SMTP not working at all but POP3 works fine, keep getting Error: authentication failed: authentication failure

I’ve been trying to get my mail working and I think POP3 is working properly (I can receive emails), but SMTP isn’t - I try to send emails and I get “Error: authentication failed: authentication failure” in Mailbird (My mail client).

I have the username set to:
name.domain (As per Virtualmin’s instructions)
and port set to 465 with STARTTLS

What other information can I provide to help figure out this issue? Log files to look at, configs to include, etc.

We’d probably want to see the relevant entries from mail.log or the journal for postfix and saslauthd units.

When you say “per Virtualmin’s instructions” do you mean the username as it appears on the Edit Users page under the IMAP/POP3/FTP Login column? (That shows actual usernames, there may be multiple names for the same user, depending on configuration and age of system, and all should work assuming they’re allowed to send mail.)

You can check to be sure the saslauthd service is running, as well as Postfix (though if Postfix weren’t running, you wouldn’t receive new mail).

mail.log (At least the lines that relate to my login attempt)

Oct 10 19:27:07 sga postfix/smtpd[457188]: connect from ipmyip.ks.ok.cox.net[myip]
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: SASL authentication failure: unable to canonify user and get auxprops
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: ipmyip.ks.ok.cox.net[myip]: SASL DIGEST-MD5 authentication failed: authentication failure
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: ipmyip.ks.ok.cox.net[myip]: SASL CRAM-MD5 authentication failed: authentication failure
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: SASL authentication failure: Password verification failed
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: ipmyip.ks.ok.cox.net[myip]: SASL PLAIN authentication failed: authentication failure
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: SASL authentication failure: Password verification failed
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: ipmyip.ks.ok.cox.net[myip]: SASL PLAIN authentication failed: authentication failure
Oct 10 19:27:07 sga postfix/smtpd[457188]: warning: ipmyip.ks.ok.cox.net[myip]: SASL LOGIN authentication failed: authentication failure
Oct 10 19:27:07 sga postfix/smtpd[457188]: lost connection after AUTH from ipmyip.ks.ok.cox.net[myip]
Oct 10 19:27:07 sga postfix/smtpd[457188]: disconnect from ipmyip.ks.ok.cox.net[myip] ehlo=1 auth=0/5 commands=1/6

And the virtualmin instructions from the “Email Client Settings” page

saslauthd does not appear to be running

Well, SMTP authentication is provided the saslauthd. So, that service needs to be running.

Also, only SASL PLAIN is supported (none of the SASL hash types overlap with the hash types available for Linux users in /etc/shadow), though the client should be able to figure that out automatically, I think, since the server reports what’s accepted.

I was wrong I think, I used ps aux | grep saslauthd initially but when I ran service saslauthd status just now it says active

To clarify - it’s still not working, I think saslauthd was running I was just running the wrong command to check

OK, so journalctl -fu saslauthd may have more information about why it’s failing.

Also, what’s in /etc/default/saslauthd? Just show us the non-comment lines:

grep -v -e '^#' -e '^$' /etc/default/saslauthd

journalctl -fu saslauthd:

Oct 10 20:42:35 domain.com saslauthd[481415]: * To enable saslauthd, edit /etc/default/saslauthd and set START=yes
Oct 10 20:42:35 domain.com systemd[1]: Started LSB: saslauthd startup script.
Oct 10 20:46:01 domain.com systemd[1]: Stopping LSB: saslauthd startup script…
Oct 10 20:46:01 domain.com saslauthd[482909]: * Stopping SASL Authentication Daemon saslauthd
Oct 10 20:46:01 domain.com saslauthd[482909]: …done.
Oct 10 20:46:01 domain.com systemd[1]: saslauthd.service: Succeeded.
Oct 10 20:46:01 domain.com systemd[1]: Stopped LSB: saslauthd startup script.
Oct 10 20:46:01 domain.com systemd[1]: Starting LSB: saslauthd startup script…
Oct 10 20:46:01 domain.com saslauthd[482941]: * To enable saslauthd, edit /etc/default/saslauthd and set START=yes
Oct 10 20:46:01 domain.com systemd[1]: Started LSB: saslauthd startup script.

/etc/default/saslauthd:

START=no
DESC=“SASL Authentication Daemon”
NAME=“saslauthd”
MECHANISMS=“pam”
MECH_OPTIONS=“”
THREADS=5
OPTIONS=“-c -m /var/run/saslauthd”

I really appreciate the help by the way, just wanted to say that!

So…did you remove saslauthd and reinstall it? Or was Virtualmin installed without the install script?

You’re missing the options that make any kind of username with a domain extension work, I believe (as far as I know, the -r option is still required).

Also, if your Postfix is running chrooted (which is the default in some Ubuntu versions, I believe), you’d need to specify a different path within the chroot. That should be handled automatically by the install script (or virtualmin-config, actually).

Check /etc/postfix/master. Are the smtp and submission services running in a chroot? (Look for a y in the chroot column.)

If they aren’t (a n in that column), then you need to just add -r to the OPTIONS line.

If they are (y in the chroot column), I believe you’d want:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

If you uninstalled and then reinstalled any Virtualmin dependencies, it’s possible you’ve replaced the config files with things that won’t have our modifications…which would break them. Or, if you installed without using the install script, you’re going to be missing a ton of stuff and lots of things will act weird.

This is what the grep command outputs in a production server.

START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
THREADS=5
OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"
PARAMS="-m /var/spool/postfix/var/run/saslauthd -r"

The gist of it is that your system has chrooted Postfix daemons (which is not true of all systems! we don’t change this, we use whatever the OS chooses, which is chroot on some distros and not chrooted on others), and you have the correct -r option. OP is missing the -r option, and maybe the chroot stuff.

No I didn’t reinstall anything, and I used the install script for Virtualmin. I’m not sure how this all happened

/etc/postfix/master doesn’t exist, but master.cf does

Here’s the relevant portions of master.cf:

# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (no)    (never) (100)
# ==========================================================================
smtp	inet	n	-	y	-	-	smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
#smtp      inet  n       -       y       -       1       postscreen
#smtpd     pass  -       -       y       -       -       smtpd
#dnsblog   unix  -       -       y       -       0       dnsblog
#tlsproxy  unix  -       -       y       -       0       tlsproxy
#submission inet n       -       y       -       -       smtpd

It looks like smtp is running as chroot, but submission is commented out?

/var/spool/postfix/var/run/saslauthd doesn’t exist

I didn’t uninstall or reinstall anything… I’m not sure what’s going on

Look further down. Are you sure there isn’t an active submission?

Ah! You’re right:

submission inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may
smtps inet n - y - - smtpd -o smtpd_sasl_auth_enable=yes -o smtpd_tls_security_level=may -o smtpd_tls_wrappermode=yes

At the very bottom. Looks like submission is chroot as well

OK, so, you need:

OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r"

Some distros need PARAMS set, I don’t remember which is which, but I’m gonna get you just need OPTIONS, since that’s all that it’s your config pasted above.

You also need START=yes

You definitely have a default config file, which means one of three things:

1. Virtualmin install script wasn’t used for installation.
2. saslauthd package was removed and reinstalled (probably including a --purge, since a config file should survive that in most cases).
3. The configuration portion of the install didn’t complete. It looks like Postfix did get configured (since you have sasl and TLS enabled, and I think we do that), and that happens quite near the end of the configure step, it would have had to have failed very near the end. So…maybe nothing else is broken.

I changed the OPTIONS and set START to yes but it’s still doing the same thing.

Oct 10 21:47:51 sga postfix/smtpd[499549]: connect from ipmyip.ks.ok.cox.net[myip]
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: SASL authentication failure: unable to canonify user and get auxprops
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: ipmyip.ks.ok.cox.net[myip]: SASL DIGEST-MD5 authentication failed: authentication failure
Oct 10 21:47:52 sga postfix/smtpd[499458]: lost connection after AUTH from unknown[141.98.11.68]
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: ipmyip.ks.ok.cox.net[myip]: SASL CRAM-MD5 authentication failed: authentication failure
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: SASL authentication failure: Password verification failed
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: ipmyip.ks.ok.cox.net[myip]: SASL PLAIN authentication failed: authentication failure
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: SASL authentication failure: Password verification failed
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: ipmyip.ks.ok.cox.net[myip]: SASL PLAIN authentication failed: authentication failure
Oct 10 21:47:52 sga postfix/smtpd[499549]: warning: ipmyip.ks.ok.cox.net[myip]: SASL LOGIN authentication failed: authentication failure
Oct 10 21:47:52 sga postfix/smtpd[499549]: lost connection after AUTH from ipmyip.ks.ok.cox.net[myip]
Oct 10 21:47:52 sga postfix/smtpd[499549]: disconnect from ipmyip.ks.ok.cox.net[myip] ehlo=2 starttls=1 auth=0/5 commands=3/8

Is there any harm in running the config again? What command or where in the UI is it?

I wouldn’t do that, could make things worse.
found this in the achieves, the last comment might be the help or not.

https://archive.virtualmin.com/node/57511

Did you restart saslauthd after making the change?

Yeah I ran

/etc/init.d/postfix restart
then
/etc/init.d/saslauthd restart

I don’t know if it matters, but a friend of mine whose domain I host said:

IDK if this helps but I just realized when I logged into webmail on the new server there was no “inbox” link. Just links to my folders (which were empty).

In regards to when I transferred his domain from our old server to this new one.