Unable to read email via Nextcloud Mail app
-
wrote on Feb 23, 2025, 6:00 AM last edited by
Mail stopped working recently; updating to 5.1.1 did not help. When attempting to use the Mail app, the web console reports errors like
ServiceException IMAP error synchronizing account 5: No password provided. Could not load account mailboxes: IMAP error synchronizing account 5: No password provided.Around the same time, I started seeing errors in the logs like
NoUserException Backends provided no user objectand
Horde_Imap_Client_Exception No password provided. Error while running background job OCA\Mail\BackgroundJob\QuotaJob (id: 14118, arguments: {"accountId":5})It seems the Calendar app is similarly affected.
-
Mail stopped working recently; updating to 5.1.1 did not help. When attempting to use the Mail app, the web console reports errors like
ServiceException IMAP error synchronizing account 5: No password provided. Could not load account mailboxes: IMAP error synchronizing account 5: No password provided.Around the same time, I started seeing errors in the logs like
NoUserException Backends provided no user objectand
Horde_Imap_Client_Exception No password provided. Error while running background job OCA\Mail\BackgroundJob\QuotaJob (id: 14118, arguments: {"accountId":5})It seems the Calendar app is similarly affected.
wrote on Feb 23, 2025, 7:25 PM last edited by@khm_ Unfortunately this is a downside of using SSO. There is the "Master Password" feature to work around that. But faik there is no solution within cloudron for that though.
-
wrote on Feb 23, 2025, 9:57 PM last edited by
Thanks for the information. Is it not possible to revert to LDAP auth?
-
@khm_ oauth is the way forward. In recent future, email auth will also move to oauth. Just using passwords is not secure anymore.
I just tested it, you just need an app password from Cloudron . https://docs.cloudron.io/profile/#app-passwords . Choose Mail Client . Each user has to create one for the mailboxes they own and put it in nextcloud mail app. After that it works even after relogin.
-
@khm_ oauth is the way forward. In recent future, email auth will also move to oauth. Just using passwords is not secure anymore.
I just tested it, you just need an app password from Cloudron . https://docs.cloudron.io/profile/#app-passwords . Choose Mail Client . Each user has to create one for the mailboxes they own and put it in nextcloud mail app. After that it works even after relogin.
wrote on Feb 24, 2025, 11:32 AM last edited by@joseph only automatic configuration will fail. Manual still works without issues. Alternatively have people use SoGo
-
@andreasdueren what does automatic configuration mean? the mail app stores the raw cloudron password (how does it authenticate?)
-
@andreasdueren what does automatic configuration mean? the mail app stores the raw cloudron password (how does it authenticate?)
wrote on Feb 24, 2025, 1:29 PM last edited byTalking about the account provisioning
-
@andreasdueren yeah, I think the last line gives it away "only makes sense if you use the backend for nextcloud and mailserver" . So, it is taking the raw password that was given during nextcloud login and using it for the mail server. Seems a bit dangerous (to allow an app to get the raw password) but what do I know
-
@andreasdueren yeah, I think the last line gives it away "only makes sense if you use the backend for nextcloud and mailserver" . So, it is taking the raw password that was given during nextcloud login and using it for the mail server. Seems a bit dangerous (to allow an app to get the raw password) but what do I know
wrote on Feb 25, 2025, 11:39 AM last edited by@Joseph Yeah basically this seems to parse the password and store a hash every time you log in (to check for password changes) and if you used SSO this if obviously not possible. A way to enable global provisioning would be to generate a global master password for all mail accounts and then use that here. But I don't think this is a tradeoff I'd personally be willing to do, even if cloudron did offer that function.
-
@Joseph Yeah basically this seems to parse the password and store a hash every time you log in (to check for password changes) and if you used SSO this if obviously not possible. A way to enable global provisioning would be to generate a global master password for all mail accounts and then use that here. But I don't think this is a tradeoff I'd personally be willing to do, even if cloudron did offer that function.
@andreasdueren a hash is not enough. you need the raw password to login to mail server . meaning, atleast it's not a one way hash. maybe raw password is stored in some obscure way , but it has to be reversible.
