Cannot login as Admin

phil1125

Hi everyone,

I have been running Mailcow for the past 6 months without any issues, but since updating to the latest version I have a weird issue: I cannot login as admin into the GUI.

The really weird thing:

All other (Sogo) accounts work without any issues
I can login to the admin panel just as usual from one device (my phone) without any issues, but from no other device. I first suspected some sort of IP-Address issue, but I can connect from my phone independent of using my WiFi (like all other devices) or cellular.

I was logged into the admin panel on my phone while updating Mailcow, so I did not even have to login after restarting Mailcow. This is the only difference I see from all the other devices, as these ones were not logged in. However, I can also log out and in again on my phone no problem.

I so far have tried the following steps:

Restarting Mailcow / rebooting the entire machine
Created an additional admin account, to try out logging in with an additional set of credentials
Resetting the admin account credentials via the helper script

After each of these the outcome remains the same, I can log in through my phone without issues (including the new credentials generated in step 2 and 3) but whenver I log in from other devices I only get the message „login failed“.

I even restored a backup of my mail server, to a pre-update version, no issues there, but as soon as I update Mailcow I get the same issue.

I also researched here in the community and the web, but no issues I found here matched my case. Anyone have an idea what could be the reason, and how to fix this?

Many thanks in advance!

DocFraggle

phil1125 I even restored a backup of my mail server, to a pre-update version, no issues there

And the previous working version was 2025-01? Or did you update from an older version to 2025-01a?

DocFraggle

Did you have a look at the relevant container logs while logging in with the other devices?

phil1125

Hi DocFraggle, thanks for your message.

I have had a look into the nginx logs and the php-fpm logs.

nginx log looks as follows
nginx-mailcow-1 | 172.22.1.3 - - [19/Feb/2025:15:10:52 +0100] "GET / HTTP/1.1" 200 15 "-" "check_http/v (nagios-plugins 2.4.5)" nginx-mailcow-1 | 172.22.1.4 - - [19/Feb/2025:15:10:59 +0100] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.10.2" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:11:11 +0100] "POST /admin/ HTTP/2.0" 200 13058 "https://mail.domain.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:11:11 +0100] "GET /api/v1/get/passwordpolicy/html HTTP/2.0" 200 20 "https://mail.domain.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" nginx-mailcow-1 | 172.22.1.250 - - [19/Feb/2025:15:11:13 +0100] "POST / HTTP/1.1" 200 27 "-" "LuaSocket 3.0.0" nginx-mailcow-1 | 172.22.1.250 - - [19/Feb/2025:15:11:13 +0100] "POST / HTTP/1.1" 200 27 "-" "LuaSocket 3.0.0" nginx-mailcow-1 | 172.22.1.250 - - [19/Feb/2025:15:11:13 +0100] "POST / HTTP/1.1" 200 27 "-" "LuaSocket 3.0.0" nginx-mailcow-1 | 172.22.1.250 - - [19/Feb/2025:15:11:13 +0100] "POST / HTTP/1.1" 200 27 "-" "LuaSocket 3.0.0" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:11:14 +0100] "POST /admin/ HTTP/2.0" 302 0 "https://mail.domain.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:11:14 +0100] "GET /admin/dashboard HTTP/2.0" 200 28770 "https://mail.domain.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:11:14 +0100] "GET /api/v1/get/passwordpolicy/html HTTP/2.0" 200 172 "https://mail.domain.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:11:16 +0100] "GET /api/v1/get/status/host HTTP/2.0" 200 156 "https://mail.domain.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:11:21 +0100] "GET /api/v1/get/status/host HTTP/2.0" 200 157 "https://mail.domain.tld/" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1" nginx-mailcow-1 | 172.22.1.3 - - [19/Feb/2025:15:11:36 +0100] "GET / HTTP/1.1" 200 15 "-" "check_http/v (nagios-plugins 2.4.5)" nginx-mailcow-1 | 172.22.1.4 - - [19/Feb/2025:15:11:41 +0100] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.10.2" nginx-mailcow-1 | fd4d:6169:6c63:6f77::4 - - [19/Feb/2025:15:11:44 +0100] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "rspamd-3.10.2" nginx-mailcow-1 | fd4d:6169:6c63:6f77::4 - - [19/Feb/2025:15:11:44 +0100] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "rspamd-3.10.2" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:12:08 +0100] "POST / HTTP/2.0" 200 10877 "https://mail.domain.tld/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:12:09 +0100] "GET /api/v1/get/passwordpolicy/html HTTP/2.0" 200 20 "https://mail.domain.tld/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:12:10 +0100] "POST / HTTP/2.0" 200 10912 "https://mail.domain.tld/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:12:11 +0100] "GET /api/v1/get/passwordpolicy/html HTTP/2.0" 200 20 "https://mail.domain.tld/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15" nginx-mailcow-1 | myIPV4.myIPV4.myIPV4.myIPV4 - - [19/Feb/2025:15:12:15 +0100] "POST / HTTP/2.0" 200 10910 "https://mail.domain.tld/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15" nginx-mailcow-1 | 172.22.1.3 - - [19/Feb/2025:15:12:18 +0100] "GET / HTTP/1.1" 200 15 "-" "check_http/v (nagios-plugins 2.4.5)" nginx-mailcow-1 | 172.22.1.4 - - [19/Feb/2025:15:12:22 +0100] "HEAD /forwardinghosts.php HTTP/1.1" 200 0 "-" "rspamd-3.10.2" nginx-mailcow-1 | 172.22.1.4 - - [19/Feb/2025:15:12:22 +0100] "GET /forwardinghosts.php HTTP/1.1" 200 27 "-" "rspamd-3.10.2"

The logs which register an iPhone as devices are successful logins via my phone, the ones with the reference to macOS are in fact my unsuccessful attempts via my iPad. I have tried other systems (Windows 10 via Chrome) but also no log-in possible.

Further, here my PHP-FPM logs for a failed login:
php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:02 +0100 "POST /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:03 +0100 "GET /settings.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:03 +0100 "GET /admin/system.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:03 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:03 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:03 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:13 +0100 "POST /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:13 +0100 "GET /settings.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:13 +0100 "GET /admin/system.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:13 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:13 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:13 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:20 +0100 "GET /index.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:21 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | [19-Feb-2025 17:17:23] WARNING: [pool web-worker] child 56 said into stderr: "NOTICE: PHP message: mailcow UI: Invalid password for admin by myIPV4.myIPV4.myIPV4.myIPV4" php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:23 +0100 "POST /index.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:25 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:34 +0100 "HEAD /settings.php" 304 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:17:39 +0100 "HEAD /forwardinghosts.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:39 +0100 "GET /forwardinghosts.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:17:53 +0100 "GET /forwardinghosts.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:11 +0100 "HEAD /forwardinghosts.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:11 +0100 "GET /forwardinghosts.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:21 +0100 "HEAD /settings.php" 304 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:35 +0100 "GET /forwardinghosts.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:42 +0100 "HEAD /forwardinghosts.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:42 +0100 "GET /forwardinghosts.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:46 +0100 "POST /index.php" 302 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:46 +0100 "GET /admin/index.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:46 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:52 +0100 "POST /admin/index.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:52 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:55 +0100 "POST /admin/index.php" 302 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:55 +0100 "GET /admin/dashboard.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:18:55 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:55 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:18:59 +0100 "HEAD /settings.php" 304 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:19:02 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:19:07 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:19:12 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:19:17 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:19:22 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:19:25 +0100 "HEAD /forwardinghosts.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:19:25 +0100 "GET /forwardinghosts.php" 200 php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:19:27 +0100 "GET /json_api.php" 200 php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:19:36 +0100 "HEAD /settings.php" 304 php-fpm-mailcow-1 | [19-Feb-2025 17:19:41] WARNING: [pool system-worker] child 46 said into stderr: "NOTICE: PHP message: MAILCOWAUTH: Login failed for user user@domain.tld" php-fpm-mailcow-1 | fd4d:6169:6c63:6f77::f - 19/Feb/2025:17:19:41 +0100 "POST /mailcowauth.php" 401 php-fpm-mailcow-1 | [19-Feb-2025 17:19:41] WARNING: [pool system-worker] child 47 said into stderr: "NOTICE: PHP message: MAILCOWAUTH: Login failed for user user@domain.tld" php-fpm-mailcow-1 | 172.22.1.12 - 19/Feb/2025:17:19:41 +0100 "POST /mailcowauth.php" 401

In case of anyone wondering, I have anonymized my IP and domain.

Please let me know whether this is helpful, or whether you require any other logs.

One more aspect: I saw multiple ways on how to reset the admin password. I so far used the ruglar helper script
./helper-scripts/mailcow-reset-admin.sh

I also read that it was possible to perform a reset via
docker compose exec php-fpm-mailcow mailcow-reset-admin
Is there a difference between the two and is this worth trying?

One more aspect: I saw multiple ways on how to reset the admin password. I so far used the ruglar helper script
./helper-scripts/mailcow-reset-admin.sh

I also read that it was possible to perform a reset via
docker compose exec php-fpm-mailcow mailcow-reset-admin
Is there a difference between the two and is this worth trying?

One more aspect: I saw multiple ways on how to reset the admin password. I so far used the ruglar helper script
./helper-scripts/mailcow-reset-admin.sh

I also read that it was possible to perform a reset via
docker compose exec php-fpm-mailcow mailcow-reset-admin
Is there a difference between the two and is this worth trying?

storpotaten

Had a similar problem, tried a differnt browser?

phil1125

storpotaten
I also first suspected something in that direction, but Chrome on Windows has the same issue

storpotaten

Turns out the issue still exits with my home computer, chrome wont work,
at work it does.

DocFraggle

Did you try something simple as clearing the cache or trying incognito mode?

storpotaten

Yes, works for a while then stops. no problem in edge

phil1125

DocFraggle
I unfortunately don’t know the precise version I ran previously, but it for sure was a version from fall 2024, so older than 2025-01.

[unknown]
I just gave that a try on my phone. As soon as I run icognito mode I can also not log in to the admin panel. Once I exit it, it works just fine (of course only on my one device)

storpotaten

And the previous working version was 2025-01. YES
Or did you update from an older version to 2025-01a. NO
Tried incognito mode it works.

DocFraggle

I tried different browsers, incognito etc, can’t reproduce this, works everywhere… do you have some special config in your mailcow.conf, docker overrides, reverse proxy, anything?
I configured 2FA for my admin, that’s about it

phil1125

DocFraggle
Thanks for trying this out.

No I run a completely barebone installation, only activated 2FA for my admin login, but except for my one device,it already fails after entering the password.

[unknown]
Sounds like you have the very same issue. I also updated from a version a while back.

I first also could not log in from any device, than rolled back the update by restoring from a backup. Going back to the old version (precise version unknown but roughly September), I could log in from every device again. I was logged in on my phone while I than performed the update again, know can login from my phone (independent of IP address) but nothing else.

claytonalee

I’m having the same issue after updating to the latest version. Mine was a bit older - 2024-06c i believe. I’ve tried 3 different OS’s (Win 10, 11, Ubuntu 24.04), multiple browsers (firefox, chrome, edge, safari mobile) and nothing. I could log in right before I did the update and then afterwards nothing. I have used the mailcow-reset-admin.sh script, so I’m 100% sure its not a bad password. Not sure how to proceed.

No special configs. Basically OOTB setup with a logo change and DNS setup. Not overrides, no reverse proxy. I can’t find anything about this either except this thread.

DocFraggle

Whcih 2FA method are you using? Did you try to remove it before updating?

Also, can you login to the mailcow UI with a normal mailbox user?

phil1125

DocFraggle
Thanks for staying on that issue.
I use the built in time-based OTP verification for my admin account. I originally also considered that the 2FA might be the issue, so I afterwards added an additional admin account without 2FA but same issue here. No problem logging in from my phone into the additional admin account, but not possible from any other device. Further, on all other devices I don’t even get to the stage to enter my 2FA. It before that already tells me that I would have the wrong password, and also logs that accordingly. To me it seems like the component processing the login-credentials has been damaged during an update.

toyotahead

mailcow-reset-admin.sh and have used the new password thinking somehow I forgot my password. Still no dice.

Note: I had also just did the system update to the current version as of today’s date. (March 25, 2025) when this problem occurred. I do not recall the previous version number, but I’d estimate it was last done somewhere around June 2024.

How to regain access to the admin console???

Thanks in advance.

esackbauer

toyotahead How to regain access to the admin console???

Really, is noone reading the change notes? This seems like the 5th “admin” stranding here, after not reading the release notes.
You have to use the /admin URL to log in now.

DocFraggle

Read the release notes from now on and use /admin

https://mailcow.email/posts/2025/release-2025-03/

toyotahead

DocFraggle

Thank you for the direction, much appreciated!!!

oneill

esackbauer to be fair, I stood up a brand new server today and didn’t see this mentioned in the documentation anywhere.

I could have easily missed it, but I definitely wouldn’t have thought to look at the release notes for a new instance. I’ll do better next time.