Mail issue: smtp cannot authenticate

domjag · October 24, 2022, 6:20pm

SYSTEM INFORMATION
OS type and version	ROCKY
Webmin version	LATEST
Virtualmin version	LATEST
Related packages	PHPMAILER

RUnning a standard phpmailer test on a newly installed version of virtualmin. SMTP authentication is failing. Its fine on another older version of virtualmin same script the only thing I changed was I am using a newly created user. I can go into the inbox and send and recieve emails there no problem but when I try to send email through phpmailer it fails authentication. Used this many times but its only failing on my new install.

$mail->IsSMTP(); 
			
			
			//$mail->isHTML(true);
			$mail->SMTPDebug  = 3;
			$mail->Debugoutput = 'html';
			$mail->SMTPOptions = array(
				'ssl' => array(
					'verify_peer' => false,
					'verify_peer_name' => false,
					'allow_self_signed' => true
				)
			);
			$mail->Encoding = "base64";
			$mail->SMTPAuth = true;
			$mail->Host = "iqedtest.imatr.org";
			$mail->Port = 587;
			//$mail->AuthType = 'LOGIN';
			$mail->Username = "contact@iqedtest.imatr.org";
			$mail->Password = '--------------------------4';
			
			$mail->SMTPSecure = 'SSL';           
			
			$mail->AddAddress($school_email);//verifyable school email
			
			$mail->Subject    = $emailsubject;
			
			$mail->MsgHTML($messageuser);
			
			$mail->send();

2022-10-24 18:05:43 Connection: opening to iqedtest.imatr.org:587, timeout=300, options=array ( 'ssl' => array ( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true, ),)
2022-10-24 18:05:43 Connection: opened
2022-10-24 18:05:43 SERVER -> CLIENT: 220 imatrdev2.hostnode.ca ESMTP Postfix
2022-10-24 18:05:43 CLIENT -> SERVER: EHLO iqedtest.imatr.org
2022-10-24 18:05:43 SERVER -> CLIENT: 250-imatrdev2.hostnode.ca250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250 SMTPUTF8
2022-10-24 18:05:43 CLIENT -> SERVER: STARTTLS
2022-10-24 18:05:43 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2022-10-24 18:05:43 CLIENT -> SERVER: EHLO iqedtest.imatr.org
2022-10-24 18:05:43 SERVER -> CLIENT: 250-imatrdev2.hostnode.ca250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250 SMTPUTF8
2022-10-24 18:05:43 CLIENT -> SERVER: AUTH LOGIN
2022-10-24 18:05:43 SERVER -> CLIENT: 334 VXNlcm5hbWU6
2022-10-24 18:05:43 CLIENT -> SERVER: Y29udGFjdEBpcWVkdGVzdC5pbWF0ci5vcmc=
2022-10-24 18:05:43 SERVER -> CLIENT: 334 UGFzc3dvcmQ6
2022-10-24 18:05:43 CLIENT -> SERVER: ODY2ZmU2MWI3YTI4OTQ3OWJlNjYxOTg1Nzc3NzJmYTQ=
2022-10-24 18:05:45 SERVER -> CLIENT: 535 5.7.8 Error: authentication failed: authentication failure
2022-10-24 18:05:45 SMTP ERROR: Password command failed: 535 5.7.8 Error: authentication failed: authentication failure
SMTP Error: Could not authenticate.
2022-10-24 18:05:45 CLIENT -> SERVER: QUIT
2022-10-24 18:05:45 SERVER -> CLIENT: 221 2.0.0 Bye
2022-10-24 18:05:45 Connection: closed

domjag · October 24, 2022, 8:39pm

So noticed this archived post : Roundcube SMTP error authentication failed on SASL auth failure [#68527] | Virtualmin
Fixed the authentication issue.
a bug?

Joe · October 24, 2022, 11:23pm

I’m actually confused why that solution would have worked. The postfix config they posted did not indicate Postfix services were running in a chroot, I don’t think. And, as far as I know, Postfix does not default to running in a chroot on Rocky.

But, I don’t really have other ideas for what’s going on, I’d need to see the relevant maillog entries (or from the relevant journal unit(s), if there isn’t a maillog).

domjag · October 25, 2022, 1:03am

postfix/smtp[440682]: fatal: specify a password table via thesmtp_sasl_password_maps’ configuration parameter`

THis is the journal entry

Joe · October 25, 2022, 3:25am

You’ve modified your Postfix configuration to try to use smtp client passwords (partially, you’re missing some config to do that). That’s probably not what you meant to do.

I’m guessing you have smtp_sasl_auth_enable = yes, and probably should not. You can just delete that line.

You should, however, have smtpd_sasl_auth_enable = yes (note smtpd vs smtp). One is the server side (smtpd) of Postfix the other is the client side (smtp). It’s very unusual to need the latter in a virtual hosting system. This is configuration that’s already done for you when you installed Virtualmin.

domjag · October 25, 2022, 1:24pm

Ok Joe Thanks. Straight out of the box simply using the mail client works fine. It gets a little tricky when using phpmailer() or mail() to generate emails through my php apps. Is there a specific ideal configuration for postfix (for using mail or phpmailer where a username and password and ssl is required) or do I just need to note your last post? As you can tell Im a developer but not really a good server admin. Going to create another post for this.

Joe · October 25, 2022, 4:41pm

The default configuration of Postfix that you get when you install Virtualmin should be fine for most virtual hosting environments. But, that’s not the config you have. You’ve altered at least the smtp_sasl_auth_enable directive, which is causing an error.

There is no need to create another post. Undo your changes to the postfix configuration, and then try again. If you continue to have trouble, post the new errors from the maillog.

domjag · October 25, 2022, 4:44pm

Is there wa way to reset to the default postfix configuration and start over?

Joe · October 25, 2022, 4:51pm

Not safely. Doing so would delete the virtual maps which is needed for mail delivery to users.

Start by just deleting that line as I suggested.

domjag · October 25, 2022, 4:56pm

Oops too late, I edited the virtual server by removing mail, virus and spam and setting it back. So when I do an SMTP banner check:

SMTP Banner Check Reverse DNS does not match SMTP Banner More Info
SMTP TLS Warning - Does not support TLS. More Info
SMTP Server Disconnected May be an open relay. More Info
SMTP Reverse DNS Mismatch OK - 149.56.247.124 resolves to ip124.ip-149-56-247.net
SMTP Valid Hostname OK - Reverse DNS is a valid Hostname

Joe · October 25, 2022, 10:50pm

Have you done what I suggested? And, then have you looked a the maillog afterward?

domjag · October 26, 2022, 1:53pm

Yes. The security issue is gone. so I am able to send out email - however only to my one outlook account others are blocked - so i need to setup DKIM and spf for this. Usermin mail not functioning but I can send out email through the backend. there is no mail.log only procmail.log…do I have to turn this on ?

system · December 25, 2022, 1:54pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.