Thunderbird: An error occurred sending mail: Unable to authenticate to SMTP server

Hi,

I get an error from Thunderbird when trying to send mail. How do i authenticate it please?

Howdy,

Whenever you get errors like that, you’ll typically need to take a look in the log files to get more information.

If you look in the email log (either /var/log/maillog or /var/log/mail.log, depending on your distribution) – what error(s) do you see around the time you’re trying to connect with Thunderbird?

-Eric

Feb 18 11:42:43 s05 postfix/smtpd[3414]: warning: No server certs available. TLS won’t be enabled
Feb 18 11:42:43 s05 postfix/smtpd[3414]: connect from…

No cert meaning no ssl cert right?
Is there a way round this for now or do you recommend setting up an ssl now?

Well, typically, it should work out of the box with a self-signed cert. You shouldn’t have to set anything up there.

What OS/distribution are you using? And how did you install Virtualmin – did you use the install.sh script?

-Eric

CentOS 5.4 and yes I installed it with install.sh

If you say it should work right out of the box then I think I’ll just go ahead and do a fresh install of CentOS because I have been messing with settings quite a bit. Its no big deal to do a fresh install and I’m getting good at it now. Each time I start fresh I have a bit more knowledge about Virtualmin.

If you could just answer this one for me, its off topic but this will probably help me next time around…

…I’m using godaddy nameservers for now, should I be using BIND or should I have it disabled? My VS’s work with or without BIND enabled but which setting would be right or does it not matter?

If you say it should work right out of the box then I think I’ll just go ahead and do a fresh install of CentOS because I have been messing with settings quite a bit.

Yeah, out of the box with a CentOS/Virtualmin install, you’d end up with a self-signed SSL certificate available in Postfix. The errors you’re getting above suggest that somewhere along the line, that SSL certificate may have been removed.

I’m using godaddy nameservers for now, should I be using BIND or should I have it disabled? My VS’s work with or without BIND enabled but which setting would be right or does it not matter?

If you’re happy using GoDaddy’s nameservers, there’s no problem with doing that. What I’d suggest in that case is to disable the DNS feature in System Settings -> Features and Plugins, so that Virtualmin doesn’t think it’s managing your DNS.

-Eric

Ok I’ll leave the GoDaddy DNS questions for another post, lol, lets see if we can get to the bottom of this email problem with Thunderbird :slight_smile:

I’m back with a fresh install with my primary server and a test server (jevedesigns.com). I created an email user under jevedesigns.com.

In the thunderbird account setup it checks the ports and immedaitely finds the IMAP settings:

Incoming: imap.jevedesigns.com IMAP 143 STARTTLS

For outgoing it takes some time searching through the ports and ends up with
Outgoing: smtp.jevedesigns.com SMTP 25 None (there is a warning that this is an insecure server (I guess that is due to the self signed cert.))

I then create the account modifying the username from xxxx to xxxx.jevedesigns and the account is created. Sent a test email…

…The mail got sent (progress) but did not reach the recipient and was returned as undelivered by hotmail to my jevedesigns account. The reason they say is due to their policy of not accepting unauthenticated mail from a dynamic IP.

So I got to the SMTP Server setting and put a checkmark next to ‘Use Secure Authentication’ and tried again. Now I get this error:

Sending of message failed.
An error occurred sending mail: Unable to authenticate to SMTP server smtp.jevedesigns.com. The server does not support any compatible secure authentication mechanism but you have chosen secure authentication. Try switching off secure authentication or contact your service provider.

If you look in /etc/postfix/master.cf, near the top, there should be some lines that look like this:

submission inet n - - - - smtpd -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING smtps inet n - - - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o milter_macro_daemon_name=ORIGINATING

If those lines are commented out, you may need to uncomment them and restart Postfix. At that point, Thunderbird should be able to authenticate using SSL with your server.

-Eric

The extra/different lines you see shouldn’t matter – that’s just a difference in how various distributions set them up.

Once you’ve restarted Postfix – the next step is to make sure that Thunderbird is using the SSL port rather than the plaintext 25.

In Thunderbird, make sure that rather than port 25, it’s connecting to port 587 or 465, and that it’s using SSL.

-Eric

They were indeed commented out but mine slightly different:

smtp inet n - n - - smtpd -o smtpd_sasl_auth_enable=yes
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject

I uncommented them and restarted the server and received the same error. Next I added the extra 2 lines you had and retried with same results. No luck!

Tried 587 and 465, and they both timed out with:

Sending of message failed.
The message could not be sent because the connection to SMTP server smtp.jevedesigns.com timed out. Try again or contact your network administrator.

Yeah, when I attempt to reach 587 and 465 on the host you mentioned above, I’m unable to connect… that likely means one or more of:

  1. The extra line you added to your config from my post above broke things – I might suggest removing anything that wasn’t the default in your installation.

  2. Postfix wasn’t restarted after uncommenting those lines.

  3. Your server is behind a firewall, and the firewall isn’t allowing those ports to pass through.

-Eric

When you told me that the extra lines didn’t matter I removed them and rebooted the server so postfix has had a restart. BTW what is the best way to restart postfix beacuse I have been performing a server reboot each time, Postfix Mail Server>Stop Postfix… …Start Postfix?

I disabled the firewall and that didn’t work either. (firewall is back on) :frowning:

What you did to restart Postfix works perfectly fine.

Another way is to run “/etc/init.d/postfix restart” from the command line.

What do you see if you run this command:

netstat -an | grep :587

tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN

…and the same with the firewall disabled.

Okay. So what that means, is that your server is correctly listening on port 587.

If you’re not getting to port 587 on your server, then something is preventing you from accessing it.

That could be any number of things, from a firewall, lack of port forwarding, your ISP, or otherwise, I’m not sure; but, the daemon is running properly :slight_smile:

-Eric

I checked the port with http://www.whatsmyip.org/ports/ and it said it was closed.

Opened the port with:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT

And now the port check says its open! I can telnet jevedesigns.com 587 but still Thunderbird is timing out. :frowning:

Now that you updated the firewall, it’s no longer out-right rejecting connections on port 587, it attempts to connect and hangs.

Take a peek in /var/log/maillog, do you see any messages there while trying to connect to port 587?

-Eric

Feb 18 21:16:15 s05 postfix/master[2886]: warning: process /usr/libexec/postfix/smtpd pid 6688 exit status 1
Feb 18 21:16:15 s05 postfix/master[2886]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling
Feb 18 21:16:40 s05 postfix/smtpd[6690]: fatal: No server certs available. TLS can’t be enabled
Feb 18 21:16:41 s05 postfix/master[2886]: warning: process /usr/libexec/postfix/smtpd pid 6690 exit status 1
Feb 18 21:16:41 s05 postfix/master[2886]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling
Feb 18 21:17:15 s05 postfix/smtpd[6693]: fatal: No server certs available. TLS can’t be enabled
Feb 18 21:17:16 s05 postfix/master[2886]: warning: process /usr/libexec/postfix/smtpd pid 6693 exit status 1
Feb 18 21:17:16 s05 postfix/master[2886]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling
Feb 18 21:17:41 s05 postfix/smtpd[6715]: fatal: No server certs available. TLS can’t be enabled
Feb 18 21:17:42 s05 postfix/master[2886]: warning: process /usr/libexec/postfix/smtpd pid 6715 exit status 1
Feb 18 21:17:42 s05 postfix/master[2886]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling
Feb 18 21:18:16 s05 postfix/smtpd[6717]: fatal: No server certs available. TLS can’t be enabled
Feb 18 21:18:17 s05 postfix/master[2886]: warning: process /usr/libexec/postfix/smtpd pid 6717 exit status 1
Feb 18 21:18:17 s05 postfix/master[2886]: warning: /usr/libexec/postfix/smtpd: bad command startup – throttling

Hrm, there’s something unusual about your setup :slight_smile: I’ve never seen those errors before…

Can you post your /etc/postfix/main.cf and /etc/postfix/master.cf files?

Also, what does this command show:

rpm -qa | grep postfix

-Eric