1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Postfix smtp SASL authentication failure

Discussion in 'Plesk 11.x for Linux' started by zeroborg, Jan 24, 2013.

  1. zeroborg

    zeroborg Basic Pleskian

    23
    57%
    Joined:
    May 8, 2006
    Messages:
    35
    Likes Received:
    0
    Hello,

    i have a new Plesk 11.0.9. #34 server with Centos 6.3 64bit.
    I made a few changes in order to be PCI Compliant.
    I created a domain and try to send email with no luck.
    ----------Maillog------------
    Jan 24 16:01:28 server7 pop3d-ssl: Connection, ip=[::ffff:X.X.X.X]
    Jan 24 16:01:34 server7 pop3d-ssl: IMAP connect from @ [::ffff:X.X.X.X]ERR: LOGIN FAILED, ip=[::ffff:X.X.X.X]
    Jan 24 16:01:34 server7 pop3d-ssl: Unexpected SSL connection shutdown.
    Jan 24 16:01:48 server7 pop3d-ssl: Connection, ip=[::ffff:X.X.X.X]
    Jan 24 16:01:49 server7 pop3d-ssl: IMAP connect from @ [::ffff:X.X.X.X]INFO: LOGIN, user=info@domain.com, ip=[::ffff:X.X.X.X]
    Jan 24 16:01:50 server7 pop3d-ssl: 1359039710.147959 LOGOUT, user=info@domain.com, ip=[::ffff:X.X.X.X], top=0, retr=0, time=1, rcvd=12, sent=39, maildir=/var/qmail/mailnames/domain.com/info/Maildir
    Jan 24 16:01:53 server7 postfix/smtpd[25779]: connect from somewhere[X.X.X.X]
    Jan 24 16:01:54 server7 postfix/smtpd[25779]: warning: SASL authentication failure: realm changed: authentication aborted
    Jan 24 16:01:54 server7 postfix/smtpd[25779]: warning: somewhere[X.X.X.X]: SASL DIGEST-MD5 authentication failed: authentication failure
    Jan 24 16:01:55 server7 postfix/smtpd[25779]: lost connection after AUTH from somewhere[X.X.X.X]
    Jan 24 16:01:55 server7 postfix/smtpd[25779]: disconnect from somewhere[X.X.X.X]
    ----------Maillog------------


    --------/usr/lib64/sasl2/smtpd.conf------------
    pwcheck_method: auxprop saslauthd
    auxprop_plugin: plesk
    saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
    mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
    auto_transition: yes
    sql_engine: intentionally disabled
    log_level: 4
    --------/usr/lib64/sasl2/smtpd.conf------------


    --------/etc/postfix/main.cf------------
    smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
    smtpd_tls_key_file = $smtpd_tls_cert_file
    smtpd_tls_protocols = SSLv3, TLSv1
    smtpd_tls_ciphers = high
    smtpd_tls_exclude_ciphers = aNULL
    smtpd_sasl_security_options = noplaintext
    smtpd_timeout = 3600s
    smtpd_proxy_timeout = 3600s
    smtpd_tls_security_level = may
    smtpd_tls_auth_only = yes
    disable_vrfy_command = yes
    mynetworks = 127.0.0.0/8 [::1]/128 X.X.X.X/32 X.X.X.X/32 [X.X.X.X]/128
    smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_client_access pcre:/var/spool/postfix/pl
    esk/non_auth.re
    smtpd_client_restrictions = permit_mynetworks
    smtp_send_xforward_command = yes
    smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
    smtpd_sasl_auth_enable = yes
    smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated, reject_unauth_destinati
    on
    virtual_mailbox_base = /var/qmail/mailnames
    virtual_uid_maps = static:110
    virtual_gid_maps = static:31
    smtpd_milters = inet:localhost:12768
    non_smtpd_milters = inet:localhost:12768
    sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
    virtual_transport = plesk_virtual
    plesk_virtual_destination_recipient_limit = 1
    mailman_destination_recipient_limit = 1
    milter_connect_macros = j {daemon_name} v
    milter_data_macros = i
    milter_end_of_data_macros = i
    milter_end_of_header_macros = i
    milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
    milter_macro_daemon_name = $myhostname
    milter_macro_v = $mail_name $mail_version
    milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
    milter_rcpt_macros = i {rcpt_addr}
    message_size_limit = 30720000
    smtpd_use_tls = yes
    smtp_tls_security_level = may
    smtp_use_tls = no
    --------/etc/postfix/main.cf------------

    As you can see from the logs, the pop/imap connection is successfull.
    I login to webmail with the username/password successfully.

    I can't send from Outlook/thunderbird etc.
    Tried to rebuild emails with /usr/local/psa/admin/sbin/mchk --with-spam but no luck.
    Any ideas?

    Thank you.

    Zero.
     
    Last edited: Jan 24, 2013
  2. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Backup the file </usr/lib64/sasl2/smtpd.conf>, and replace there a string <mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN> to <mech_list: CRAM-MD5 PLAIN LOGIN>.

    After that mail could be sent successfully without any authenticating requests.
     
  3. zeroborg

    zeroborg Basic Pleskian

    23
    57%
    Joined:
    May 8, 2006
    Messages:
    35
    Likes Received:
    0
    Igor, thank you for your reply, but i still have a problem.
    Now, the Outlook says: "None of the authentication methods supported by this client are supported by your server".
    This happens only on sending mails (port 587).
    Is there any way to fix the authentication failure with the DIGEST-MD5?
    How else can i fix this (without losing the pci-compliance)?

    Thank you.

    Zero.
     
  4. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Strange, this issue has been fixed long time ago since 10.3.1 version with one of microupdate.
    Are you sure that all packages are completely upgraded on your Plesk, especially authpsa?
     
  5. zeroborg

    zeroborg Basic Pleskian

    23
    57%
    Joined:
    May 8, 2006
    Messages:
    35
    Likes Received:
    0
    Igor,

    the components i have are:
    ---------Components----------
    awstats 7.0-12052811.swsoft
    bind 9.8.2-0.10.rc1.el6_3.6
    courier-imap 3.0.8-cos6.build110120606.19
    drweb 5.0.1-0plesk
    httpd 2.2.15-15.el6.centos.1
    mailman 2.1.12-17.el6
    mod_bw 0.8-12051014
    mod_perl 2.0.4-10.el6
    mod_python 3.3.1-15.el6
    mysql 5.1.66-2.el6_3
    php 5.3.3-14.el6_3
    postfix 2.8.4-12052415
    PPSitebuilder 11.0.10-38572.12072100
    psa 11.0.9-cos6.build110120608.16
    psa-api-rpc 11.0.9-cos6.build110120608.16
    psa-atmail 1.05-cos6.build110120606.19
    psa-autoinstaller 3.12.1-120703.11
    psa-backup-manager 11.0.9-cos6.build110120608.16
    psa-drweb-configurator 11.0.9-cos6.build110120608.16
    psa-horde 3.3.13-cos6.build110120606.19
    psa-imp 4.3.11-cos6.build110120606.19
    psa-logrotate 3.7-cos6.build110120606.19
    psa-migration-manager 11.0.9-cos6.build110120608.16
    psa-mod-fcgid-configurator 2.0.0-cos6.build110120606.19
    psa-proftpd 1.3.4a-cos6.build110120606.19
    psa-spamassassin 11.0.9-cos6.build110120608.16
    psa-turba 2.3.6-cos6.build110120606.19
    spamassassin 3.3.1-2.el6
    synced 1359300969
    webalizer 2.21_02-3.3.el6
    ---------Components----------

    Also, the panel is up-to-date
    ------Info--------
    Panel version 11.0.9 Update #34, last updated at Jan 27, 2013 04:35 PM
    The system is up-to-date; last checked at Jan 28, 2013 03:24 AM
    ------Info--------

    Any ideas? Maybe i can provide you the credentials to login and check it?
    Thank you!!

    Zero.
     
  6. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
    Could you please confirm that all works fine if you use 25 port instead of 587 for SMTP connection?
     
  7. Sven L.

    Sven L. Regular Pleskian

    18
     
    Joined:
    Dec 13, 2011
    Messages:
    235
    Likes Received:
    1
    Hello,

    i was just checking my maillog when I saw this:

    warning: SASL authentication failure: realm changed: authentication aborted

    etc. like above.

    yet, none of my customers has called about mail problems...

    could you tell me a little more about this error, what it is and how to fix it?


    thx.
     
  8. euphbasio

    euphbasio Basic Pleskian

    23
    23%
    Joined:
    Dec 26, 2008
    Messages:
    29
    Likes Received:
    0
    Hi there,

    I've suddenly started having the same issue following a restart of parallels outbound antispam.

    Plesk 11 (all up to date), Centos 5.

    I have a lovely helpful person from Parallels support looking at it because I'm baffled. Will update here if we find a solution.

    Unless anyone else found anything?
     
  9. WagnerS

    WagnerS New Pleskian

    16
    35%
    Joined:
    Nov 10, 2010
    Messages:
    22
    Likes Received:
    0
    did you get a solution? I'm with same problem, same versions.
     
  10. DimitrisG

    DimitrisG Basic Pleskian

    11
    85%
    Joined:
    Apr 8, 2014
    Messages:
    33
    Likes Received:
    1
    Location:
    Athens, Greece
    Many thanks. That solved a similar issue I had with Eventum (Error: authentication failed: another step is needed in authentication).
     
  11. Joaquim_Ponte

    Joaquim_Ponte New Pleskian

    3
    70%
    Joined:
    Nov 28, 2014
    Messages:
    6
    Likes Received:
    0
    Hi,
    I've got a recently installed Linux Plesk 12 on CentOS 6 (centos6-plesk12_64).

    I've got the exactly same problem as ZeroBorg (warning: SASL authentication failure: realm changed: authentication aborted... warning: somewhere[X.X.X.X]: SASL DIGEST-MD5 authentication failed: authentication failure.)
    I've also tried IgorG suggestion (mech_list: CRAM-MD5 PLAIN LOGIN) and as ZeroBorg, Outlook then retruns: "None of the authentication methods supported by this client are supported by your server".
    I don't know what else to do. I've searched foruns after foruns, i've tried a lot of suggestions but none solved my problem.

    BTW, I don't know if that's relevant but my dedicated server is hosted by OVH.com)

    Any help will be appreciate!
    Thank you!
     
  12. Joaquim_Ponte

    Joaquim_Ponte New Pleskian

    3
    70%
    Joined:
    Nov 28, 2014
    Messages:
    6
    Likes Received:
    0
    Hi Zeroborg!
    Did you solved your problem? How? I've got the same problem as you :( !!
    Thank you!

     
  13. Triantafyllos

    Triantafyllos New Pleskian

    3
     
    Joined:
    Dec 15, 2014
    Messages:
    4
    Likes Received:
    0
    Hi team, I face the same problem as Joaquim_Ponte with a cloud VPS hosted at OVH.COM as well. Did someone either from Paralles or OVH can review and give a solution?
     
  14. IgorG

    IgorG Forums Analyst Staff Member

    49
    24%
    Joined:
    Oct 27, 2009
    Messages:
    24,572
    Likes Received:
    1,243
    Location:
    Novosibirsk, Russia
  15. Vince1

    Vince1 New Pleskian

    3
     
    Joined:
    Feb 24, 2015
    Messages:
    1
    Likes Received:
    0
    Sorry For the old thread revival. I have exactly the same set-up as you Centos 6.6, Plesk 12.0.18 hosted at OVH and of course the same trouble with the smtp authentication. Anyone found a resolution ? I already tried the ones mentioned in this thread with no success

    Thank's !
     
    Last edited: Feb 24, 2015
  16. VASILEIOSP

    VASILEIOSP New Pleskian

    10
    35%
    Joined:
    Oct 3, 2012
    Messages:
    4
    Likes Received:
    1
    Location:
    THESSALONIKI
    It was worked for me.

    OS CentOS 6.6 (Final)
    Plesk version 12.0.18 Update #52, last updated at June

    Here is my smtpd.conf

    pwcheck_method: auxprop saslauthd
    auxprop_plugin: plesk
    saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
    mech_list: CRAM-MD5 PLAIN LOGIN
    auto_transition: yes
    sql_engine: intentionally disabled
    log_level: 4

    I also found this LINK that use database for authentication.
     
  17. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    http://kb.odin.com/en/113866
     
  18. Matteo

    Matteo New Pleskian

    1
    20%
    Joined:
    Mar 7, 2016
    Messages:
    2
    Likes Received:
    0
    i have some problem, please help me, i have read the link of your post but I did not understand what I have to do.
    I have try to edit smtpd.conf but not work
     
    Last edited: Mar 7, 2016
  19. NetVicious

    NetVicious New Pleskian

    2
    70%
    Joined:
    Feb 14, 2017
    Messages:
    7
    Likes Received:
    0
    Location:
    Spain
    Edit /etc/postfix/main.cf/

    Look for:
    smtpd_tls_auth_only = yes
    and change it to:
    smtpd_tls_auth_only = no

    Save the file and run
    postfix reload
     
Loading...