• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Plesk's authentication driver for dovecot is trying to write to the email accounts password file

J

John Calvert

New Pleskian
Server operating system version
AlmaLinux 8.10
Plesk version and microupdate number
Plesk Obsidian 18.0.67 #3
Hello,

Can anyone tell me why the Plesk authentication driver for dovecot is trying to write repeatedly to the email accounts password file at /var/lib/plesk/mail/auth/passwd.db? This is happening 1-3 times per minute.

This shows the default configured driver, which is Plesk...
% doveconf -n | sed -n '/passdb/,/}/p'
passdb {
driver = plesk
}
Click to expand...

The write is being denied by SELinux, causing denials to be added to /var/log/audit/audit.log, and then the SETroubleshootd process runs and logs these denials in /var/log/messages. This is happening over and over indefinitely.

All email accounts appear to be fully operational.

thanks,
JC
 
Most likely the behavior results from SELinux preventing the normal operation of the processes. Could you please temporarily set it to permissive mode and confirm if you still observe the same?
 
As soon as SELinux is put in permissive mode, dovecot, via Plesk authentication driver, will open the passwd.db file for write access, and possibly write to the file. And we don't know why it would do that. Why would dovecot need to write to that file? We can't rule out at this point that there is malicious code somehow involved. Further, since this is the Plesk authentication driver, why is it even trying to write to /var/lib/plesk/mail/auth/passwd.db? It should only be using the Plesk database. Is it simply trying to check if the passwd.db file exists? If so, it doesn't need write access to do that.

Can Plesk tech support tell us why the Plesk authentication driver for dovecot is attempting to write to the passwd.db file? I mean, before it's allowed to do that we need to understand why it's doing that. Can they look at the source code?

One interesting point is that there doesn't seem to be any issue with normal operation of the email accounts due to this write access being blocked by SELinux. That fact is more indicative of something non-standard going on. It's suspicious.

I'm mystified by this whole thing, because why would default operation of the Plesk authentication driver do this? Again, the fact that SELinux blocks it from doing this is concerning. The implication is that it shouldn't be doing this; i.e. SELinux is taking the correct action.
 
In my opinion, this is highly unusual... the Plesk authentication driver, called by dovecot, is attempting to write to the wrong database, over and over continuously, 1-3 times per minute. That's kinda crazy.
 
Hello, John. This behavior could from password change, validating credentials, etc. This is a normal behavior and SELinux should allow the action. The issue you are experiencing is very likely due to misconfiguration. If you would like the issue to be checked by a technician, I would suggest opening a ticket with Plesk support for an investigation of the issue on your server. To sign-in to support and open a ticket go to:

https://support.plesk.com

If you got your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative to get support directly from Plesk:

https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk
 
Hello,

Sebahat.hadzhi said:
Hello, John. This behavior could from password change, validating credentials, etc.
Click to expand...
Dovecot would not be attempting a password change, so that's not it. To validate a password, dovecot should not need to open the file for write access.

Sebahat.hadzhi said:
This is a normal behavior and SELinux should allow the action.
Click to expand...
You don't know that. The valid questions I posted above need to be answered.

Sebahat.hadzhi said:
The issue you are experiencing is very likely due to misconfiguration.
Click to expand...
If there is a configuration that governs whether the Plesk authentication driver uses the Plesk database to store the email account credentials, or uses the passwd.db file, then sure that's a possibility. I don't think there is such a configuration. AFAIK the driver is using the Plesk database.

SELinux is blocking the driver trying to open the passwd.db file, because it's not supposed to be using that file. It's supposed to use the Plesk database.

My server provider has opened a ticket with Plesk tech support. We are waiting to hear back.
 
  • Like
Reactions: mow
You must log in or register to reply here.

Similar threads

J
Issue SELinux blocking dovecot from writing to passwd.db
Replies
0
Views
319
John Calvert
J
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
mapodec
Resolved Emails sent from Plesk accounts are not delivering only to Google Workspace
Replies
2
Views
615
mapodec
mapodec
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
852
EnriqueR
EnriqueR
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
Back
Top