warning: localhost[127.0.0.1]:SASL LOGIN authentication failed: UGFzc3dvcmQ6

Discussion in 'Installation/Configuration' started by luisdyablo619, Jan 21, 2019.

  1. luisdyablo619

    luisdyablo619 New Member

    Hi so I followed the following guide to secure my ISPConfig installation. After that my postfix stopped working with the following error:

    Code:
    Jan 20 20:56:36 vps220060 postfix/smtpd[5642]: connect from localhost[127.0.0.1]
    Jan 20 20:56:38 vps220060 postfix/smtpd[5642]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Jan 20 20:56:38 vps220060 postfix/smtpd[5642]: disconnect from localhost[127.0.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The message means a wrong username or password has been used for smtp authentication. That's normally not SSL related.
     
  3. Taleman

    Taleman Well-Known Member HowtoForge Supporter

  4. luisdyablo619

    luisdyablo619 New Member

    So my /etc/dovecot/conf.d/10-logging.conf looks like the following, I have auth_verbose = yes but when I try to access the log path
    /etc/dovecot/info.log it tries to create a new file.

    Code:
    ##
    ## Log destination.
    ##
    
    # Log file to use for error messages. "syslog" logs to syslog,
    # /dev/stderr logs to stderr.
    #log_path = syslog
    
    # Log file to use for informational messages. Defaults to log_path.
    #info_log_path =
    # Log file to use for debug messages. Defaults to info_log_path.
    #debug_log_path =
    
    # Syslog facility to use if you're logging to syslog. Usually if you don't
    # want to use "mail", you'll use local0..local7. Also other standard
    # facilities are supported.
    #syslog_facility = mail
    
    ##
    
    # Log unsuccessful authentication attempts and the reasons why they failed.
    auth_verbose = yes
    
    # In case of password mismatches, log the attempted password. Valid values are
    # no, plain and sha1. sha1 can be useful for detecting brute force password
    # attempts vs. user simply trying the same password over and over again.
    # You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
    #auth_verbose_passwords = no
    
    # Even more verbose logging for debugging purposes. Shows for example SQL
    # queries.
    #auth_debug = no
    
    # In case of password mismatches, log the passwords and used scheme so the
    # problem can be debugged. Enabling this also enables auth_debug.
    #auth_debug_passwords = no
    
    # Even more verbose logging for debugging purposes. Shows for example SQL
    # queries.
    #auth_debug = no
    
    # In case of password mismatches, log the passwords and used scheme so the
    # problem can be debugged. Enabling this also enables auth_debug.
    #auth_debug_passwords = no
    
    # Enable mail process debugging. This can help you figure out why Dovecot
    # isn't finding your mails.
    #mail_debug = no
    
    # Show protocol level SSL errors.
    #verbose_ssl = no
    
    # mail_log plugin provides more event logging for mail processes.
    plugin {
      # Events to log. Also available: flag_change append
      #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
      # Available fields: uid, box, msgid, from, subject, size, vsize, flags
      # size and vsize are available only for expunge and copy events.
      #mail_log_fields = uid box msgid size
    }
    
    ##
    ## Log formatting.
    ##
    
    # Prefix for each line written to log file. % codes are in strftime(3)
    # format.
    #log_timestamp = "%b %d %H:%M:%S "
    
    # Space-separated list of elements we want to log. The elements which have
    # a non-empty variable value are joined together to form a comma-separated
    # string.
    #login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
    
    # Login log format. %s contains login_log_format_elements string, %$ contains
    
    # the data we want to log.
    #login_log_format = %$: %s
    
    # Log prefix for mail processes. See doc/wiki/Variables.txt for list of
    # possible variables you can use.
    #mail_log_prefix = "%s(%u): "
    
    # Format to use for logging mail deliveries:
    #  %$ - Delivery status message (e.g. "saved to INBOX")
    #  %m / %{msgid} - Message-ID
    #  %s / %{subject} - Subject
    #  %f / %{from} - From address
    #  %p / %{size} - Physical size
    #  %w / %{vsize} - Virtual size
    #  %e / %{from_envelope} - MAIL FROM envelope
    #  %{to_envelope} - RCPT TO envelope
    #  %{delivery_time} - How many milliseconds it took to deliver the mail
    #  %{session_time} - How long LMTP session took, not including delivery_time
    #  %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
    #deliver_log_format = msgid=%m: %$
    #  %f / %{from} - From address
    #  %p / %{size} - Physical size
    #  %w / %{vsize} - Virtual size
    #  %e / %{from_envelope} - MAIL FROM envelope
    #  %{to_envelope} - RCPT TO envelope
    #  %{delivery_time} - How many milliseconds it took to deliver the mail
    #  %{session_time} - How long LMTP session took, not including delivery_time
    #  %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
    #deliver_log_format = msgid=%m: %$
    
    
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    This file is not used on your server. The dovecot configuration file is /etc/dovecot/dovecot.conf
     
  6. luisdyablo619

    luisdyablo619 New Member

    This is what my configuration file looks like.
    I don´t see anything out of the ordinary.

    Code:
    listen = *,[::]
    protocols = imap pop3
    auth_mechanisms = plain login
    disable_plaintext_auth = no
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    mail_privileged_group = vmail
    postmaster_address = [email protected]
    ssl_cert = </etc/postfix/smtpd.cert
    ssl_key = </etc/postfix/smtpd.key
    ssl_protocols =  !SSLv3
    mail_max_userip_connections = 100
    passdb {
      args = /etc/dovecot/dovecot-sql.conf
      driver = sql
    }
    userdb {
      driver = prefetch
    }
    userdb {
      args = /etc/dovecot/dovecot-sql.conf
      driver = sql
    }
    plugin {
      quota = dict:user::file:/var/vmail/%d/%n/.quotausage
      sieve=/var/vmail/%d/%n/.sieve
      sieve_max_redirects = 25
    }
    service auth {
      unix_listener /var/spool/postfix/private/auth {
        group = postfix
        mode = 0660
        user = postfix
      }
      unix_listener auth-userdb {
        group = vmail
        mode = 0600
        user = vmail
      }
      user = root
    }
    service lmtp {
      unix_listener /var/spool/postfix/private/dovecot-lmtp {
       group = postfix
       mode = 0600
       user = postfix
      }
    }
    service imap-login {
      client_limit = 1000
      process_limit = 512
    }
    protocol imap {
      mail_plugins = quota imap_quota
    }
    protocol pop3 {
      pop3_uidl_format = %08Xu%08Xv
      mail_plugins = quota
    }
    protocol lda {
    postmaster_address = [email protected]
    mail_plugins = sieve quota
    }
    protocol lmtp {
    postmaster_address = [email protected]
      mail_plugins = quota sieve
    }
    mail_plugins = $mail_plugins quota
    
    Also when I installed ISP it said this at the end but I was never able to find that path file.
    I´m not sure if this has anything to do with it also.
    Code:
    Well done! ISPConfig installed and configured correctly :D
    
    Now you can access to your ISPConfig installation at: https://domain.com:8080 or https://domain.IP:8080
    The default ISPConfig Username is: admin
                  and the Password is: admin
    Warning: This is a security risk. Please change the default password after your first login.
    
    You will need to edit the username and password in /var/lib/roundcube/plugins/ispconfig3_account/config/config.inc.php of the roundcube user, as the one you set in ISPconfig
    
    

    The thing is I can login to all the webmails, but I am unable to receive or to send emails for any account.
     
    Last edited: Jan 21, 2019
  7. luisdyablo619

    luisdyablo619 New Member

    So I have tried everything. Should I just do a fresh re-install?
     
  8. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    You did not say sending and receiving e-mails do not work. That is a completely different problem.
    So, what happens when sending?
    And what error when mail is not received?
    What is in mail log?
     
  9. Jesse Norell

    Jesse Norell Well-Known Member

    Including verifying your email client settings? (correct username/password, port 587, using starttls, smtp authentication enabled in PLAIN mode)

    It might be faster, as it doesn't really take that long to go through a Perfect Server guide (and gets quicker the more you do it). You could even try downloading the ISPConfig installation files and just re-run update.php from there, and let it reconfigure services, that might fix things if it's a config issue.

    If you want to keep troubleshooting the existing setup, ensure that postfix is set to use dovecot for authentication ('postconf smtpd_sasl_type' should show it set to 'dovecot'). What log messages are generated in mail.log when you try to send a message from webmail?
     
  10. luisdyablo619

    luisdyablo619 New Member

    smtp authentication enabled in PLAIN mode, I have not checked this.

    I would rather keep troubleshooting as this is a production server and it will mean taking down all the services and creating everything again.
    I have dovecot.
    Code:
    [email protected]:/etc/roundcube# postconf smtpd_sasl_type
    smtpd_sasl_type = dovecot
    
    When sending I get the following error message in the webmail client:
    upload_2019-1-22_10-48-51.png

    And the error in my mail.log:
    Code:
    Jan 22 11:52:04 domain postfix/smtpd[3913]: connect from localhost[127.0.0.1]
    Jan 22 11:52:06 domain postfix/smtpd[3913]: warning: localhost[127.0.0.1]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
    Jan 22 11:52:06 domain postfix/smtpd[3913]: disconnect from localhost[127.0.0.1] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
    
    No error appears when trying to receive an email.
     
  11. luisdyablo619

    luisdyablo619 New Member

    I did the update and apache would not start, I am doing a fresh install with this guide.
    Would I still need to follow this one to secure my ISP?
     
  12. luisdyablo619

    luisdyablo619 New Member

    Ok So I followed both and everything is fine now. I just cant get my email clients to work with. I try using port 465 but no luck.
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    The normal port that is used for sending over TLS is 587 and not 465.
     
  14. luisdyablo619

    luisdyablo619 New Member

    Ok, I tried 587 and it says Error 250 authentication failed. And when using 465 it says connection timed out. I believe I have everything needed buy my emails dont work with other email clients.
     
  15. 9Can

    9Can New Member

    I just wanted to add my experience yesterday with this same issue:
    PrivateInternetAccess (my VPN) was blocking my ability to reach SMTP on Thunderbird
    I thought I couldn't connect because of this error I have in my logs also, turns out that this error was caused by a script that attempts to login every 10 seconds or so, not sure where its coming from its an IP not associated with me, I thought this error was preventing me from using Thunderbird but actually had nothing to do with me. This error is an Authentication Error, probably from a random script kiddie.
     

Share This Page