Resolved SMTP Error (250): failure during authentication (ROUNDCUBE)

[FAB]

I can not send emails anymore with RoundCube.
It was working... but it's not working anymore.... I guess since the last update (not sure).

Plesk Version 17.5.3

An error occurred!
SMTP Error (250): Authentication failed.​

I'm totally aware of the 2 other posts on the subject:
https://talk.plesk.com/threads/roundcube-problem.339471/#post-808974
and
https://talk.plesk.com/threads/roundcube-gives-mail-250-error.334681/

I already tried ALL those solutions. Including trying to switch to qmail (but then I can not even get rouncube to work (server 500 error....) ). So I switched back to postfix.

What can I do to troubleshot the problem?
Where can I find the logs, which hopefully will tell us more?

I need help, this is a critical issue

Thanks
FAB

 

[FAB]

Can it be a whitelist/blacklist issue?

How should those be configured?

 

[AYamshanov]

Hi,

Try to look https://talk.plesk.com/threads/plesk-webmail-smtp-error-250-authentication-failed.305479/page-2 and check the output of "telnet localhost 25" with your server.

 

[FAB]

it is a NIGHTMARE!

How come this SMTP error can happen?

I can't manage to fix it

HELP NEEDED... like really needed..... pleeasseeeee

 

[UFHH01]

Hi FAB,

some general informations:

=> Plesk for Linux services logs and configuration files ( KB - article: 213403509 )​

It was working... but it's not working anymore.... I guess since the last update (not sure).

Plesk Version 17.5.3

Sorry, but this is a very imprecisely information. Is there a reason, why you don't provide informations as given on your Start - page from your Plesk Control Panel? Or simply login over SSH ( as user "root" ) and type:

plesk version

... which will output as well decent informations about your operating system and the current used Plesk version ( incl. #MU ).
Pls. note that such informations are essential for troubleshooting and investigations, as Plesk supports several OS.


I leave out to quote your other statements and questions, as they don't provide any usefull informations for any possible investigation, so pls. be so kind to look for corresponding entries in your depending log - files and pls. don't forget to post the depending configuration files, so that people willing to help have something to start with their investigations together with you.

 

[FAB]

plesk version
Product version: Plesk Onyx 17.5.3 Update #10
Update date: 2017/06/21 22:33
Build date: 2017/03/17 16:00
OS version: CentOS 7
Revision: 55d1b49a272f44666e1920eca8b6e4da449a38cd
Architecture: 64-bit
Wrapper version: 1.2

I followed those steps:

Change this line:
$config['smtp_server'] = 'localhost';
to
$config['smtp_server'] = 'tls://localhost';

and change this line:
$config['smtp_port'] = 25;
to
$config['smtp_port'] = 587;

That should resolve the issue.
​

Well, it did not resolve anything. Before I had an error 250... now I'm getting an error 220

.... and it still doesn't work... and there is way less documentation on the error 220...

 

[UFHH01]

Hi FAB,

what is the output of the command:

openssl s_client -connect mail.YOUR-DOMAIN.COM:587 -starttls smtp

 

[FAB]

CONNECTED(00000003)
depth=3 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
verify return:1
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Certification Authority
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO RSA Domain Validation Secure Server CA
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = MYDOMAIN.com
verify return:1
---
Certificate chain
0 s:/OU=Domain Control Validated/OU=PositiveSSL/CN=MYDOMAIN.com
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Certification Authority
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
3 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGTjCCBTagAwIBAgIQczk3TthmLY2LmIQwznV9cTANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNV
BAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0xNzA1MjAwMDAwMDBaFw0yMDA0MjkyMzU5NTlaMFIxITAfBgNVBAsTGERv
bWFpbiBDb250cm9sIFZhbGlkYXRlZDEUMBIGA1UECxMLUG9zaXRpdmVTU0wxFzAV
BgNVBAMTDmRpc2NvdW50cjEuY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
CgKCAgEA19N7+63EtrSon+wvSQtW4cYAQZz7O6hdcB7K3cni+gVAck0SrYioNJPW
UnDePhROuFMoXqw+8ABfHQF/MsICANx0+sAn/Ehkhb2LIPC5Ny71GQZxGRPWo7Qx
dRZ5trP3E9gjZQi8YnTdPl4hmKukqDxZnL2/2TvF//8UwivsJCeVPDj6Loed8v1F
Ru+MaSMGxWfhWQ+3ChPFv+cpMYNztK7vhkcX8gwGdCI8F/3VYgEw4rE6J9Fl1hNj
0tSM3Za/LH bla bla blabla bla bla bla bla bla bla bla bla 9uU2VjdXJlU2Vy
dmVyQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20w
LQYDVR0RBCYwJIIOZGlzY291bnRyMS5jb22CEnd3dy5kaXNjb3VudHIxLmNvbTAN
BgkqhkiG9w0BAQsFAAOCAQEATpcneb56Z4AfB0NJA/CjOEeINulCUkPO3ZhdQjlC
D/rrp1SKpTLJofOOo2cyyEyHLrhn/v2S0uEUD6yyAbSc7UjkQiIOmXhVmwcDF21H
alEsiI8HLdDl5+pBs23eTNOetjl328VlZ473MVt0uUtb+HVV5JBNUjBQwH/fPu8m
wvoxCx/qePlpXJ0BX5nQqqYWr2+Fm6GFUhJEF0vViajw6AZmV2Sp44JK+VK/v6Il
VuKcnfoK1Cxv0Pn4xdiRNeaxJvxYcQRxVFndIOFThpFNjhgPQySCyUBKmm6BD9Q2
2PrHNswq2RqpBhcHjHH0z19nfpPw/1g0mBnGcXjZqggjkQ==
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/OU=PositiveSSL/CN=MYDOMAIN.com
issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO RSA Domain Validation Secure Server CA
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 6789 bytes and written 408 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECbla bla blabla bla bla bla bla bla bla bla bla A384
Session-ID: 411F4EFE4FD1CFbla bla blabla bla bla bla bla bla bla bla bla 086DF34032D4290FC8
Session-ID-ctx:
Master-Key: 247B4E0918AC6B247C28C8DD7115Fbla bla blabla bla bla bla bla bla bla bla bla
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 3600 (seconds)
TLS session ticket:
0000 - cf 8d 5b dc fa a4 ad b3-51 c7 2f 60 7e dc 91 75 ..[.....Q./`~..u
0010 - 6a ad 43 d2 3e 86 24 51-f6 79 ef 38 e4 05 53 8f j.C.>.$Q.y.8..S.
0020 - f8 86 62 51 de 1f 79 af-f0 9b a4 bc 0d 0f a9 88 ..bQ..y.........
0030 - 5c 78 15 25 1f 04 8a eb-a7 e5 20 82 2e cd f8 b8 \x.%...... .....
0040 - 1f 15 9a dd c8 2d 73 b5-bb ab d0 fa e4 06 d9 49 .....-s........I
0050 - be 15 6f cf 7f 65 e1 1c-39 e6 11 30 ca a8 34 60 ..o..e..9..0..4`
0060 - d4 57 b7 d5 79 70 d9 c6-89 eb 98 9e e0 76 7e d6 .W..yp.......v~.
0070 - f3 6c 93 12 e9 21 7d b9-2c 2a 99 d9 16 2d 1f 7b .l...!}.,*...-.{
0080 - ce 9d 32 3f 7b 49 fb ba-87 8a a1 17 30 44 1f 43 ..2?{I......0D.C
0090 - 51 eb af 93 fa 3f d8 04-62 e0 8e ae d6 a2 07 ab Q....?..b.......

Start Time: 1498249261
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
250 DSN


#headhache

 

[FAB]

logs looks super weird!!!!
The log file pretty big, growing very quickly and looks like that:



Jun 23 22:01:00 ns3037957 postfix/smtpd[21670]: lost connection after CONNECT from unknown[156.67.106.245]
Jun 23 22:01:00 ns3037957 postfix/smtpd[21670]: disconnect from unknown[156.67.106.245]
Jun 23 22:04:20 ns3037957 postfix/anvil[21675]: statistics: max connection rate 1/60s for (smtp:156.67.106.245) at Jun 23 22:01:00
Jun 23 22:04:20 ns3037957 postfix/anvil[21675]: statistics: max connection count 1 for (smtp:156.67.106.245) at Jun 23 22:01:00
Jun 23 22:04:20 ns3037957 postfix/anvil[21675]: statistics: max cache size 1 at Jun 23 22:01:00
Jun 23 22:04:24 ns3037957 postfix/smtpd[21955]: connect from ool-addc6ce6.static.optonline.net[173.220.108.230]
Jun 23 22:04:25 ns3037957 postfix/smtpd[21955]: disconnect from ool-addc6ce6.static.optonline.net[173.220.108.230]
Jun 23 22:05:17 ns3037957 postfix/smtpd[21955]: connect from unknown[156.67.106.245]
Jun 23 22:05:17 ns3037957 postfix/smtpd[21955]: lost connection after CONNECT from unknown[156.67.106.245]
Jun 23 22:05:17 ns3037957 postfix/smtpd[21955]: disconnect from unknown[156.67.106.245]
Jun 23 22:08:37 ns3037957 postfix/anvil[21957]: statistics: max connection rate 1/60s for (smtp:173.220.108.230) at Jun 23 22:04:24
Jun 23 22:08:37 ns3037957 postfix/anvil[21957]: statistics: max connection count 1 for (smtp:173.220.108.230) at Jun 23 22:04:24
Jun 23 22:08:37 ns3037957 postfix/anvil[21957]: statistics: max cache size 2 at Jun 23 22:05:17
Jun 23 22:09:37 ns3037957 postfix/smtpd[22386]: connect from unknown[156.67.106.245]
Jun 23 22:09:37 ns3037957 postfix/smtpd[22386]: lost connection after CONNECT from unknown[156.67.106.245]
Jun 23 22:09:37 ns3037957 postfix/smtpd[22386]: disconnect from unknown[156.67.106.245]
Jun 23 22:12:57 ns3037957 postfix/anvil[22388]: statistics: max connection rate 1/60s for (smtp:156.67.106.245) at Jun 23 22:09:37
Jun 23 22:12:57 ns3037957 postfix/anvil[22388]: statistics: max connection count 1 for (smtp:156.67.106.245) at Jun 23 22:09:37
Jun 23 22:12:57 ns3037957 postfix/anvil[22388]: statistics: max cache size 1 at Jun 23 22:09:37
Jun 23 22:14:00 ns3037957 postfix/smtpd[22662]: connect from unknown[156.67.106.245]
Jun 23 22:14:00 ns3037957 postfix/smtpd[22662]: lost connection after CONNECT from unknown[156.67.106.245]
Jun 23 22:14:00 ns3037957 postfix/smtpd[22662]: disconnect from unknown[156.67.106.245]
Jun 23 22:17:20 ns3037957 postfix/anvil[22667]: statistics: max connection rate 1/60s for (smtp:156.67.106.245) at Jun 23 22:14:00
Jun 23 22:17:20 ns3037957 postfix/anvil[22667]: statistics: max connection count 1 for (smtp:156.67.106.245) at Jun 23 22:14:00
Jun 23 22:17:20 ns3037957 postfix/anvil[22667]: statistics: max cache size 1 at Jun 23 22:14:00
Jun 23 22:18:01 ns3037957 postfix/smtpd[22933]: connect from ns----MYSERVER ---.eu[IP of MYSERVER]
Jun 23 22:18:06 ns3037957 postfix/smtpd[22980]: connect from unknown[156.67.106.245]
Jun 23 22:18:06 ns3037957 postfix/smtpd[22980]: lost connection after AUTH from unknown[156.67.106.245]
Jun 23 22:18:06 ns3037957 postfix/smtpd[22980]: disconnect from unknown[156.67.106.245]
Jun 23 22:19:15 ns3037957 postfix/smtpd[22933]: disconnect from ns----MYSERVER ---.eu[IP of MYSERVER]
Jun 23 22:19:23 ns3037957 postfix/smtpd[22933]: connect from ns----MYSERVER ---.eu[IP of MYSERVER]
Jun 23 22:20:01 ns3037957 postfix/smtpd[22933]: disconnect from ns----MYSERVER ---.eu[IP of MYSERVER]
Jun 23 22:21:01 ns3037957 postfix/smtpd[22933]: connect from ns----MYSERVER ---.eu[IP of MYSERVER]
Jun 23 22:21:26 ns3037957 postfix/anvil[22981]: statistics: max connection rate 1/60s for (smtp:156.67.106.245) at Jun 23 22:18:06
Jun 23 22:21:26 ns3037957 postfix/anvil[22981]: statistics: max connection count 1 for (smtp:156.67.106.245) at Jun 23 22:18:06
Jun 23 22:21:26 ns3037957 postfix/anvil[22981]: statistics: max cache size 1 at Jun 23 22:18:06
Jun 23 22:22:20 ns3037957 postfix/smtpd[22933]: lost connection after STARTTLS from ns----MYSERVER ---.eu[IP of MYSERVER]
Jun 23 22:22:20 ns3037957 postfix/smtpd[22933]: disconnect from ns----MYSERVER ---.eu[IP of MYSERVER]
Jun 23 22:22:29 ns3037957 postfix/smtpd[23185]: connect from unknown[156.67.106.245]
Jun 23 22:22:29 ns3037957 postfix/smtpd[23185]: lost connection after CONNECT from unknown[156.67.106.245]
Jun 23 22:22:29 ns3037957 postfix/smtpd[23185]: disconnect from unknown[156.67.106.245]
Jun 23 22:25:49 ns3037957 postfix/anvil[23241]: statistics: max connection rate 1/60s for (smtp:156.67.106.245) at Jun 23 22:22:29
Jun 23 22:25:49 ns3037957 postfix/anvil[23241]: statistics: max connection count 1 for (smtp:156.67.106.245) at Jun 23 22:22:29
Jun 23 22:25:49 ns3037957 postfix/anvil[23241]: statistics: max cache size 1 at Jun 23 22:22:29



What is that??? Can it be linked to my SMTP problem? I would say say.... no?

How can I block those access attempts? (blacklist works just with domains)

 

[UFHH01]

Hi FAB,

pls. add the file "/usr/share/psa-roundcube/config/defaults.inc.php" as attachment.

What is that??? Can it be linked to my SMTP problem? I would say say.... no?

Just the absolute "normal" bots/script-kiddies, trying to login to your server and your server - nothing special.
Pls. consider as well to use Fail2Ban on your server, to get rid of the bots/script-kiddies - if you need help here, pls. open ANOTHER thread.

 

[FAB]

Here is the file

 

[UFHH01]

Hi FAB,

pls. change:

$config['force_https'] = false;

to

$config['force_https'] = true;


and

$config['use_https'] = false;

to

$config['use_https'] = true;

... and consider to RE-change your modification ( backup made with "//FAB" - comments ).


Afterwards, pls. try to login to your webmail and report back with the new corresponding entries from your mail.log .

Pls. post as well the error - log from => /var/log/plesk-roundcube/errors , if the file contains any log - entries.

 

[FAB]

OK, I made the change (including going back to before the 'FAB' changes).

I' m back to: SMTP Error (250): Authentication failed.

The /var/log/plesk-roundcube/errors is 4MB (of junk) :/

Attached are the last entries

 

[UFHH01]

Hi FAB,

the following will not solve your initial issue, but should help to get rid of your notices:

=> Roundcube warning in logs: It is not safe to rely on the system's timezone settings​

Pls. DON'T shorten your depending entries from your "mail.log", as it might reduce possibilities to investigate your issue. People willing to help you can't guess the lines before and after an error - message and can't guess the full message.

Pls. post the FULL output of the commands:

telnet mail.YOUR-DOMAIN.COM 25

???

HELO l

???

AUTH LOGIN

???

( use the word "quit" to exit! )

telnet mail.YOUR-DOMAIN.COM 25

???

EHLO example.com

???

AUTH LOGIN

???

( use the word "quit" to exit! )

postconf smtpd_use_tls

 

[FAB]

telnet mail.xxxxxxxxxxxx.com 25
Trying xxx.xxx.xxx.205...
Connected to mail.xxxxxxxxxxxx.com.
Escape character is '^]'.
220 ns30xxxx.ip-xxx-xxx-162.eu ESMTP Postfix
HELO l
250 ns30xxxx.ip-xxx-xxx-162.eu
AUTH LOGIN
503 5.5.1 Error: authentication not enabled



telnet mail.xxxxxxxxxxxx.com 25
Trying xxx.xxx.xxx.205...
Connected to mail.xxxxxxxxxxxx.com.
Escape character is '^]'.
220 ns30xxxx.ip-xxx-xxx-162.eu ESMTP Postfix
EHLO xxxxxxxxxxxx.com
250-ns30xxxx.ip-xxx-xxx-162.eu
250-PIPELINING
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
503 5.5.1 Error: authentication not enabled



postconf smtpd_use_tls
smtpd_use_tls = yes
postconf: warning: /etc/postfix/main.cf: unused parameter: tls_ssl_options=NO_COMPRESSION

 

[UFHH01]

Hi FAB,

pls. use the commands:

postconf -e smtpd_tls_security_level=may
postconf -e smtpd_use_tls=no

... and comment

tls_ssl_options=NO_COMPRESSION

to

# tls_ssl_options=NO_COMPRESSION

MY recommendation is to use the following settings:

...

smtp_tls_security_level = may
smtp_use_tls = no
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtpd_sasl_auth_enable = yes
smtpd_tls_auth_only = no

smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128

smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = noanonymous

...

and again....

Afterwards, pls. try to login to your webmail and report back with the new corresponding entries from your mail.log .

... and if you still experience further issues, pls. post your main.cf + master.cf as attachments.

 

[FAB]

>>> and comment out "tls_ssl_options=NO_COMPRESSION" is not in defaults.inc.php .... where should I find it?


(I really appreciate the time you are spending trying to solve this problem )

 

[UFHH01]

... the above recommendations are for your file => /etc/postfix/main.cf


Just for your informations:
The command postconf is always "postfix - related"

 

[FAB]

Well, now when I try to log to roundcube I'm getting: Your session is invalid or expired. (it's getting worse )


Attached: main.cf & master.cf

 

[FAB]

PS: // just replaced by # (my mistake), but doesn't change the result