All passwords rejected 4.2.2-B199 - no authenticatn possible

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
cveillon
Normal user
Normal user
Posts: 88
Joined: 2006-01-31 23:56
Location: Roy, UT USA

All passwords rejected 4.2.2-B199 - no authenticatn possible

Post by cveillon » 2006-08-16 07:12

Running ver 4.2.2-B199 w/ built-in MySQL on localhost.
Server has been running great for over a year, until today. Been running B199 since its release.

It doesn't matter if I try accessing an existing account, or if I create a new account, no users can authenticate to the server. Restarted hMail and hMailmySQL services, and rebooted the server several times. Ports are fine, communication seems fine. The logs simply shows:

"POP3D" 2828 "2006-08-15 22:58:05.203" "166.70.107.164" "SENT: +OK POP3"
"POP3D" 2828 "2006-08-15 22:58:05.281" "166.70.107.164" "RECEIVED: USER chuck@stjosephutah.com"
"POP3D" 2828 "2006-08-15 22:58:05.281" "166.70.107.164" "SENT: +OK Send your password"
"POP3D" 2828 "2006-08-15 22:58:05.359" "166.70.107.164" "RECEIVED: PASS [replaced for security reasons]"
"POP3D" 2828 "2006-08-15 22:58:05.375" "166.70.107.164" "SENT: -ERR Invalid user name or password."

All users who authenticate get this error.

I’ve tried changing the password several times, making absolutely sure. I’ve also repaired the database using MySQL-front several times. I’ve tried turning off and on “allow plain text authentication,” changing the password and trying again. Nothing seems to work. :x

Is there anyway to decrypt the password in the tables so that I can verify the encryption process? I’ve tried using DecryptBlowfish.vbs, but it seems to be different. But I’m not sure though. And if it is something wrong with the encryption process, how could I fix it?

HELP!

with best regards,
Chuck
Last edited by cveillon on 2006-08-16 10:35, edited 1 time in total.
hMailServer 4.4.1-B273 Built-in MySQL
3 ea prod mx servers on XP Home, 1 ea on Win2k

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-08-16 08:39

The passwords stored in the database are MD5 hashes.

You can use the following code to check whether a password in the database is correct. Save it in a .vbs file and run it. A messagebox will be shown. Enter your password in this textbox. After that, the MD5 hash should be shown. This MD5 hash should match the password in the hm_accounts table.

Code: Select all

Dim oApp
Set oApp = CreateObject("hMailServer.Application")

dim sInput
sInput = Inputbox("Enter password in clear text", "hMailServer")

dim sOutput
sOutput = oApp.Utilities.MD5(sInput)

MsgBox sOutput

Set oApp = Nothing
Have you tried setting up a new test account and check if password validation works for this account?

cveillon
Normal user
Normal user
Posts: 88
Joined: 2006-01-31 23:56
Location: Roy, UT USA

Post by cveillon » 2006-08-16 10:01

I think this is fixed now. MD5 passwords matched. I'll check with the users when they wake up and go to work in about 7 hours.

Thanks Martin, you're the greatest.

with best regards,
Chuck

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-08-16 10:08

I'm not really sure it's solved. If you have manually set your password during troubleshooting, it could be that your password was updated in the database and then it was possible for you to connect.

Could it be that the password information in the database has become "corrupt" in some way? If you just quickly looked through a bunch of the MD5 hashes, do they appear OK? Of course hard to say, but they should be 32 characters long and they should not all have the same value..

cveillon
Normal user
Normal user
Posts: 88
Joined: 2006-01-31 23:56
Location: Roy, UT USA

Post by cveillon » 2006-08-16 10:16

martin wrote: Could it be that the password information in the database has become "corrupt" in some way?
Yes, that was my first guess.
martin wrote:If you just quickly looked through a bunch of the MD5 hashes, do they appear OK?
Yes, they're all 32 characters in length and I've checked about half of them now and it seems ok now.

It's a mystery! :roll:
hMailServer 4.4.1-B273 Built-in MySQL
3 ea prod mx servers on XP Home, 1 ea on Win2k

User avatar
martin
Developer
Developer
Posts: 6837
Joined: 2003-11-21 01:09
Location: Sweden
Contact:

Post by martin » 2006-08-16 10:23

Does sound a bit strange... I guess you'll see whether it's really solved in 7-8 hours...

Go to bed now. :)

Post Reply