diff --git a/data/conf/dovecot/auth/mailcowauth.php b/data/conf/dovecot/auth/mailcowauth.php
index 4eda382b7..c625522ba 100644
--- a/data/conf/dovecot/auth/mailcowauth.php
+++ b/data/conf/dovecot/auth/mailcowauth.php
@@ -80,7 +80,7 @@ if ($isSOGoRequest) {
 }
 if ($result === false){
   // If it's a SOGo Request, don't check for protocol access
-  $service = (isSOGoRequest) ? false : array($post['service'] => true);
+  $service = ($isSOGoRequest) ? false : array($post['service'] => true);
   $result = apppass_login($post['username'], $post['password'], $service, array(
     'is_internal' => true,
     'remote_addr' => $post['real_rip']
diff --git a/data/conf/dovecot/auth/passwd-verify.lua b/data/conf/dovecot/auth/passwd-verify.lua
index 19dcc4bd6..b8843c996 100644
--- a/data/conf/dovecot/auth/passwd-verify.lua
+++ b/data/conf/dovecot/auth/passwd-verify.lua
@@ -34,8 +34,15 @@ function auth_password_verify(request, password)
     return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Upstream error"
   end
 
-  local api_response = json.decode(table.concat(res))
-  if api_response.success == true then
+  local response_str = table.concat(res)
+  local is_response_valid, response_json = pcall(json.decode, response_str)
+
+  if not is_response_valid then
+    dovecot.i_info("Invalid JSON received: " .. response_str)
+    return dovecot.auth.PASSDB_RESULT_INTERNAL_FAILURE, "Invalid response format"
+  end
+
+  if response_json.success == true then
     return dovecot.auth.PASSDB_RESULT_OK, ""
   end