Email client failing to login

sebholmes · February 3, 2017, 5:09pm

I have set up a user and checked and double-checked the access details and repeatedly tested them using Outlook as a client.

The error message I get at the client is:

Log onto incoming mail server (POP3): Your e-mail server rejected your login. Verify your user name and password for this account in Account Settings. The server responded: -ERR [SYS/TEMP] Internal error occurred. Refer to server log for more information.

The server log tells me:

Mail access for users with UID 514 not permitted (see first_valid_uid in config file, uid from userdb lookup)

Sadly I’m too ignorant to have any idea what this means, let alone how to fix it.

Please can you give me a pointer? My hunch is that I am trying to connect with TLS but that TLS is not configured properly on the server. My problem is that I can’t find where to turn TLS on or of or where to configure it.

I also see for another attempt in the log:

SASL LOGIN authentication failed: authentication failure

but as I said before I have doube- treble- and quadruple-checked the access details and I’m sure that they are right. What’s more, if I go into the users mailbox, I can see some of the test emails from the client sitting in there, so they wouldn’t have got there if the credentials were wrong would they?

I’m running on CentOS Linux 7.3.1611, Virtualmin 5.05 Pro.

sebholmes · February 6, 2017, 11:32am

I have been trying for several days now to get this working and I’m now desperate! I cannot get any client access to email. Please help urgently! Thank you.

CrankyCronos · February 6, 2017, 12:03pm

Try

service saslauthd restart

from a command line as root.

saslauthd is notorious for falling over itself after upgrades, etc.

Diabolico · February 6, 2017, 12:14pm

Its hard to help if you dont post the log files because we cant see what message your system presented for this problem. Reason could be the one posted by CrankyCronos to blocked ports, service not listening right ports, wrong login credentials… and so on. On top of that if your server is hosted from home (its just an example) then you must add even more potential problems to previously mentioned.

So how you can see without more details its hard to help. In case you didnt know, with Vm Pro you can open a support request so VM devs can take a look.

sebholmes · February 6, 2017, 12:37pm

@CrankyCronos - many thanks, but it hasn’t made any difference.
@Diabolico - thank you too. I wasn’t aware that you could open a support request from within VM Pro - should I do that for this issue now? My hunch is that it is a firewall/port issue. Also, my Virtualmin experience is long but shallow (!) and I’m not sure where to find logs, nor which logs are most appropriate. Is the logs issue answered by opening the support request from within Virtualmin too?

sebholmes · February 6, 2017, 3:09pm

The overall server is mail.net2airhosting.com. The individual Virtualmin server is nathaliehambro.com. I could try and telnet in to test the ports, but I’m a bit unclear on the syntax - should I be testing the overall server or the individual Virtualmin server please? I did try telnet pop.nathaliehambro.com and got back ‘Could not open connection to the host on port 23: Connect failed’ but I’m not sure that was a valid test because I’m too ignorant of port numbers! All help very much appreciated.

sebholmes · February 6, 2017, 10:44pm

I have now tested ports with Telnet and found that port 25 and port 110 are both fine. Port 465 has a problem, but as I was trying to set up a POP3 account by way of a test, 25/110 will do me fine. Does that help any of you? Do I have a Postfix problem perhaps?

Diabolico · February 6, 2017, 10:56pm

You have a lot of problems with both domains.

net2airhosting.com: Missing DMARC, SPF and rDNS plus is blacklisted by spameatingmonkey.net. Based on this RBL you are sending spam for the last 15 days.

nathaliehambro.com: Missing DMARC, SPF and rDNS. Wrong SOA. Allows recursive queries e.g. you allow anyone to use your nameservers what could be the main cause to be blacklisted.

Just based on missing records Gmail, Hotmail and many others will mark your emails as spam and likely you will be pretty soon blacklisted with them. Watch out as Gmail is not easy to forget, no way to contact them or be removed aside of when they decide to remove you from the blacklist. Waiting time is from 2-3 weeks for first time and “small offense”, for anything else be ready to wait from 1-2 months (minimum) up to more than a year.

First you should deal with this problems and only once you sort everything move to email smtp/pop login problem.

P.S. If this problem prevent you or your clients to send emails you are lucky, otherwise you would get yourself in some serious problems.

sebholmes · February 7, 2017, 2:19pm

Thank you Diabolico. I have now bought and paid for a Support Incident because I’m getting desperate here.

I am trying to work through adding/fixing the items above. Also got my local man to check what he can and he has sent me the following:

Virtualmin server config isn’t happy. I think its related to virtualmin expecting customers to be in /home/virtualmin…

So the question is what do we do about this and how come this has happened, and on that I’m not sure?

Anyway to reiterate the config issue:
AH00112: Warning: DocumentRoot [/home/virtualmin/nathaliehambro.com/public_html] does not exist
AH00112: Warning: DocumentRoot [/home/virtualmin/nathaliehambro.com/public_html] does not exist
AH00526: Syntax error on line 448 of /etc/httpd/conf/httpd.conf:
SSLCertificateFile: file ‘/home/nathaliehambro2014/ssl.cert’ does not exist or is empty

This is what the OS thinks:
[root@net2airhosting home]# ls -al
total 12
drwxr-xr-x 3 root root 4096 Jan 29 17:33 .
dr-xr-xr-x 19 root root 4096 Jan 12 15:25 …
drwxr-x— 13 nathaliehambro2014 nathaliehambro2014 4096 Feb 5 05:32 nathaliehambro2014

So neither is right…

Looking at the apache config it’s a mix of both:
<VirtualHost 176.31.38.229:80>
SuexecUserGroup “#510” “#502”
ServerName nathaliehambro.com
ServerAlias www.nathaliehambro.com
ServerAlias webmail.nathaliehambro.com
ServerAlias admin.nathaliehambro.com
ServerAlias autoconfig.nathaliehambro.com
ServerAlias autodiscover.nathaliehambro.com
DocumentRoot /home/virtualmin/nathaliehambro.com/public_html
ErrorLog /var/log/virtualmin/nathaliehambro.com_error_log
CustomLog /var/log/virtualmin/nathaliehambro.com_access_log combined
ScriptAlias /cgi-bin/ /home/nathaliehambro2014/cgi-bin/
ScriptAlias /AutoDiscover/AutoDiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi
ScriptAlias /Autodiscover/Autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi
ScriptAlias /autodiscover/autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/virtualmin/nathaliehambro.com/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php5

<Directory /home/nathaliehambro2014/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.nathaliehambro.com
RewriteRule ^(.) https://nathaliehambro.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.nathaliehambro.com
RewriteRule ^(.) https://nathaliehambro.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
RedirectMatch ^/(?!.well-known)(.)$ https://nathaliehambro.com/$1
Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi
Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi

<VirtualHost 176.31.38.229:443>
SuexecUserGroup “#510” “#502”
ServerName nathaliehambro.com
ServerAlias www.nathaliehambro.com
ServerAlias webmail.nathaliehambro.com
ServerAlias admin.nathaliehambro.com
ServerAlias autoconfig.nathaliehambro.com
ServerAlias autodiscover.nathaliehambro.com
DocumentRoot /home/virtualmin/nathaliehambro.com/public_html
ErrorLog /var/log/virtualmin/nathaliehambro.com_error_log
CustomLog /var/log/virtualmin/nathaliehambro.com_access_log combined
ScriptAlias /cgi-bin/ /home/nathaliehambro2014/cgi-bin/
ScriptAlias /AutoDiscover/AutoDiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi
ScriptAlias /Autodiscover/Autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi
ScriptAlias /autodiscover/autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/virtualmin/nathaliehambro.com/public_html>
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted
AddType application/x-httpd-php .php
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php5

<Directory /home/nathaliehambro2014/cgi-bin>
allow from all
AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
Require all granted

RewriteEngine on
RewriteCond %{HTTP_HOST} =webmail.nathaliehambro.com
RewriteRule ^(.) https://nathaliehambro.com:20000/ [R]
RewriteCond %{HTTP_HOST} =admin.nathaliehambro.com
RewriteRule ^(.*) https://nathaliehambro.com:10000/ [R]
RemoveHandler .php
RemoveHandler .php5
php_admin_value engine Off
IPCCommTimeout 31
FcgidMaxRequestLen 1073741824
SSLEngine on
SSLCertificateFile /home/nathaliehambro2014/ssl.cert
SSLCertificateKeyFile /home/nathaliehambro2014/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi
Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi

All input most welcome.

sebholmes · February 7, 2017, 2:57pm

Apologies for the poor formatting. Here’s a second attempt:

Anyway to reiterate the config issue:

AH00112: Warning: DocumentRoot [/home/virtualmin/nathaliehambro.com/public_html] does not exist

AH00526: Syntax error on line 448 of /etc/httpd/conf/httpd.conf:

SSLCertificateFile: file ‘/home/nathaliehambro2014/ssl.cert’ does not exist or is empty

This is what the OS thinks:

[root@net2airhosting home]# ls -al

total 12

drwxr-xr-x 3 root root 4096 Jan 29 17:33 .

dr-xr-xr-x 19 root root 4096 Jan 12 15:25 …

drwxr-x— 13 nathaliehambro2014 nathaliehambro2014 4096 Feb 5 05:32 nathaliehambro2014

So neither is right…

Looking at the apache config it’s a mix of both:

SuexecUserGroup “#510” “#502”

ServerName nathaliehambro.com

ServerAlias www.nathaliehambro.com

ServerAlias webmail.nathaliehambro.com

ServerAlias admin.nathaliehambro.com

ServerAlias autoconfig.nathaliehambro.com

ServerAlias autodiscover.nathaliehambro.com

DocumentRoot /home/virtualmin/nathaliehambro.com/public_html

ErrorLog /var/log/virtualmin/nathaliehambro.com_error_log

CustomLog /var/log/virtualmin/nathaliehambro.com_access_log combined

ScriptAlias /cgi-bin/ /home/nathaliehambro2014/cgi-bin/

ScriptAlias /AutoDiscover/AutoDiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi

ScriptAlias /Autodiscover/Autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi

ScriptAlias /autodiscover/autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi

DirectoryIndex index.html index.htm index.php index.php4 index.php5

Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI

allow from all

AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

Require all granted

AddType application/x-httpd-php .php

AddHandler fcgid-script .php

AddHandler fcgid-script .php5

FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php

FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php5

allow from all

AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

Require all granted

RewriteEngine on

RewriteCond %{HTTP_HOST} =webmail.nathaliehambro.com

RewriteRule ^(.*) https://nathaliehambro.com:20000/ [R]

RewriteCond %{HTTP_HOST} =admin.nathaliehambro.com

RewriteRule ^(.*) https://nathaliehambro.com:10000/ [R]

RemoveHandler .php

RemoveHandler .php5

php_admin_value engine Off

IPCCommTimeout 31

FcgidMaxRequestLen 1073741824

RedirectMatch ^/(?!.well-known)(.*)$ https://nathaliehambro.com/$1

Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi

Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi

SuexecUserGroup “#510” “#502”

ServerName nathaliehambro.com

ServerAlias www.nathaliehambro.com

ServerAlias webmail.nathaliehambro.com

ServerAlias admin.nathaliehambro.com

ServerAlias autoconfig.nathaliehambro.com

ServerAlias autodiscover.nathaliehambro.com

DocumentRoot /home/virtualmin/nathaliehambro.com/public_html

ErrorLog /var/log/virtualmin/nathaliehambro.com_error_log

CustomLog /var/log/virtualmin/nathaliehambro.com_access_log combined

ScriptAlias /cgi-bin/ /home/nathaliehambro2014/cgi-bin/

ScriptAlias /AutoDiscover/AutoDiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi

ScriptAlias /Autodiscover/Autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi

ScriptAlias /autodiscover/autodiscover.xml /home/nathaliehambro2014/cgi-bin/autoconfig.cgi

DirectoryIndex index.html index.htm index.php index.php4 index.php5

Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI

allow from all

AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

Require all granted

AddType application/x-httpd-php .php

AddHandler fcgid-script .php

AddHandler fcgid-script .php5

FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php

FCGIWrapper /home/nathaliehambro2014/fcgi-bin/php5.fcgi .php5

allow from all

AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch

Require all granted

RewriteEngine on

RewriteCond %{HTTP_HOST} =webmail.nathaliehambro.com

RewriteRule ^(.*) https://nathaliehambro.com:20000/ [R]

RewriteCond %{HTTP_HOST} =admin.nathaliehambro.com

RewriteRule ^(.*) https://nathaliehambro.com:10000/ [R]

RemoveHandler .php

RemoveHandler .php5

php_admin_value engine Off

IPCCommTimeout 31

FcgidMaxRequestLen 1073741824

SSLEngine on

SSLCertificateFile /home/nathaliehambro2014/ssl.cert

SSLCertificateKeyFile /home/nathaliehambro2014/ssl.key

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1

Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi

Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi

Diabolico · February 7, 2017, 5:06pm

You should use code tags when you post such things so sorry i just dont have time to go trough whole list. But i can tell you aside of earlier mentioned things looks like you have wrong configuration with Apache as domain/virtual host should be in “/home/virtual_host/” and not “/home/virtualmin/virtual_host/”. I’m not sure how did you manage to accumulate so many problems because Vm is pretty good in setting up this stuff so i suspect you or someone else went upgrading default software (like MySQL, Apache…) or changing .conf files not knowing how.

sebholmes · February 7, 2017, 5:38pm

Hi Diabolico. Thank you for that. That’s more-or-less the conclusion that we have come to except that we are not aware of any upgrading. Anyway, however we got here, we don’t know how best to resolve it. I have now bought and paid for a Support Incident in the hope that one of you can look at it and either fix it or tell us how to fix it. The server is live in that it is receiving incoming email. I am working on adding all the DNS bits that you suggested earlier, but we clearly need to get the basic config right. I have a load of other domains waiting to migrate onto this platform and so we need somehow to get it fixed so that we can all move on.

FWIW, the initial installation of the individual domain was done by restoring a backup from our GPL server onto/into a newly installed and totally empty version of Virtualmin. We added a test email user and started hitting problems, which we thought we would crack quickly, but that didn’t happen. So, after repeated attempts to fix the problem (no changing config files though) failed, but we thought we were near to cracking them, we did a ‘Transfer Virtual Server’ (with a Overwrite Destination option set) from the old server to the new in order to refresh the data. That appeared to work OK (the test user on the new server disappeared and the incoming emails were brought up to date), but when I tried to re-add the test user, the system told me that it already existed, so I got help from one of you who told me which files/directories to delete. I did that (and just that) and then re-added the test user satisfactorily. We tried to accept defaults at every stage on the installation process.

Anyway, we are where we are and we need to get it fixed, so please could one of you take a look and either fix it or advise us how to please? The customer is really very unhappy as you can imagine! Thanks a lot.

Diabolico · February 7, 2017, 8:50pm

I have now bought and paid for a Support Incident in the hope that one of you can look at it and either fix it or tell us how to fix it.

If you paid for Vm support then you must wait for Vm devs to contact you as no one of us is working for Vm. We are just "normal" people who sometimes take free time and try to help others. Not sure when did you pay but they should contact you inside 24 hours from your payment. Once they make contact you can point to this topic, for log files they will have root access on your server so easy to check whatever they need to check.

I hope one day they will improve Vm backup because looking at all of you with so many problems it seems like half finished feature.