• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue Plesk's authentication driver for dovecot is trying to write to the email accounts password file

J

John Calvert

New Pleskian
Server operating system version
AlmaLinux 8.10
Plesk version and microupdate number
Plesk Obsidian 18.0.67 #3
Hello,

Can anyone tell me why the Plesk authentication driver for dovecot is trying to write repeatedly to the email accounts password file at /var/lib/plesk/mail/auth/passwd.db? This is happening 1-3 times per minute.

This shows the default configured driver, which is Plesk...
% doveconf -n | sed -n '/passdb/,/}/p'
passdb {
driver = plesk
}
Click to expand...

The write is being denied by SELinux, causing denials to be added to /var/log/audit/audit.log, and then the SETroubleshootd process runs and logs these denials in /var/log/messages. This is happening over and over indefinitely.

All email accounts appear to be fully operational.

thanks,
JC
 
Most likely the behavior results from SELinux preventing the normal operation of the processes. Could you please temporarily set it to permissive mode and confirm if you still observe the same?
 
As soon as SELinux is put in permissive mode, dovecot, via Plesk authentication driver, will open the passwd.db file for write access, and possibly write to the file. And we don't know why it would do that. Why would dovecot need to write to that file? We can't rule out at this point that there is malicious code somehow involved. Further, since this is the Plesk authentication driver, why is it even trying to write to /var/lib/plesk/mail/auth/passwd.db? It should only be using the Plesk database. Is it simply trying to check if the passwd.db file exists? If so, it doesn't need write access to do that.

Can Plesk tech support tell us why the Plesk authentication driver for dovecot is attempting to write to the passwd.db file? I mean, before it's allowed to do that we need to understand why it's doing that. Can they look at the source code?

One interesting point is that there doesn't seem to be any issue with normal operation of the email accounts due to this write access being blocked by SELinux. That fact is more indicative of something non-standard going on. It's suspicious.

I'm mystified by this whole thing, because why would default operation of the Plesk authentication driver do this? Again, the fact that SELinux blocks it from doing this is concerning. The implication is that it shouldn't be doing this; i.e. SELinux is taking the correct action.
 
In my opinion, this is highly unusual... the Plesk authentication driver, called by dovecot, is attempting to write to the wrong database, over and over continuously, 1-3 times per minute. That's kinda crazy.
 
Hello, John. This behavior could from password change, validating credentials, etc. This is a normal behavior and SELinux should allow the action. The issue you are experiencing is very likely due to misconfiguration. If you would like the issue to be checked by a technician, I would suggest opening a ticket with Plesk support for an investigation of the issue on your server. To sign-in to support and open a ticket go to:

https://support.plesk.com

If you got your license from a reseller, your reseller should provide support for you. If the reseller does not provide support, here is an alternative to get support directly from Plesk:

https://support.plesk.com/hc/en-us/articles/12388090147095-How-to-get-support-directly-from-Plesk
 
Hello,

Sebahat.hadzhi said:
Hello, John. This behavior could from password change, validating credentials, etc.
Click to expand...
Dovecot would not be attempting a password change, so that's not it. To validate a password, dovecot should not need to open the file for write access.

Sebahat.hadzhi said:
This is a normal behavior and SELinux should allow the action.
Click to expand...
You don't know that. The valid questions I posted above need to be answered.

Sebahat.hadzhi said:
The issue you are experiencing is very likely due to misconfiguration.
Click to expand...
If there is a configuration that governs whether the Plesk authentication driver uses the Plesk database to store the email account credentials, or uses the passwd.db file, then sure that's a possibility. I don't think there is such a configuration. AFAIK the driver is using the Plesk database.

SELinux is blocking the driver trying to open the passwd.db file, because it's not supposed to be using that file. It's supposed to use the Plesk database.

My server provider has opened a ticket with Plesk tech support. We are waiting to hear back.
 
  • Like
Reactions: mow
You must log in or register to reply here.

Similar threads

J
Issue SELinux blocking dovecot from writing to passwd.db
Replies
0
Views
219
John Calvert
J
S
Resolved Dovecot Broken After Latest Update
Replies
4
Views
2K
scpcomp
S
mapodec
Resolved Emails sent from Plesk accounts are not delivering only to Google Workspace
Replies
2
Views
443
mapodec
mapodec
EnriqueR
Question Incoming mail is stored in Junk folder
Replies
6
Views
632
EnriqueR
EnriqueR
K
Issue Dovecot backup/sync to second server fails - Error: auth-master: userdb lookup
Replies
0
Views
2K
kassi
K
Back
Top