• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved Plesk 18.0.73 - postfix/smtpd fatal: no SASL authentication mechanisms

LRLD

Basic Pleskian
Server operating system version
Ubuntu 24.04.3 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.73 Web Pro Edition
Morning,

I was just sending a test mail on my systems to make sure everything was ok after the Dovecot update, only to find my mail being held in the queue.
I see lots of...mail postfix/smtpd[3261]: fatal: no SASL authentication mechanisms in the mail.err log since the update to 18.0.73 yesterday.
Looking at the /etc/postfix/sasl/smtpd.conf file, showed just PLAIN LOGIN so I had to add back in DIGEST-MD5 CRAM-MD5 so the file looked like this again...

Code:
pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: /private/plesk_saslauthd
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
sql_engine: intentionally disabled
log_level: 4

I hope this helps the next person.
Regards

LD
 
Is it safe to put back in the MD5-Mechanisms?
We have users with Thunderbird having problems after the update. However I remember the mechanisms were removed in the past, because of problems with outlook. (https://support.plesk.com/hc/en-us/...-authentication-failed-authentication-failure)
Would be kinda pointless, if we repair the smtp for thunderbird users and in exchange get problems with the outlook users.
 
The problems you are referring to are for dovecot, this is a fix for postfix.

postfix = smtpd
dovecot = imap and pop3

regards
Jan
 
Was this conf file changed in the 18.0.73 update? Can anyone from plesk chime in? I fixed the dovecot issue, but I now have a couple clients unable to send emails now.
 
@yabado , yes, the config file was changed. The issue you are experiencing could be related to the fact that DIGEST-MD5 and CRAM-MD5 are removed in the latest update. However, could you please confirm whether your users are experiencing issues only when they are trying to send emails or there is connectivity/login issue altogether? If there's a login issue, you can restore MD5 auth mechanisms for Postfix/Dovecot, following these steps:

  1. Edit /etc/dovecot/dovecot.conf file:
    Code:
    auth_mechanisms = plain login digest-md5 cram-md5 apop
    auth_allow_weak_schemes = yes
  2. Restart Dovecot service:
    Code:
    systemctl restart dovecot
 
@Sebahat.hadzhi My /etc/dovecot/dovecot.conf file already looks like this.

Did you not read the rest of this thread before responding?

Seems the issue is with this conf being changed? /etc/sasl2/smtpd.conf
 
Thank you for the response, @yabado . I read the thread and I understand your question is about /etc/sasl2/smtpd.conf. I should have clarified that by "the config file was changed" I meant /etc/sasl2/smtpd.conf. The root cause I pointed out is a guess based on other reports with similar symptoms to those of your description. The change that was applied to /etc/sasl2/smtpd.conf is:

from:

Code:
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN

to:

Code:
mech_list: PLAIN LOGIN
 
Yes, reverting to the original, long standing, setting fixes the issues for my users.

Hopefully plesk will be more careful on future updates so email functionality does not take a hit.
 
Yes, reverting to the original, long standing, setting fixes the issues for my users.

Hopefully plesk will be more careful on future updates so email functionality does not take a hit.
Not sure I can leave the update settings to automatically update anymore — this just about killed me with all my customers blowing up my phone at 5 in the morning...
 
I had to change multiple things to get send/receive to work in my Roundcube:

In /etc/dovecot/dovecot.conf
Code:
auth_mechanisms = plain login digest-md5 cram-md5 apop

In cat /etc/sasl2/smtpd.conf
Code:
mech_list: CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
 
Dunno, but we have all the auto-update settings enabled on our servers and so far not once it installed a new release automatically, at least not in the first couple of weeks after release. (all the interim and extension updates, as well as OS packages get updated though)

Hmm, ok, now that I think of it...that may be because we use some custom templates on all these systems?!?
As whenever we (manually) update to the latest release, we have to acknowledge a warning message because of this.
Maybe this also prevents Plesk from automatically upgrade to the latest version. (and I'm happy for it, because like all the last three or four releases caused some major headache till at least update1/update2)
 
I had to change multiple things to get send/receive to work in my Roundcube:
That does not make sense to me, as Roundcube does use "PLAIN" per default (maybe you've changed the imap_auth_type/smtp_auth_type in the Roundcube config once?)
As we have a couple or Plesk servers where CRAM-MD5/DIGEST-MD5 is manually disabled for Postfix/Dovecot since ages, I know that Roundcube does work happely without these
 
Back
Top