Skip to main content
Topic: Server mail, please help! (Read 3889 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Server mail, please help!

I'm about at my wit's end.  Setting up a new server.  Most things are operational.  LEMP stack with ispconfig.  Everything works well except mail.  Forums can send out mail but it's a big no-go with clients.  Not that my knowledge is all that great with other server aspects, but this is all new territory for me setting up mail services.  Dumb as a fence post you might say.  Anyway, here's the guide I followed:

https://www.howtoforge.com/perfect-server-centos-6.4-x86_64-nginx-dovecot-ispconfig-3-p4

So the setup includes dovecot, postfix, and squirrelmail.

The problem is authentication fails with any account I try.  Telnet authentication fails as well.  In desperation I tried this setup as well:

http://linuxgateway.in/how-to-configure-sasl-and-tlsssl-in-postfix-on-centos-6-5-24/


Here's a sample from the error logs:

Code: [Select]
imap-login: Info: Aborted login (auth failed, 1 attempts):

Don't assume I've done anything at all correctly.  Again, this is a first.  Can anyone help?  This fight is going on two weeks.  What should be checked, or what is the next step?  Thanks!!

Re: Server mail, please help!

Reply #1

When I tried, I seem to remember I followed either the linode guide or the digitalocean one, I don't remember.
I think I was able to have it working, even though at the end I gave up for one of those control panels...
Bugs creator.
Features destroyer.
Template killer.

Re: Server mail, please help!

Reply #2

I noted the tutorial you follow doesn't setup ssl or tls for your mail server. The problem with the second guide is - it is using openssl, so try to change that to LE. Follow my guide in here for that: https://www.howtoforge.com/community/threads/integrate-lets-encrypt-ssl-certificates-into-ispconfig.71055/page-7#post-355116

After that, read this: https://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl. There are a little bit tricky since nginx approach is not the same as apache so don't do 1-5 and 7. In 6, dont do "postconf -e 'smtpd_tls_CAfile = /usr/local/ispconfig/interface/ssl/startssl.chain.class1.server.crt'".  Do #9 for ftp too. I guess you don't have courier or monit, but if you have, you can follow the step in 8 and 10 as it is correct for nginx as well.

That said, you may still have problem with sending mail as the receiving server may not celebrate your server. For this, use relayhost which you can find in mail config for your server config.

Re: Server mail, please help!

Reply #3

While having breakfast, I read through the whole things again and I noticed that the second guide you followed is quite different from what are suggested in ISPConfig HowToForge tutorials.

For instance for postfix master.cf normally we use this:
Code: [Select]
submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

smtps     inet  n       -       -       -       -       smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

Note that we don't use / enable "-o milter_macro_daemon_name=ORIGINATING" in it and we add log file for each of the smtps and submission.

We also do not touch any of dovecot default config files as it is not necessary for nginx i.e. we use default settings. I do think (but I am not sure) that when you enable ssl for ispconfig via install or update, other settings will also be affected by it OR there is no need to enable ssl for dovecot as it will not open on its own but via ISPConfig (which you already set its ssl).

Further, by default dovecot is using postfix ssl which we already covered postfix ssl via step 6 which I mentioned for you to follow, which you can see in dovecot default config.
Code: [Select]
ssl_cert = </etc/postfix/ssl/smtpd.crt
ssl_key = </etc/postfix/ssl/smtpd.key

For the relayhost, if you are using gmail, free or paid, you have to enter [smtp-relay.gmail.com]:587 and not [smtp.gmail.com]:587, otherwise you might end up sending using your gmail address instead of your clients. Your email address should be entered in there. But for this to work, you don't use your gmail password but app auto generated secret password.

To create this, enter your account, under "Signing in to Google", and enable two factor authentication. After you are properly done with it, you will see another button created under it i.e. "App passwords". Click and created your app password by selecting others, name it your preferred name and upon confirming your app secret password will be generated. Use this in the password field.

Feel free to ask further.

Note:
1. Gmail (free or paid) has certain limits per day while sending out your emails.
2. You may also use roundcube instead of squirrelmail as it looks nicer and better. For this, there are tutorials which you can follow at HowToForge. If you want to test it first, I can pm you a test account for my roundcube setup.

Re: Server mail, please help!

Reply #4

Thank you very much guys.  So much to learn here.  Hopefully in a day or two I'll have time to take another stab.  Your advice is valuable! 

Agreed, Roundcube is much nicer.  Had it on the old cpanel server.  It's quite refined. 

Thanks again!  Updates to come!

Re: Server mail, please help!

Reply #5

After some thought, everything has been monkeyed with too much to logically troubleshoot.  Decided to uninstall dovecot and postfix.  Deleted their directories to be sure the reinstall would be vanilla.  Reinstalled ispconfig so it would reconfigure services.  No errors on reinstall at any point.  Same problem with authentication.  Where should I go from here?

Re: Server mail, please help!

Reply #6

If you are getting that error (imap-login) when you use squirrelmail then ditch it and move to roundcube.  squirrelmail has not been updated in some time and can be madding to get running, if you even can.

Re: Server mail, please help!

Reply #7

Quote from: badmonkey –
Code: [Select]
imap-login: Info: Aborted login (auth failed, 1 attempts):

Actually we may need more details on this. You can hide important info in your post, but to advice further without details in the error log, is more on guessing rather than troubleshooting.

I do however note that it is stated as aborted and not disconnected. So my further guess is:
1. Check whether your squirrelmail config contains your server domain/serverip or localhost/local ip. It should be localhost or local ip. 2. Check whether you can access your database for squirrelmail via phpmyadmin or terminal using its db username and db password.

It could be your settings are not using database, so you can fix this, if it's not.

Note:
1. Also make sure you are using full email address (name@domain) in its username field and not just username (name).
2. I'd also follow @Spuds advice and ditch it for roundcube instead. The current stable version is 1.2.3 though mine is still 1.2 beta, as in my case, due to debian/ubuntu repository issue, an upgrade can only be done manually, of which I failed to :(.

Re: Server mail, please help!

Reply #8

Thanks guys!  The problem is occurring prior to squirrelmail.  Login over telnet fails as well. 

Code: [Select]
 telnet localhost 143
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
a login mtnman@awaycamping.com password
a NO [AUTHENTICATIONFAILED] Authentication failed.



Then in the mail log:

Code: [Select]
Feb  9 02:58:24 dovecot: imap-login: Disconnected: Inactivity (auth failed, 1 attempts): user=<mtnman@awaycamping.com>, method=PLAIN, rip=::1, lip=::1, secured



This is in the mail log when trying to login with squirrelmail:

Code: [Select]
Feb  9 02:57:55  postfix/smtpd[21547]: warning: SASL: Connect to private/auth failed: Permission denied
Feb  9 02:57:55  postfix/smtpd[21547]: fatal: no SASL authentication mechanisms
Feb  9 02:57:56  postfix/master[18521]: warning: process /usr/libexec/postfix/smtpd pid 21547 exit status 1
Feb  9 02:57:56  postfix/master[18521]: warning: /usr/libexec/postfix/smtpd: bad command startup -- throttling


Is any of this of value for diagnostics? 

Re: Server mail, please help!

Reply #9

OK, found that the imap username format is web[X]_username, not user@domain.com.  The result is still a failure. 

Re: Server mail, please help!

Reply #10

So far that I know the format for login a webmail service is always the full email address and its password.

By the way, did you manage to log into its database using its db username and password? That is one of the important check.

Other than that, if you still stucked with it, just ditch squirrelmail and replace it with roundcube as @Spuds suggested.

Back to your error logs, they are actually important as searching for them in google alone will let us to one of the following solutions / answers:
https://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory
http://serverfault.com/questions/609643/centos-6-5-webmail-server-warning-sasl-connect-to-private-auth-failed-no-suc
http://serverfault.com/questions/670895/dovecot-smtpd-sasl-auth-error-fatal-no-sasl-authentication-mechanisms
http://serverfault.com/questions/571191/postfix-fatal-no-sasl-authentication-mechanisms
http://serverfault.com/questions/664416/postfix-fatal-no-sasl-authentication-mechanisms-unable-to-telnet
http://serverfault.com/questions/574044/dovecot-imap-authentication-failed
https://www.howtoforge.com/community/threads/not-receiving-mail.66900/

;)

Re: Server mail, please help!

Reply #11

Thanks ahrasis.  No luck there.  Perhaps it's time to sign up on howtoforge and ask. 

Re: Server mail, please help!

Reply #12

Not even the first one (https://www.howtoforge.com/postfix-dovecot-warning-sasl-connect-to-private-auth-failed-no-such-file-or-directory)? I think that one is very specific but it is just my thought. If you have reloaded everything and still they are not working, then asking there is a very good idea too. Do note that free members may not get attention as good as subscribed members.