TCP/IP Port: 143
Connection Security: None

Looking into the log files, unfortunately, did not show anything useful regarding this error.

Thanks for the help.
Attachments
thunderbird.jpg
Thunderbird Email Account IMAP Settings
IMAP.jpg
hMailServer IMAP configuration
hMailServer Settings.jpg
hMailServer Settings

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Unencrypted IMAP Server Password Error

Post by Dravion » 2020-04-16 21:02

Username is: your_hmailserver_emailaddress@yourdomain.com

TB shows up Password dialog until any params are correctly setup.

Try telnetting your hMailServer ports and take a look in hMailServer log files.

CDX
New user
New user
Posts: 5
Joined: 2020-04-16 19:49

Re: Unencrypted IMAP Server Password Error

Post by CDX » 2020-04-16 21:35

Thanks for the prompt reply, Dravion.

Could you clarify what you meant for the username? I attempted to set my username to "your_hmailserver_mail@rmc.bluenet", as well as "hmailserver_mail@rmc.bluenet" and just "mail@rmc.bluenet" but I still received the same Wrong Password error message. I was a little confused as to whether you were referencing the actual name of my hMailServer account, or of something else.

I had also used telnet to view the hMailServer ports, and received the results shown in the attachments, so I believe there's nothing wrong there.
I also know for sure that the hMailServer was properly configured as I am able to successfully log in to my IMAP server whenever I set the connection security back to STARTTLS (optional).

Overlooking the resulting IMAP, TCP/IP, Application, and Debug log files did not show anything pertaining to me attempting to log in.

Would you consider that there might be a problem with the database? Perhaps because it was initially configured to run with IMAP encryption?
Attachments
telnetIMAP.PNG
Telnet IMAP (telnet 192.168.0.46 143)
telnetIMAP.PNG (1.73 KiB) Viewed 3166 times
telnet.PNG
Telnet SMTP (telnet 192.168.0.46 25)
telnet.PNG (1.64 KiB) Viewed 3166 times

User avatar
Dravion
Senior user
Senior user
Posts: 1688
Joined: 2015-09-26 11:50
Location: Germany
Contact:

Re: Unencrypted IMAP Server Password Error

Post by Dravion » 2020-04-16 22:11

You need to enable the Debug settings in hMailAdmin to get detailed logs.

If you don't use a DNS-Server, you need to append your ip address instead of your DNS-Domain name after the user account @.

Like this: joe@192.168.1.1

CDX
New user
New user
Posts: 5
Joined: 2020-04-16 19:49

Re: Unencrypted IMAP Server Password Error

Post by CDX » 2020-04-16 22:58

Thanks again for your reply, Dravion.

I managed to resolve what the issue was:
  1. Under the IP Ranges, I had selected that the traffic on my selected IP range required SSL/TLS for authentication
  2. After unselecting this feature, I was able to successfully login through to my IMAP server and send/receive emails as I had before (although now with an unencrypted IMAP connection)
  3. Changing the username of my accounts did not affect anything. I was able to leave them as they had been automatically filled out (e.g. joe@domain.net would have a username of joe)

Thanks again for the help!
It's much appreciated.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Unencrypted IMAP Server Password Error

Post by mattg » 2020-04-17 03:06

CDX wrote:
2020-04-16 22:58
Thanks again for your reply, Dravion.

I managed to resolve what the issue was:
  1. Under the IP Ranges, I had selected that the traffic on my selected IP range required SSL/TLS for authentication
  2. After unselecting this feature, I was able to successfully login through to my IMAP server and send/receive emails as I had before (although now with an unencrypted IMAP connection)
  3. Changing the username of my accounts did not affect anything. I was able to leave them as they had been automatically filled out (e.g. joe@domain.net would have a username of joe)

Thanks again for the help!
It's much appreciated.
#1 then you changed the defaults
#3 Then you have set a default domain, this is not recommended

#2 what do you hope is achieved by securing connections?
Have you installed a certificate?
Is your certificate an issued certificate from a reputable supplier, or is this a self signed certificate?

Run this and post the results please
viewtopic.php?f=20&t=30914
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

CDX
New user
New user
Posts: 5
Joined: 2020-04-16 19:49

Re: Unencrypted IMAP Server Password Error

Post by CDX » 2020-04-17 04:06

In regards to your concerns, mattg:

For the course which I am taking, we are required to create our own domain and establish secure protocols for the various services to operate in a cyber operations environment.
My tasking for this exercise is to create the mail server, while connecting to our team's DNS services which resolve my ip for smtp and imap protocols.

#1 Yes I changed the defaults to not allow SSL/TLS authentication as my orders demand that I go about using unencrypted IMAP connections.
#2 To be clear I do not hope to secure IMAP connections, I'm already using end-to-end encryption with a certificate from my teammate who's tasked as the ICA.
#3 As per our directives, using the one domain for our exercise suits my needs and I'm sticking to them since they work.

I ran the settings diagnostic report you provided, results are below:

Code: Select all

2020-04-16   Hmailserver: 5.6.8-B2494

DOMAINS

   "Domain1.com" - rmx.blxxxxx                    Enabled: True

SIGNATURE         LIMITS                       DKIM               ADVANCED
  Enabled: False   Max size:                0   Enabled: False   
                   Max message size:     5000                      Plus addressing: False
                   Max size of accounts: 1000                    
                                                                   Greylisting:     False
-----------------------------------------------------------------------------------------------

GLOBAL RULES
-----------------------------------------------------------------------------------------------

IP RANGES

IP: 127.0.0.1 - 127.0.0.1     Priority: 15     Name: My computer

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:  False
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External - False           


IP: 10.0.0.0 - 192.168.255.255     Priority: 10     Name: Traffic

  Allow connections                         Other
     SMTP:   True                              Antispam :  False
     POP3:  False                              Antivirus:  False
     IMAP:   True                              SSL/TLS:    False

  Allow Deliveries from                     Require Authentication from
     Local To Local       -  True              Local To Local       -  True
     Local To External    -  True              Local To External    -  True
     External To Local    -  True              External To Local    -  True
     External To External - False           


   !!  Warning:  DEFAULT DOMAIN is SET  !! - "Domain1.com"
------------------------------------------------------
AUTOBANNED Local Addresses:
    No entries

-----------------------------------------------------------------------------------------------

AUTOBAN
  Autoban Enabled: False

No problems were found in the IP range configuration.
-----------------------------------------------------------------------------------------------

INCOMING RELAYS
   No entries
-----------------------------------------------------------------------------------------------

MIRRORING         Disabled
-----------------------------------------------------------------------------------------------

PROTOCOLS

SMTP
GENERAL             DELIVERY                  RFC COMPLIANCE            ADVANCED
No. Connections:  0  No Retries:  4 Mins:  1   Plain Text:         True  Bind: 192.168.0.46
                     Host: EXTERNAL.TLD        Empty sender:       True  Batch recipients:   100
Max Msg Size: 20480  Relay:-                   Incorrect endings:  True  Use STARTTLS:      True
                     (none entered)            Disc. on invalid:  False  Delivered-To hdr: False
                                                                         Loop limit:           5
                                                                         Recipient hosts:     15
  Routes:
     No routes defined.

POP3
 !! Service Not Enabled !!

IMAP
 GENERAL                   PUBLIC FOLDERS                    ADVANCED
  No. Connections:   0      Public folder name: #Public       IMAP sort:  True
                                                              IMAP Quota: True
                                                              IMAP Idle:  True
                                                              IMAP ACL:   True
                                                              Delim: "."
-----------------------------------------------------------------------------------------------

ANTISPAM

GENERAL                              SPAM TESTS              Score   SPAMASSASSIN
  Spam Mark:                  5       Use SPF:           False        Use Spamassassin:   False
  Add X-HmailServer-Spam:    False    Check HELO host:   False    
  Add X-HmailServer-Reason:  False    Check MX records:  False    
  Add X-HmailServer-Subject: False    Verify DKIM:       False    

  Spam delete threshold: 20         Maximum message size: 1024

DNSBL ENTRIES:
   No 'enabled' entries

SURBL ENTRIES:
   No 'enabled' entries

GREYLISTING:
  Greylisting:  False

WHITELISTING
   No entries
-----------------------------------------------------------------------------------------------

ANTIVIRUS:  No application configured.

  Block Attachments: False
-----------------------------------------------------------------------------------------------

SSL CERTIFICATES
   imap.Domain1.com
       Certificate: C:\Users\Administrator\Documents\SSL\imap.Domain1.com.cert.pem
       Private key: C:\Users\Administrator\Documents\SSL\private\imap.Domain1.com.key.pem
   smtp.Domain1.com
       Certificate: C:\Users\Administrator\Documents\SSL\smtp.Domain1.com.cert.pem
       Private key: C:\Users\Administrator\Documents\SSL\private\smtp.Domain1.com.key.pem
-----------------------------------------------------------------------------------------------

SSL/TLS
             TLS 1.0 :   True
             TLS 1.1 :   True
             TLS 1.2 :   True
             TLS 1.3 :   True                Verify Remote SSL/TLS Certs:   True
SslCipherList  :

ECDHE-RSA-AES128-GCM-SHA256     - ECDHE-ECDSA-AES128-GCM-SHA256   - ECDHE-RSA-AES256-GCM-SHA384     
ECDHE-ECDSA-AES256-GCM-SHA384   - DHE-RSA-AES128-GCM-SHA256       - DHE-DSS-AES128-GCM-SHA256       
kEDH+AESGCM                     - ECDHE-RSA-AES128-SHA256         - ECDHE-ECDSA-AES128-SHA256       
ECDHE-RSA-AES128-SHA            - ECDHE-ECDSA-AES128-SHA          - ECDHE-RSA-AES256-SHA384         
ECDHE-ECDSA-AES256-SHA384       - ECDHE-RSA-AES256-SHA            - ECDHE-ECDSA-AES256-SHA          
DHE-RSA-AES128-SHA256           - DHE-RSA-AES128-SHA              - DHE-DSS-AES128-SHA256           
DHE-RSA-AES256-SHA256           - DHE-DSS-AES256-SHA              - DHE-RSA-AES256-SHA              
AES128-GCM-SHA256               - AES256-GCM-SHA384               - ECDHE-RSA-RC4-SHA               
ECDHE-ECDSA-RC4-SHA             - AES128                          - AES256                          
RC4-SHA                         - HIGH                            - !aNULL                          
!eNULL                          - !EXPORT                         - !DES                            
!3DES                           - !MD5                            - !PSK;                           
-----------------------------------------------------------------------------------------------

TCPIP PORTS                                         Connection Sec
               192.168.0.46    / 25    / SMTP   -   StartTLS Optional   Cert: smtp.Domain1.com
               192.168.0.46    / 143   / IMAP   -   None                
-----------------------------------------------------------------------------------------------

LOGGING      Logging Enabled: True

  Paths:-
    Current:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_2020-04-16.log
    Error:    C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-04-16.log - !! ERRORS PRESENT !!
    Event:    C:\Program Files (x86)\hMailServer\Logs\hmailserver_events.log - Not present
    Awstats:  C:\Program Files (x86)\hMailServer\Logs\hmailserver_awstats.log
                        APPLICATION -    True
                        SMTP        -    True
                        POP3        -      .
                        IMAP        -    True
                        TCPIP       -    True
                        DEBUG       -    True
                        AWSTATS     -    True
-----------------------------------------------------------------------------------------------

SYSTEM TESTS

Database type: MySQL

IPv6 support is available in operating system.

Backup directory C:\Users\Administrator\Documents\MailServer Backup is writable.

Relative message paths are stored in the database for all messages.

-----------------------------------------------------------------------------------------------

HMAILSERVER.INI

[Directories]
Program folder:  C:\Program Files (x86)\hMailServer\
Database folder: 
Data folder:     C:\Program Files (x86)\hMailServer\Data
Log folder:      C:\Program Files (x86)\hMailServer\Logs
Temp folder:     C:\Program Files (x86)\hMailServer\Temp
Event folder:    C:\Program Files (x86)\hMailServer\Events

[Database]
Type=              MYSQL
Username=          MailDB
PasswordEncryption=1
Port=              3306
Server=            localhost
Internal=          0
-----------------------------------------------------------------------------------------------

Generated by HMSSettingsDiagnostics v1.99, Hmailserver Forum.

Thanks again.

User avatar
mattg
Moderator
Moderator
Posts: 21106
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Unencrypted IMAP Server Password Error

Post by mattg » 2020-04-17 05:25

#1
You missed my point

If you had to turn SSL/TLS off in IP ranges, then you had ALREADY changed form the default which doesn't have that selected. There is no point in setting that until you have a SSL certificate installed in Hmailsevrer

Why have you changed the internet IP range
(that IP grouping doesn't make sense)

On IP ranges page there is a 'default' button. please press it


#2

Code: Select all

TCPIP PORTS 
192.168.0.46    / 143   / IMAP   -   None      
You have a certificate installed, but it isn't set to the IMAP port. This should be set to StartTLS Required




#3 a default domain being set is likely to you more incoming spam
If this is a live server connected to the internet, you should consider removing that

Your diagnostics show errors
Can you please show the contents of your
C:\Program Files (x86)\hMailServer\Logs\ERROR_hmailserver_2020-04-16.log
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

CDX
New user
New user
Posts: 5
Joined: 2020-04-16 19:49

Re: Unencrypted IMAP Server Password Error

Post by CDX » 2020-04-17 22:10

1. I think you overlooked the fact that I already had an SSL certificate installed on hMailServer. The reason I unselected it was due to my original problem in this forum thread, regarding the continuous incorrect IMAP password errors I was receiving.

I set the IP ranges back to default, the reason as to why I had originally selected that IP range is because I only wanted to accept connections from the IP ranges set within our simulation environment.

2. After realizing that I no longer needed a certificate for my IMAP connections, I went on to delete the IMAP SSL certificate which was originally imported onto hMailServer.... so no I will not select STARTTLS (Required) because, as I mentioned before, I am required to support unencrypted IMAP connections for my simulation environment.

3. Another requirement for my email server, as laid out in my computer engineering course's simulation environment administration instructions, is that I am not allowed to use spam filtering of any kind. Also considering this is simply a simulation environment that is not connected to the outside world, I'm honestly not too worried about receiving spam.

Below are the contents of the error log:

Code: Select all

"ERROR"	2688	"2020-04-16 12:06:17.564"	"Severity: 3 (Medium), Code: HM4403, Source: Message::GetHeader, Description: Could not read the message header, since the file was not available. File: C:\Program Files (x86)\hMailServer\Data\rmc.bluenet\rubberneck\2F\{2F87CC3A-FCFF-48C8-9E00-5F1CC3AF3B7E}.eml"
"ERROR"	2884	"2020-04-16 13:37:07.843"	"Severity: 2 (High), Code: HM4208, Source: ExceptionHandler::Run, Description: An error occured while executing 'Task-BackupTask', Error code: 2, Message: boost::filesystem::copy_file: The system cannot find the file specified: "C:\Program Files (x86)\hMailServer\Data\{0088DEDB-60B3-4341-93F7-76A8DB6A1420}.eml", "C:\Users\Administrator\Documents\MailServer Backup\DataBackup\{0088DEDB-60B3-4341-93F7-76A8DB6A1420}.eml""
"ERROR"	2884	"2020-04-16 13:37:08.421"	"Severity: 1 (Critical), Code: HM5519, Source: StackLogger::Log, Description: An error has been detected. A mini dump has been written to C:\Program Files (x86)\hMailServer\Logs\minidump_2020-04-16 133707_{4B4BF1C7-3553-456B-AB3F-A644609118DB}.dmp"
Would you be able to explain what exactly the "mini dumps" are? I have a few of these now but they just seem to be binary text files.

Post Reply