• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

finbarr69

Basic Pleskian
I'm scratching my head over this one. Only one of many many users I have is getting blocked from sending emails by Fail2ban. I regularly have to unblock his (dynamic) IP address. Thinking it was a rogue email account in his mobile phone, I checked but found nothing wrong. So, invesitgating the logs I see...

(logs anonymised)
Feb 18 18:04:46 mail postfix/smtpd[18901]: connect from my_client_hostname[my_client_ip_address]
Feb 18 18:04:46 mail postfix/smtpd[18901]: warning: SASL authentication failure: realm changed: authentication aborted
Feb 18 18:04:46 mail postfix/smtpd[18901]: warning: my_client_hostname[my_client_ip_address]: SASL DIGEST -MD5 authentication failed: authentication failure
Feb 18 18:04:46 mail postfix/smtpd[18901]: B77EC267EA: client=my_client_hostname[my_client_ip_address], sasl_method=LOGIN, sasl_username=my_client_email_address
Feb 18 18:04:46 mail postfix/cleanup[18300]: B77EC267EA: message-id=<007801d16a76$db31e360$9195aa20$@my_client_domain>
Feb 18 18:04:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[4585]: handlers_stderr: SKIP
Feb 18 18:04:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[4585]: SKIP during call 'check-quota' handler
Feb 18 18:04:52 mail postfix/qmgr[7088]: B77EC267EA: from=<my_client_email_address>, size=600413, nrcpt=1 (queue active)
Feb 18 18:04:52 mail postfix/smtpd[18335]: connect from my_server_name [127.0.0.1]


So you can see
warning: SASL authentication failure: realm changed: authentication aborted
but then he manages successfully to send an email.

So it looks like his email client is using some authentication method that doesn't work initially, and then his email client tries a different authentication method that works ok. His email client is Microsoft Outlook 2013

I believe the SASL authentication failure message is the reason he is getting blocked by Fail2Ban, despite the success in sending the email a few seconds later.

Can anyone shed any light on what Outlook is doing wrong that causes the "realm changed" message? Presumably in the Outlook SMTP settings, something is wrong?

Thanks

Brian
 
I think I fixed it but I don't know why I had to do this...

Edit /usr/lib64/sasl2/smtpd.conf and remove DIGEST-MD5 from the mech_list line

Then do:
/etc/init.d/postfix restart

Now I no longer see that SASL authentication failure.

Can anyone explain to me why DIGEST-MD5 does not work for SMTP (but does seem to work for IMAP) ? Or can anyone explain to me why I had to make this change, and is my server still safe?

Thanks

Brian
 
Back
Top