Fix “Unknown user or password incorrect” for email addresses under ISPConfig

If you are trying to login using either webmail or an email client to your ISPConfig server and all you get is “Unknown user or password incorrect” then it might be an issue with your auth daemon. Check /var/log/mail.log for a line similar to this:

authdaemond: modules="(none)", daemons=0

If you got it then the fix is quite simple. Just add the following lines to /etc/courier/authdaemonrc:

authmodulelist="authmysql"
daemons=5
authdaemonvar=/var/run/courier/authdaemon

Now restart courier auth daemon:

service courier-authdaemon restart

You should see something similar to this in you mail logs now:

authdaemond: stopping authdaemond children
authdaemond: modules="authmysql", daemons=5
authdaemond: Installing libauthmysql
authdaemond: Installation complete: authmysql

Enable passive mode for Pure-ftpd on AWS

One of the issues you encounter when installing FTP servers on AWS is that you need to user Active mode to transfer files, while traditionally FTP clients tend to use Passive mode (PASV). This is caused by the fact that each instance has an external IP that you get access to and another internal IP, which is used by the FTP server. When the client requests PASV mode, the server replies with the internal IP, which of course is non-routable(is that the correct word?).

Fixing this is quite easy, it involves a little bit of editing Security Groups from AWS Console and adding a couple of lines.

First of all you will need to determine what port range you can use for PASV mode, so execute this command:

cat /proc/sys/net/ipv4/ip_local_port_range

You must choose a range that’s *not* in the interval returned by the command. I will use 10000 – 10100.
Now you will need to find out your external IP. Either request an Elastic IP and attach it to the instance or ping your “Public DNS”(available in the AWS Console, when you select the instance). Write it down somewhere.

Now open the required ports from your “Security Groups”, by adding the following rules:

Custom TCP Rule Ports 20-21
Custom TCP Rule Ports 10000-10100

Don’t forget to “Apply Rule Changes”!!!
Depending on your pure-ftpd installation you may have your FTP server configuration either in /etc/pure-fptd.conf or in /etc/pure-ftpd/conf/*. If you have your configuration in a single file (/etc/pure-ftpd.conf) then you will need to add these 2 lines:

PassivePortRange 10000 10100
ForcePassiveIP YOUR_EXTERNAL_IP_HERE

If you have your configuration in /etc/pure-ftpd/conf/* simply create two files, named after the options you want to change and insert the values into them:

echo "10000 10100" > /etc/pure-ftpd/conf/PassivePortRange
echo "YOUR_EXTERNAL_IP_HERE" > /etc/pure-ftpd/conf/ForcePassiveIP

Obviously you will need to replace YOUR_EXTERNAL_IP_HERE with your real external IP.

Now restart your FTP server and check that you see something similar to “-P YOUR_EXTERNAL_IP -p 10000:10100” in the parameter list. If everything went ok, congratulations!

service pure-ftpd-mysql restart