Postfix smtp SASL authentication failure

[zeroborg]

Hello,

i have a new Plesk 11.0.9. #34 server with Centos 6.3 64bit.
I made a few changes in order to be PCI Compliant.
I created a domain and try to send email with no luck.
----------Maillog------------
Jan 24 16:01:28 server7 pop3d-ssl: Connection, ip=[::ffff:X.X.X.X]
Jan 24 16:01:34 server7 pop3d-ssl: IMAP connect from @ [::ffff:X.X.X.X]ERR: LOGIN FAILED, ip=[::ffff:X.X.X.X]
Jan 24 16:01:34 server7 pop3d-ssl: Unexpected SSL connection shutdown.
Jan 24 16:01:48 server7 pop3d-ssl: Connection, ip=[::ffff:X.X.X.X]
Jan 24 16:01:49 server7 pop3d-ssl: IMAP connect from @ [::ffff:X.X.X.X]INFO: LOGIN, [email protected], ip=[::ffff:X.X.X.X]
Jan 24 16:01:50 server7 pop3d-ssl: 1359039710.147959 LOGOUT, [email protected], ip=[::ffff:X.X.X.X], top=0, retr=0, time=1, rcvd=12, sent=39, maildir=/var/qmail/mailnames/domain.com/info/Maildir
Jan 24 16:01:53 server7 postfix/smtpd[25779]: connect from somewhere[X.X.X.X]
Jan 24 16:01:54 server7 postfix/smtpd[25779]: warning: SASL authentication failure: realm changed: authentication aborted
Jan 24 16:01:54 server7 postfix/smtpd[25779]: warning: somewhere[X.X.X.X]: SASL DIGEST-MD5 authentication failed: authentication failure
Jan 24 16:01:55 server7 postfix/smtpd[25779]: lost connection after AUTH from somewhere[X.X.X.X]
Jan 24 16:01:55 server7 postfix/smtpd[25779]: disconnect from somewhere[X.X.X.X]
----------Maillog------------


--------/usr/lib64/sasl2/smtpd.conf------------
pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
auto_transition: yes
sql_engine: intentionally disabled
log_level: 4
--------/usr/lib64/sasl2/smtpd.conf------------


--------/etc/postfix/main.cf------------
smtpd_tls_cert_file = /etc/postfix/postfix_default.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_protocols = SSLv3, TLSv1
smtpd_tls_ciphers = high
smtpd_tls_exclude_ciphers = aNULL
smtpd_sasl_security_options = noplaintext
smtpd_timeout = 3600s
smtpd_proxy_timeout = 3600s
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
disable_vrfy_command = yes
mynetworks = 127.0.0.0/8 [::1]/128 X.X.X.X/32 X.X.X.X/32 [X.X.X.X]/128
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated, check_client_access pcre:/var/spool/postfix/pl
esk/non_auth.re
smtpd_client_restrictions = permit_mynetworks
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, check_client_access pcre:/var/spool/postfix/plesk/no_relay.re, permit_sasl_authenticated, reject_unauth_destinati
on
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:110
virtual_gid_maps = static:31
smtpd_milters = inet:localhost:12768
non_smtpd_milters = inet:localhost:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
milter_connect_macros = j {daemon_name} v
milter_data_macros = i
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_rcpt_macros = i {rcpt_addr}
message_size_limit = 30720000
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
--------/etc/postfix/main.cf------------

As you can see from the logs, the pop/imap connection is successfull.
I login to webmail with the username/password successfully.

I can't send from Outlook/thunderbird etc.
Tried to rebuild emails with /usr/local/psa/admin/sbin/mchk --with-spam but no luck.
Any ideas?

Thank you.

Zero.

 

[IgorG]

Backup the file </usr/lib64/sasl2/smtpd.conf>, and replace there a string <mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN> to <mech_list: CRAM-MD5 PLAIN LOGIN>.

After that mail could be sent successfully without any authenticating requests.

 

[zeroborg]

Igor, thank you for your reply, but i still have a problem.
Now, the Outlook says: "None of the authentication methods supported by this client are supported by your server".
This happens only on sending mails (port 587).
Is there any way to fix the authentication failure with the DIGEST-MD5?
How else can i fix this (without losing the pci-compliance)?

Thank you.

Zero.

 

[IgorG]

Strange, this issue has been fixed long time ago since 10.3.1 version with one of microupdate.
Are you sure that all packages are completely upgraded on your Plesk, especially authpsa?

 

[zeroborg]

Igor,

the components i have are:
---------Components----------
awstats 7.0-12052811.swsoft
bind 9.8.2-0.10.rc1.el6_3.6
courier-imap 3.0.8-cos6.build110120606.19
drweb 5.0.1-0plesk
httpd 2.2.15-15.el6.centos.1
mailman 2.1.12-17.el6
mod_bw 0.8-12051014
mod_perl 2.0.4-10.el6
mod_python 3.3.1-15.el6
mysql 5.1.66-2.el6_3
php 5.3.3-14.el6_3
postfix 2.8.4-12052415
PPSitebuilder 11.0.10-38572.12072100
psa 11.0.9-cos6.build110120608.16
psa-api-rpc 11.0.9-cos6.build110120608.16
psa-atmail 1.05-cos6.build110120606.19
psa-autoinstaller 3.12.1-120703.11
psa-backup-manager 11.0.9-cos6.build110120608.16
psa-drweb-configurator 11.0.9-cos6.build110120608.16
psa-horde 3.3.13-cos6.build110120606.19
psa-imp 4.3.11-cos6.build110120606.19
psa-logrotate 3.7-cos6.build110120606.19
psa-migration-manager 11.0.9-cos6.build110120608.16
psa-mod-fcgid-configurator 2.0.0-cos6.build110120606.19
psa-proftpd 1.3.4a-cos6.build110120606.19
psa-spamassassin 11.0.9-cos6.build110120608.16
psa-turba 2.3.6-cos6.build110120606.19
spamassassin 3.3.1-2.el6
synced 1359300969
webalizer 2.21_02-3.3.el6
---------Components----------

Also, the panel is up-to-date
------Info--------
Panel version 11.0.9 Update #34, last updated at Jan 27, 2013 04:35 PM
The system is up-to-date; last checked at Jan 28, 2013 03:24 AM
------Info--------

Any ideas? Maybe i can provide you the credentials to login and check it?
Thank you!!

Zero.

 

[IgorG]

Could you please confirm that all works fine if you use 25 port instead of 587 for SMTP connection?

 

[Sven L.]

Hello,

i was just checking my maillog when I saw this:

warning: SASL authentication failure: realm changed: authentication aborted

etc. like above.

yet, none of my customers has called about mail problems...

could you tell me a little more about this error, what it is and how to fix it?


thx.

 

[euphbasio]

Hi there,

I've suddenly started having the same issue following a restart of parallels outbound antispam.

Plesk 11 (all up to date), Centos 5.

I have a lovely helpful person from Parallels support looking at it because I'm baffled. Will update here if we find a solution.

Unless anyone else found anything?

 

[WagnerS]

Hi there,

I've suddenly started having the same issue following a restart of parallels outbound antispam.

Plesk 11 (all up to date), Centos 5.

I have a lovely helpful person from Parallels support looking at it because I'm baffled. Will update here if we find a solution.

Unless anyone else found anything?

did you get a solution? I'm with same problem, same versions.

 

[DimitrisG]

Backup the file </usr/lib64/sasl2/smtpd.conf>, and replace there a string <mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN> to <mech_list: CRAM-MD5 PLAIN LOGIN>.

After that mail could be sent successfully without any authenticating requests.

Many thanks. That solved a similar issue I had with Eventum (Error: authentication failed: another step is needed in authentication).

 

[Joaquim_Ponte]

Hi,
I've got a recently installed Linux Plesk 12 on CentOS 6 (centos6-plesk12_64).

I've got the exactly same problem as ZeroBorg (warning: SASL authentication failure: realm changed: authentication aborted... warning: somewhere[X.X.X.X]: SASL DIGEST-MD5 authentication failed: authentication failure.)
I've also tried IgorG suggestion (mech_list: CRAM-MD5 PLAIN LOGIN) and as ZeroBorg, Outlook then retruns: "None of the authentication methods supported by this client are supported by your server".
I don't know what else to do. I've searched foruns after foruns, i've tried a lot of suggestions but none solved my problem.

BTW, I don't know if that's relevant but my dedicated server is hosted by OVH.com)

Any help will be appreciate!
Thank you!

 

[Joaquim_Ponte]

Hi Zeroborg!
Did you solved your problem? How? I've got the same problem as you !!
Thank you!

Igor,

the components i have are:
---------Components----------
awstats 7.0-12052811.swsoft
bind 9.8.2-0.10.rc1.el6_3.6
courier-imap 3.0.8-cos6.build110120606.19
drweb 5.0.1-0plesk
httpd 2.2.15-15.el6.centos.1
mailman 2.1.12-17.el6
mod_bw 0.8-12051014
mod_perl 2.0.4-10.el6
mod_python 3.3.1-15.el6
mysql 5.1.66-2.el6_3
php 5.3.3-14.el6_3
postfix 2.8.4-12052415
PPSitebuilder 11.0.10-38572.12072100
psa 11.0.9-cos6.build110120608.16
psa-api-rpc 11.0.9-cos6.build110120608.16
psa-atmail 1.05-cos6.build110120606.19
psa-autoinstaller 3.12.1-120703.11
psa-backup-manager 11.0.9-cos6.build110120608.16
psa-drweb-configurator 11.0.9-cos6.build110120608.16
psa-horde 3.3.13-cos6.build110120606.19
psa-imp 4.3.11-cos6.build110120606.19
psa-logrotate 3.7-cos6.build110120606.19
psa-migration-manager 11.0.9-cos6.build110120608.16
psa-mod-fcgid-configurator 2.0.0-cos6.build110120606.19
psa-proftpd 1.3.4a-cos6.build110120606.19
psa-spamassassin 11.0.9-cos6.build110120608.16
psa-turba 2.3.6-cos6.build110120606.19
spamassassin 3.3.1-2.el6
synced 1359300969
webalizer 2.21_02-3.3.el6
---------Components----------

Also, the panel is up-to-date
------Info--------
Panel version 11.0.9 Update #34, last updated at Jan 27, 2013 04:35 PM
The system is up-to-date; last checked at Jan 28, 2013 03:24 AM
------Info--------

Any ideas? Maybe i can provide you the credentials to login and check it?
Thank you!!

Zero.

 

[Triantafyllos]

Hi team, I face the same problem as Joaquim_Ponte with a cloud VPS hosted at OVH.COM as well. Did someone either from Paralles or OVH can review and give a solution?

 

[IgorG]

Check this thread - http://talk.plesk.com/threads/none-...ed-by-this-client-are-supported-error.291500/

 

[Vince1]

Hi,
I've got a recently installed Linux Plesk 12 on CentOS 6 (centos6-plesk12_64).

I've got the exactly same problem as ZeroBorg (warning: SASL authentication failure: realm changed: authentication aborted... warning: somewhere[X.X.X.X]: SASL DIGEST-MD5 authentication failed: authentication failure.)
I've also tried IgorG suggestion (mech_list: CRAM-MD5 PLAIN LOGIN) and as ZeroBorg, Outlook then retruns: "None of the authentication methods supported by this client are supported by your server".
I don't know what else to do. I've searched foruns after foruns, i've tried a lot of suggestions but none solved my problem.

BTW, I don't know if that's relevant but my dedicated server is hosted by OVH.com)

Any help will be appreciate!
Thank you!

Sorry For the old thread revival. I have exactly the same set-up as you Centos 6.6, Plesk 12.0.18 hosted at OVH and of course the same trouble with the smtp authentication. Anyone found a resolution ? I already tried the ones mentioned in this thread with no success

Thank's !

 

[VASILEIOSP]

It was worked for me.

OS CentOS 6.6 (Final)
Plesk version 12.0.18 Update #52, last updated at June

Here is my smtpd.conf

pwcheck_method: auxprop saslauthd
auxprop_plugin: plesk
saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
mech_list: CRAM-MD5 PLAIN LOGIN
auto_transition: yes
sql_engine: intentionally disabled
log_level: 4

I also found this LINK that use database for authentication.

 

[abdi]

Sorry For the old thread revival. I have exactly the same set-up as you Centos 6.6, Plesk 12.0.18 hosted at OVH and of course the same trouble with the smtp authentication. Anyone found a resolution ? I already tried the ones mentioned in this thread with no success

Thank's !

http://kb.odin.com/en/113866

 

[Matteo]

i have some problem, please help me, i have read the link of your post but I did not understand what I have to do.
I have try to edit smtpd.conf but not work

 

[NetVicious]

Edit /etc/postfix/main.cf/

Look for:
smtpd_tls_auth_only = yes
and change it to:
smtpd_tls_auth_only = no

Save the file and run
postfix reload