Posts by crafter

It's quite possible that the emails and log entries are not related, but should both be issues for concern, so I would check them out in detail.

The 'SASL LOGIN authentication failed' might be a would-be attacker (or a sucessful one) trying to guess your password. If there are many of these such entries, it could be a 'dictionary attack', where the person tries your username with a password from a list (eg 'password', 'a', 'aa', 'aaa', or 'Adam', 'Bob', 'Carry' and so on).

Look into installing fail2ban on your server. This will help to trace this in real time and place a ban on the incoming IP address after a certain number of tries.

The 'setting up TLS connection' probably means there was a correct guess. Maybe reset your password to something a bit stronger.

However, if it appears you have been hacked, it might be a good idea to reset accounts and re-install items. I would suggest a proper end-to-end check of the system.

Quote from krok

looks like SASL problem, what system do you use ?
see -> http://forum.i-mscp.net/Thread…entication?highlight=sasl

Thank you krok. You are spot on about the issue being a SASL one.

I did try the fix you suggested, without success.

I have made some progress in diagnosing the issue. In desperation, last night, I removed and re-installed postfix and courier.

The problem seems to be that SSL is not being supported for IMAP and SMTP, and this seems to be related to a missing or incorrect certificate file. POP with SSL seems ok though.

I will investigate further and let you know what the staus is.

Thank you for your time and attention.
Pradesh

Good day

In summary, I suspect accounts are not being authenticated properly, on the system. I can't say for sure, because I am getting differing results, and I'm not sure how to verify this. I need help in getting clients to authenticate properly.

Now, the background :

I have recently migrated from IspCP to i-MSCP.

The migration is compete, and I have ironed out most small issues. However, some clients are reporting issues with SMTP from certain clients (in particular, from iPads). I am convinced the issue is on the iPad. However, the same devices were able to connect prior to upgrade, so this problem appeared after the upgrade, telling me that something might have changed on the server.

For example, yesterday, the client reported that at a wifi hotspot, her laptop was sending with the same SMTP address as the iPad, but the iPad was not sending.

I studied the logs.

Here is an example of a failed smtp connection. It appears she is using "SSL / NTLM" setting on the iPad, but it is failing :

Quote

Dec 3 18:36:46 cheech postfix/smtpd[21356]: connect from 41-133-83-64.dsl.mweb.co.za[41.133.83.64]
Dec 3 18:36:46 cheech postfix/smtpd[21356]: warning: 41-133-83-64.dsl.mweb.co.za[41.133.83.64]: SASL NTLM authentication failed: authentication failure
Dec 3 18:36:46 cheech postfix/smtpd[21356]: CC61C8902A7: client=41-133-83-64.dsl.mweb.co.za[41.133.83.64], sasl_method=DIGEST-MD5, [email protected]

I was able to connect from another iPad (another source network) using "NO SSL Password" settings on the ipad that works

Quote

Dec 4 10:04:10 cheech postfix/smtpd[1634]: connect from 105-236-32-133.access.mtnbusiness.co.za[105.236.32.133]
Dec 4 10:04:10 cheech postfix/smtpd[1634]: DA6FC8902A9: client=105-236-32-133.access.mtnbusiness.co.za[105.236.32.133], sasl_method=PLAIN, [email protected]
Dec 4 10:04:10 cheech postfix/cleanup[1635]: DA6FC8902A9: message-id=<[email protected]>
Dec 4 10:04:10 cheech postfix/qmgr[20780]: DA6FC8902A9: from=<[email protected]>, size=638, nrcpt=1 (queue active)
Dec 4 10:04:11 cheech postfix/pipe[1636]: DA6FC8902A9: to=<[email protected]>, relay=maildrop, delay=0.18, delays=0.1/0.07/0/0.02, dsn=2.0.0, status=sent (delivered via maildrop service)
Dec 4 10:04:11 cheech postfix/qmgr[20780]: DA6FC8902A9: removed

And here is an example of "Plain / Encrypted password " settings from thunderbird that works.

ec 4 07:25:05 cheech postfix/smtpd[29439]: connect from mail.mydomain.com[141.204.194.132]
Dec 4 07:25:05 cheech postfix/smtpd[29439]: B05038902A0: client=mail.mydomain.com[141.204.194.132], sasl_method=DIGEST-MD5, [email protected]
Dec 4 07:25:05 cheech postfix/smtpd[29439]: disconnect from mail.mydomain.com[141.204.194.132]

It gets confusing for me , because a connection test fails from the server itself, as can be seen below, with the corresponding logs ( encoded data is changed

Quote

telnet localhost 25
Trying 127.0.0.1...
Connected to mail.mydomain.com.local.
Escape character is '^]'.
220 mail.mydomain.com[ ESMTP i-MSCP 1.1.0-rc4.6 Managed
ehlo domian.com
250-mail.mydomain.com
250-PIPELINING
250-SIZE
250-VRFY
250-ETRN
250-AUTH DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN
250-AUTH=DIGEST-MD5 CRAM-MD5 NTLM PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
ABCDED==
334 UGFzc3dvcmQ6
XYZABD=
535 5.7.8 Error: authentication failed: authentication failure
quit
221 2.0.0 Bye

# tail mail.log
Dec 4 10:29:30 cheech postfix/smtpd[2106]: warning: mail.mydomain.com.local[127.0.0.1]: SASL LOGIN authentication failed: authentication failure
Dec 4 10:29:36 cheech postfix/smtpd[2106]: disconnect from mail.mydomain.com.local[127.0.0.1]

Display More

So, as you can see, my results are varying, so I'm not sure where the failure could be occuring.

Thank you for your time.

regards
Pradesh