Hello,
I have activated the SOGO webmail/caldav/carddav service on mailcow (instance fully updated and running fine since years). SOGO is 5.8.0 (@sogo-build.alinto.int 202303022257).
I notice 403 HTTP errors when I try to login. Relevant logs from docker compose:
mailcowdockerized-nginx-mailcow-1 "POST /SOGo/so/passwordRecoveryEnabled HTTP/1.1" 403
mailcowdockerized-nginx-mailcow-1 "GET /sogo-auth HTTP/1.0" 200
mailcowdockerized-sogo-mailcow-1 sogod [68]: SOGoRootPage Login from '<internal_ip_addr>' for user 'user@domain.tld' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0
mailcowdockerized-nginx-mailcow-1 "POST /SOGo/connect HTTP/1.1" 403
mailcowdockerized-sogo-mailcow-1 "POST /SOGo/connect HTTP/1.0" 403
The SOGO /connect
endpoint returns the error {"LDAPPasswordPolicyError":65535}
which I also searched for but it’s a generic error I can’t get a context for.
Even when typing something in the SOGO login form triggers a POST (??) that fails with a 403:
example payload sent = {"userName":"qqq","domain":null}
reply: "POST /SOGo/so/passwordRecoveryEnabled HTTP/2.0" 403
I’ve tried putting SOGO in debug mode, uncommenting all these in data/conf/sogo/sogo.conf
:
//SOGoDebugRequests = YES;
//SoDebugBaseURL = YES;
//ImapDebugEnabled = YES;
//SOGoEASDebugEnabled = YES;
//LDAPDebugEnabled = YES;
//PGDebugEnabled = YES;
//MySQL4DebugEnabled = YES;
//SOGoUIxDebugEnabled = YES;
WOLogFile = "/dev/sogo_log";
then destroyed the SOGO volumes:
docker volume rm mailcowdockerized_sogo-userdata-backup-vol-1
docker volume rm mailcowdockerized_sogo-web-vol-1
then restarted docker-compose and went into the container but found no log file or more info. Where are the SOGO logs inside the container?
I have manually applied this small patch #5107, just in case.
I am using an external nginx to reverse proxy the traffic to the internal SOGO docker (on 127.0.0.1:8080). Is something else is needed on the nginx side?
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream mailcow {
server 127.0.0.1:8080 fail_timeout=0;
keepalive 16;
}
location / {
proxy_http_version 1.1;
proxy_pass http://mailcow;
proxy_redirect off;
proxy_ignore_client_abort on;
proxy_redirect off;
}
This issue has a few similar reports on github (#121) and on this forum but nothing pointing to a specific error.
I’m sure it’s a misconfiguration on my end but I need a starting point to debug the issue.
thanks for any suggestion