• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Plesk Webmail SMTP Error (250), Authentication Failed

1. Yes, I use [email protected] as login for SMTP.

2. File /var/spool/postfix/plesk/passwd.db exists.

3. Command /usr/local/psa/admin/sbin/mchk --without-spam didn't find any problem, and regrettably no changes.

4.
# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 vpsxxxxx.ovh.net ESMTP Postfix (Ubuntu)
EHLO localhost
250-vpsxxxxx.ovh.net
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Thanks for your help,
 
On this VPS I have Plesk 12.0.18. CentOS 6.5 64-bit.

On my another VPS I have Plesk 11.5.x with CentOS 6.4 64-bit.
SMTP works file. roundcube works fine.

P.S. If there are no other solutions I'll switch to Google mail for domain or Yandex mail for domain.
 
There is still the AUTH thing missing.... :( normally it will look like this on Ubuntu, with postfix:

Code:
Trying 127.0.0.1...
.....
250-STARTTLS
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

As you can see, there is still something missing.... the only 2 things that I could think of, is changing the mail-software over the Plesk-Panel ( https://YOUR_SYSTEM_DOMAIN.tld:8447/select_components.html ) to QMAIL and switching back afterwards, if you prefer postfix and see if that works. And as a second option, using the autoinstaller, trying to fix it, with the latest reinstall of the patches ( /usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --upgrade-installed-components --reinstall-patch ), or the recent bootstrapper ( /usr/local/psa/bootstrapper/pp12.0.18-bootstrapper/bootstrapper.sh repair ).
 
Thanks for your advices!

This command didn't help:
/usr/local/psa/admin/bin/autoinstaller --select-product-id plesk --select-release-current --upgrade-installed-components --reinstall-patch

But when I switched to qmail - SMTP started to work. I could send emails (587 port, STARTTLS, protected password).

When I switched back to postfix the problem returned again.

It's very strange. Something wrong in postfix with CentOS 6.5 + Plesk 12.
 
I am having the same issue after upgrading to Plesk 12. Didn't notice at first until customers began complaining. It worked fine before and I haven't changed anything besides the upgrade...
 
Is there a solution to this problem already, i have the same issue!!!

The output om
EHLO localhost

IS

250-vpsxxxxx.ovh.net
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

So, something is wrong with the authorisation/authentication settings. This is NOT working on POSTFIX but on QMAIL its fine. BUT with QMAIL horde sendmail is not working. Aaaaah, no configuration seems to work properly anymore!!!!!!

I am using CentOS 6.6 with plesk 12.0.18 #39 on VPS(OVH)
 
UFHH01, wrong again.

The output of the ehlo makes it quite obvious that this copy of postfix has been set to only allow auth after TLS. telnet localhost 25 on Plesk servers with Postfix where this has been set will look like this:

Code:
# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 plesk12-centos7-test ESMTP Postfix
ehlo localhost
250-plesk12-centos7-test
250-PIPELINING
250-SIZE 36700160
250-ETRN
250-STARTTLS
250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Obviously no auth options there, but starttls is showing. So make the same connection to port 587 with TLS:

Code:
# openssl s_client -starttls smtp -connect localhost:587
CONNECTED(00000003)
......
250 DSN
ehlo localhost
250-plesk12-centos7-test
250-PIPELINING
250-SIZE 36700160
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
250-XFORWARD NAME ADDR PROTO HELO SOURCE PORT IDENT
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Typically this is the result of the following command being in the postfix /etc/postfix/main.cf:

smtpd_tls_auth_only = yes

However, turning that off isn't good; you ideally want all of your authentication to be over TLS. So instead, the solution is to correct the Plesk Roundcube config at /usr/share/psa-roundcube/config/defaults.inc.php

Change this line:

$config['smtp_server'] = 'localhost';

to

$config['smtp_server'] = 'tls://localhost';

and change this line:

$config['smtp_port'] = 25;

to

$config['smtp_port'] = 587;

That should resolve the issue.
 
If you answer a post from me, could you please be so kind to quote the mentioned part, which you declare as "wrong" ? I'm sorry that I can't follow you, especially because the last post in this thread from me was at "Aug 22, 2014".

I apologize for not quoting, but since all of your replies missed the issue, I didn't think it would be helpful to quote. The one and only simple issue that is occurring is that this particular Plesk user, and a few others in the thread, have their Postfix install set to require TLS before auth, which is why doing your plain text telnet reveals the mention of STARTTLS and no mention of AUTH. The fact that your test system presents the AUTH option on a plain text telnet to port 25 means you have your server set up very insecurely, to allow users to authenticate with no encryption.

This situation results due to a bug in the Plesk pci_compliance_resolver; it will lock the server down to require secure auth with secure SSL ciphers on nearly every service, but not fix RoundCube to properly auth after the security settings have been implemented. Of course, with Plesk 12.5, the pci_compliance_resolver is completely broken and you have to download a new copy from https://kb.plesk.com/en/127568. I'm not sure why it's taken Plesk seven months to still not have it rolled into a hotfix. In any case, the two line fix is:

Edit /usr/share/psa-roundcube/config/defaults.inc.php
Change $config['smtp_server'] = 'localhost'; to $config['smtp_server'] = 'tls://localhost';
Change $config['smtp_port'] = 25; to $config['smtp_port'] = 587;
 
Back
Top