Mail issue: smtp cannot authenticate

SYSTEM INFORMATION
OS type and version ROCKY
Webmin version LATEST
Virtualmin version LATEST
Related packages PHPMAILER

RUnning a standard phpmailer test on a newly installed version of virtualmin. SMTP authentication is failing. Its fine on another older version of virtualmin same script the only thing I changed was I am using a newly created user. I can go into the inbox and send and recieve emails there no problem but when I try to send email through phpmailer it fails authentication. Used this many times but its only failing on my new install.

$mail->IsSMTP(); 
			
			
			//$mail->isHTML(true);
			$mail->SMTPDebug  = 3;
			$mail->Debugoutput = 'html';
			$mail->SMTPOptions = array(
				'ssl' => array(
					'verify_peer' => false,
					'verify_peer_name' => false,
					'allow_self_signed' => true
				)
			);
			$mail->Encoding = "base64";
			$mail->SMTPAuth = true;
			$mail->Host = "iqedtest.imatr.org";
			$mail->Port = 587;
			//$mail->AuthType = 'LOGIN';
			$mail->Username = "contact@iqedtest.imatr.org";
			$mail->Password = '--------------------------4';
			
			$mail->SMTPSecure = 'SSL';           
			
			$mail->AddAddress($school_email);//verifyable school email
			
			$mail->Subject    = $emailsubject;
			
			$mail->MsgHTML($messageuser);
			
			$mail->send();
2022-10-24 18:05:43 Connection: opening to iqedtest.imatr.org:587, timeout=300, options=array ( 'ssl' => array ( 'verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true, ),)
2022-10-24 18:05:43 Connection: opened
2022-10-24 18:05:43 SERVER -> CLIENT: 220 imatrdev2.hostnode.ca ESMTP Postfix
2022-10-24 18:05:43 CLIENT -> SERVER: EHLO iqedtest.imatr.org
2022-10-24 18:05:43 SERVER -> CLIENT: 250-imatrdev2.hostnode.ca250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-STARTTLS250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250 SMTPUTF8
2022-10-24 18:05:43 CLIENT -> SERVER: STARTTLS
2022-10-24 18:05:43 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS
2022-10-24 18:05:43 CLIENT -> SERVER: EHLO iqedtest.imatr.org
2022-10-24 18:05:43 SERVER -> CLIENT: 250-imatrdev2.hostnode.ca250-PIPELINING250-SIZE 10240000250-VRFY250-ETRN250-AUTH PLAIN LOGIN250-AUTH=PLAIN LOGIN250-ENHANCEDSTATUSCODES250-8BITMIME250-DSN250 SMTPUTF8
2022-10-24 18:05:43 CLIENT -> SERVER: AUTH LOGIN
2022-10-24 18:05:43 SERVER -> CLIENT: 334 VXNlcm5hbWU6
2022-10-24 18:05:43 CLIENT -> SERVER: Y29udGFjdEBpcWVkdGVzdC5pbWF0ci5vcmc=
2022-10-24 18:05:43 SERVER -> CLIENT: 334 UGFzc3dvcmQ6
2022-10-24 18:05:43 CLIENT -> SERVER: ODY2ZmU2MWI3YTI4OTQ3OWJlNjYxOTg1Nzc3NzJmYTQ=
2022-10-24 18:05:45 SERVER -> CLIENT: 535 5.7.8 Error: authentication failed: authentication failure
2022-10-24 18:05:45 SMTP ERROR: Password command failed: 535 5.7.8 Error: authentication failed: authentication failure
SMTP Error: Could not authenticate.
2022-10-24 18:05:45 CLIENT -> SERVER: QUIT
2022-10-24 18:05:45 SERVER -> CLIENT: 221 2.0.0 Bye
2022-10-24 18:05:45 Connection: closed

So noticed this archived post : Roundcube SMTP error authentication failed on SASL auth failure [#68527] | Virtualmin
Fixed the authentication issue.
a bug?

I’m actually confused why that solution would have worked. The postfix config they posted did not indicate Postfix services were running in a chroot, I don’t think. And, as far as I know, Postfix does not default to running in a chroot on Rocky.

But, I don’t really have other ideas for what’s going on, I’d need to see the relevant maillog entries (or from the relevant journal unit(s), if there isn’t a maillog).

postfix/smtp[440682]: fatal: specify a password table via thesmtp_sasl_password_maps’ configuration parameter`

THis is the journal entry

You’ve modified your Postfix configuration to try to use smtp client passwords (partially, you’re missing some config to do that). That’s probably not what you meant to do.

I’m guessing you have smtp_sasl_auth_enable = yes, and probably should not. You can just delete that line.

You should, however, have smtpd_sasl_auth_enable = yes (note smtpd vs smtp). One is the server side (smtpd) of Postfix the other is the client side (smtp). It’s very unusual to need the latter in a virtual hosting system. This is configuration that’s already done for you when you installed Virtualmin.

1 Like

Ok Joe Thanks. Straight out of the box simply using the mail client works fine. It gets a little tricky when using phpmailer() or mail() to generate emails through my php apps. Is there a specific ideal configuration for postfix (for using mail or phpmailer where a username and password and ssl is required) or do I just need to note your last post? As you can tell Im a developer but not really a good server admin. Going to create another post for this.

The default configuration of Postfix that you get when you install Virtualmin should be fine for most virtual hosting environments. But, that’s not the config you have. You’ve altered at least the smtp_sasl_auth_enable directive, which is causing an error.

There is no need to create another post. Undo your changes to the postfix configuration, and then try again. If you continue to have trouble, post the new errors from the maillog.

Is there wa way to reset to the default postfix configuration and start over?

Not safely. Doing so would delete the virtual maps which is needed for mail delivery to users.

Start by just deleting that line as I suggested.

Oops too late, I edited the virtual server by removing mail, virus and spam and setting it back. So when I do an SMTP banner check:

SMTP Banner Check Reverse DNS does not match SMTP Banner Information More Info
Status Warning SMTP TLS Warning - Does not support TLS. Information More Info
Status Warning SMTP Server Disconnected May be an open relay. Information More Info
Status Ok SMTP Reverse DNS Mismatch OK - 149.56.247.124 resolves to ip124.ip-149-56-247.net
Status Ok SMTP Valid Hostname OK - Reverse DNS is a valid Hostname

Have you done what I suggested? And, then have you looked a the maillog afterward?

Yes. The security issue is gone. so I am able to send out email - however only to my one outlook account others are blocked - so i need to setup DKIM and spf for this. Usermin mail not functioning but I can send out email through the backend. there is no mail.log only procmail.log…do I have to turn this on ?