Debian Stretch - Postfix/Dovecot-SASL - SMTP Fehler (454): Die Authentisierung ist fehlgeschlagen.

  • Nach dem Update von Debian auf 9 und dem Update auf imscp 1.4.7 kann man keine Mails versenden. Es kommt im Webmailer (Rainloop und Roundcube :
    SMTP Fehler (454): Die Authentisierung ist fehlgeschlagen.
    Wo kann das Problem sein?

    Edited once, last by lugau45 ().

  • @lugau45


    Good evening.

    • Distro?
    • Codename?
    • PO server implementation (Dovecot, Courier)? I need that info to known which SASL implementation you use.
    • Plugin list?
    • Listener files?

    Reporting rules - Reminder


    Thank you.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Distro Debian 9
    IMSCP 1.4.7
    Dovecot
    Plugins aktiviert:
    ClamAV CronJobs LetsEncrypt PanelRedirect PhpSwitcher PolicydSPF Postgrey RoundcubePlugins SpamAssassin


    Webmail Roundcube and Rainloop


    reconfigure imscp ohne Fehler durchgeführt.

  • @lugau45


    Debian Stretch.. Ok. I'll first try to reproduce on my test server. I stay you informed.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @lugau45


    Also please, try the following:


    First please, check that all mail filtering services are running: ClamAV and SpamAsassin:

    • service clamav-daemon status
    • service clamav-milter status
    • service spamassassin status
    • service spamass-milter status

    If one of these services is not running, try to start it and once done, retry. If that doesn't solve the problem, do the following:


    Disable each mail related plugin ONE by ONE and give a new try after each disabling. The code reported 454 is a temporary failure and I bet that it is related to a MILTER service (tempfail).


    To resume:

    • Disable the ClamAV plugin and once done, retry
    • Disable the SpamAssassin and once done, retry

    You could also have a look at the /var/log/mail.log file in which you should be able to find the reason for which a temporary failure (457) is raised. That would help me a lot ;)


    I'm waiting for your feedback.


    Thank you.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • Code
    1. service clamav-daemon status● clamav-daemon.service - Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.service; disabled; vendor preset: enabled) Drop-In: /etc/systemd/system/clamav-daemon.service.d └─extend.conf Active: inactive (dead) Docs: man:clamd(8) man:clamd.conf(5) http://www.clamav.net/lang/en/doc/ Jul 10 21:05:21 cp2 clamd[598]: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe" Jul 10 21:05:21 cp2 clamd[598]: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe" Jul 10 21:05:21 cp2 clamd[598]: LibClamAV Error: cli_loadyara: failed to parse rules file /var/lib/clamav/antidebug_antivm.yar, error count 7 Jul 10 21:05:21 cp2 clamd[598]: LibClamAV Error: yyerror(): /var/lib/clamav/malicious_document.yar line 245 undefined identifier "uint32be" Jul 10 21:05:21 cp2 clamd[598]: LibClamAV Error: cli_loadyara: failed to parse rules file /var/lib/clamav/malicious_document.yar, error count 1 Jul 10 21:05:23 cp2 clamd[598]: Database correctly reloaded (6479228 signatures) Jul 10 21:47:36 cp2 systemd[1]: Stopping Clam AntiVirus userspace daemon... Jul 10 21:47:37 cp2 clamd[598]: --- Stopped at Mon Jul 10 21:47:37 2017 Jul 10 21:47:37 cp2 clamd[598]: Socket file removed. Jul 10 21:47:37 cp2 systemd[1]: Stopped Clam AntiVirus userspace daemon.



    Code
    1. service clamav-milter status● clamav-milter.service - LSB: ClamAV virus milter Loaded: loaded (/etc/init.d/clamav-milter; generated; vendor preset: enabled) Active: inactive (dead) Docs: man:systemd-sysv-generator(8) Jul 10 19:24:51 cp2 systemd[1]: Starting LSB: ClamAV virus milter... Jul 10 19:24:52 cp2 clamav-milter[865]: Starting Sendmail milter plugin for ClamAV: clamav-milter. Jul 10 19:24:52 cp2 clamav-milter[1125]: No clamd server appears to be available Jul 10 19:24:52 cp2 systemd[1]: Started LSB: ClamAV virus milter. Jul 10 21:47:33 cp2 systemd[1]: Stopping LSB: ClamAV virus milter... Jul 10 21:47:35 cp2 clamav-milter[1125]: ClamAV: mi_stop=1 Jul 10 21:47:35 cp2 clamav-milter[9705]: Stopping Sendmail milter plugin for ClamAV: clamav-milter. Jul 10 21:47:35 cp2 systemd[1]: Stopped LSB: ClamAV virus milter.
    Code
    1. service spamassassin status● spamassassin.service - Perl-based spam filter using text analysis Loaded: loaded (/lib/systemd/system/spamassassin.service; disabled; vendor preset: enabled) Active: inactive (dead)Jul 10 19:24:58 cp2 spamd[1366]: zoom: able to use 353/353 'body_0' compiled rules (100%)Jul 10 19:25:02 cp2 spamd[1366]: spamd: server started on UNIX domain socket /var/run/spamassassin.sock (running version 3.4.1)Jul 10 19:25:02 cp2 spamd[1366]: spamd: server pid: 1366Jul 10 19:25:02 cp2 spamd[1366]: spamd: server successfully spawned child process, pid 1715Jul 10 19:25:02 cp2 spamd[1366]: spamd: server successfully spawned child process, pid 1716Jul 10 19:25:02 cp2 systemd[1]: Started Perl-based spam filter using text analysis.Jul 10 19:25:02 cp2 spamd[1366]: prefork: child states: IIJul 10 21:47:46 cp2 systemd[1]: Stopping Perl-based spam filter using text analysis...Jul 10 21:47:46 cp2 spamd[1366]: spamd: server killed by SIGTERM, shutting downJul 10 21:47:46 cp2 systemd[1]: Stopped Perl-based spam filter using text analysis.


  • When sending with the mail program comes the following error

    Code
    1. Fehler beim Übertragen der Nachricht. Your SMTP server does not support LOGIN.Choose a different authentication method.The server responded: "4.3.0 Try again later"This is a temporary failure. You may try again later.
  • I'll investigate this night.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • @lugau45


    I cannot reproduce the problem with 1.4.x from github.


    My test environnent

    Shell-Script
    1. root@stretch:/var/log# lsb_release -aNo LSB modules are available.Distributor ID: DebianDescription: Debian GNU/Linux 9.0 (stretch)Release: 9.0Codename: stretch
    • i-MSCP 1.4.x
    • Postfix/Dovecot-SASL

    Below are the tests I've made using Mozilla Thunderbird mail client under Debian Jessie.


    Mail client configuration: connnection on port 587, PLAIN authentication method:

    Shell-Script
    1. Jul 11 10:27:55 stretch postfix/smtpd[9909]: connect from unknown[192.168.1.1]Jul 11 10:27:55 stretch postfix/smtpd[9909]: 4A2B91391: client=unknown[192.168.1.1], sasl_method=PLAIN, sasl_username=[email protected] 11 10:27:55 stretch postfix/cleanup[9913]: 4A2B91391: message-id=<e3649aef-8f32-b9ef-f5c6-[email protected]>Jul 11 10:27:55 stretch postfix/qmgr[9892]: 4A2B91391: from=<[email protected]>, size=689, nrcpt=1 (queue active)Jul 11 10:27:55 stretch postfix/smtpd[9909]: disconnect from unknown[192.168.1.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6Jul 11 10:27:55 stretch dovecot: lda([email protected]): msgid=<e3649aef-8f32-b9ef-f5c6-[email protected]>: saved mail to INBOX.Jul 11 10:27:55 stretch postfix/pipe[9914]: 4A2B91391: to=<[email protected]>, relay=dovecot, delay=0.04, delays=0.02/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)Jul 11 10:27:55 stretch postfix/qmgr[9892]: 4A2B91391: removed

    Mail client config: Connnection on port 587 with STARTTLS, PLAIN authentication method (recommended way):

    Shell-Script
    1. Jul 11 10:21:02 stretch postfix/smtpd[9851]: connect from unknown[192.168.1.1]Jul 11 10:21:02 stretch postfix/smtpd[9851]: Anonymous TLS connection established from unknown[192.168.1.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)Jul 11 10:21:02 stretch postfix/smtpd[9851]: 883EA1314: client=unknown[192.168.1.1], sasl_method=PLAIN, sasl_username=[email protected] 11 10:21:02 stretch postfix/cleanup[9857]: 883EA1314: message-id=<7587e03e-dfab-3ecd-87d9-[email protected]>Jul 11 10:21:02 stretch postfix/qmgr[9845]: 883EA1314: from=<[email protected]>, size=799, nrcpt=1 (queue active)Jul 11 10:21:02 stretch postfix/smtpd[9851]: disconnect from unknown[192.168.1.1] ehlo=2 starttls=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=8Jul 11 10:21:02 stretch dovecot: lda([email protected]): msgid=<7587e03e-dfab-3ecd-87d9-[email protected]>: saved mail to INBOX.Jul 11 10:21:02 stretch postfix/pipe[9858]: 883EA1314: to=<[email protected]>, relay=dovecot, delay=0.06, delays=0.02/0.01/0/0.03, dsn=2.0.0, status=sent (delivered via dovecot service)Jul 11 10:21:02 stretch postfix/qmgr[9845]: 883EA1314: removed

    Mail client configuration: Connnection on port 465 with SSL/TLS, PLAIN authentication method:


    Shell-Script
    1. Jul 11 10:24:25 stretch postfix/smtpd[9863]: connect from unknown[192.168.1.1]Jul 11 10:24:25 stretch postfix/smtpd[9863]: Anonymous TLS connection established from unknown[192.168.1.1]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)Jul 11 10:24:26 stretch postfix/smtpd[9863]: 087AC1391: client=unknown[192.168.1.1], sasl_method=PLAIN, sasl_username=[email protected] 11 10:24:26 stretch postfix/cleanup[9869]: 087AC1391: message-id=<0e4d0a08-325b-f302-714c-[email protected]>Jul 11 10:24:26 stretch postfix/qmgr[9845]: 087AC1391: from=<[email protected]>, size=799, nrcpt=1 (queue active)Jul 11 10:24:26 stretch postfix/smtpd[9863]: disconnect from unknown[192.168.1.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6Jul 11 10:24:26 stretch dovecot: lda([email protected]): msgid=<0e4d0a08-325b-f302-714c-[email protected]>: saved mail to INBOX.Jul 11 10:24:26 stretch postfix/pipe[9870]: 087AC1391: to=<[email protected]>, relay=dovecot, delay=0.04, delays=0.02/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)Jul 11 10:24:26 stretch postfix/qmgr[9845]: 087AC1391: removed

    And now the test I've made with Roundcube and Rainloop:


    From Roundcube:


    Shell-Script
    1. Jul 11 10:49:48 stretch postfix/smtpd[19318]: connect from stretch.bbox.nuxwin.com.local[127.0.0.1]Jul 11 10:49:48 stretch postfix/smtpd[19318]: 4C16A13DB: client=stretch.bbox.nuxwin.com.local[127.0.0.1], sasl_method=LOGIN, sasl_username=[email protected] 11 10:49:48 stretch postfix/cleanup[19334]: 4C16A13DB: message-id=<[email protected]>Jul 11 10:49:48 stretch postfix/qmgr[19201]: 4C16A13DB: from=<[email protected]>, size=677, nrcpt=1 (queue active)Jul 11 10:49:48 stretch dovecot: lda([email protected]): msgid=<[email protected]>: saved mail to INBOX.Jul 11 10:49:48 stretch postfix/pipe[19335]: 4C16A13DB: to=<[email protected]>, relay=dovecot, delay=0.06, delays=0.04/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)Jul 11 10:49:48 stretch postfix/qmgr[19201]: 4C16A13DB: removed

    From Rainloop:

    Shell-Script
    1. Jul 11 10:55:05 stretch postfix/smtpd[19423]: connect from stretch.bbox.nuxwin.com.local[127.0.0.1]
    2. Jul 11 10:55:05 stretch postfix/smtpd[19423]: D6C581409: client=stretch.bbox.nuxwin.com.local[127.0.0.1], sasl_method=PLAIN, sasl_username=[email protected]
    3. Jul 11 10:55:05 stretch postfix/cleanup[19425]: D6C581409: message-id=<[email protected]>
    4. Jul 11 10:55:05 stretch postfix/qmgr[19201]: D6C581409: from=<[email protected]>, size=1248, nrcpt=1 (queue active)
    5. Jul 11 10:55:05 stretch postfix/smtpd[19423]: disconnect from stretch.bbox.nuxwin.com.local[127.0.0.1] ehlo=1 auth=1 mail=1 rcpt=1 data=1 quit=1 commands=6
    6. Jul 11 10:55:05 stretch dovecot: lda([email protected]): msgid=<[email protected]>: saved mail to INBOX.
    7. Jul 11 10:55:05 stretch postfix/pipe[19426]: D6C581409: to=<[email protected]>, relay=dovecot, delay=0.07, delays=0.05/0.01/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)
    8. Jul 11 10:55:05 stretch postfix/qmgr[19201]: D6C581409: removed

    [hr]

    Fehler beim Übertragen der Nachricht. Your SMTP server does not support LOGIN.Choose a different authentication method.The server responded: "4.3.0 Try again later"This is a temporary failure. You may try again later.

    This message comes from your mail client, right? The error message is not really relevant (at least the first sentence about LOGIN that is not supported) because some mail clients map SMTP error codes to erroneous internal error messages.


    Please

    • Give us the name and version of the mail client you're using, and also the OS name and version on which you're running it
    • Show us the configuration for your mail client. We need more details about how you're connecting to the SMTP server. For instance, the port you're using, password method, STARTTLS or not, and so on...

    Also again, that would be great if you could provide us with relevant logs from the /var/log/mail.log file. For instance, you could:

    • Run tail -fn0 /var/log/mail.log on the i-MSCP server
    • Try to send a mail through your mail client
    • Provide us with the output from tail.

    Thank you.

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206