19 posts / 0 new
Last post
#1 Sun, 12/13/2009 - 01:06
coreymanshack

SMTP Trouble

I am unable to send mail from my desktop client using the credintials usermin gives me, but I am able to send it through usermin... what am I missing here? credentials are..

username: request.zapphost

Sun, 12/13/2009 - 09:10
andreychek

Well, you'll have to give us some more details than that :-)

What's not working exactly? What errors are you seeing on the desktop client?

On the server, what errors show up in the email log (either /var/log/mail.log or /var/log/maillog)?

-Eric

Sun, 12/13/2009 - 10:39
coreymanshack

It doesn't give me any errors, it just keeps asking for password and then says authentication failed... I've tried tls, none, and ssl.

Does this snippet tell any stories?

Dec 13 08:44:29 ubuntu-server postfix/local[5464]: 5555D5D035: to=request.zapphost@ubuntu-server.zapphost.com, orig_to=<r$ Dec 13 08:44:29 ubuntu-server postfix/qmgr[5587]: 5555D5D035: removed Dec 13 08:44:29 ubuntu-server spamd[5172]: prefork: child states: II Dec 13 08:44:44 ubuntu-server dovecot: pop3-login: Login: user=<request.zapphost>, method=PLAIN, rip=192.168.1.1, lip=192.1$ Dec 13 08:44:44 ubuntu-server dovecot: POP3(request.zapphost): Disconnected: Logged out top=0/0, retr=2/13369, del=2/2, siz$ Dec 13 08:44:53 ubuntu-server dovecot: chdir(/home/absolutely-free-domain-names.com/homes/coreyman) failed with uid 1010: P$ Dec 13 08:44:53 ubuntu-server dovecot: child 5483 (pop3) returned error 89 Dec 13 08:44:53 ubuntu-server dovecot: pop3-login: Login: user=<coreyman.absolutely-free-domain-names.com>, method=PLAIN, r$ Dec 13 08:44:58 ubuntu-server dovecot: pop3-login: Login: user=<admin.x3dev.com>, method=PLAIN, rip=192.168.1.1, lip=192.16$ Dec 13 08:44:58 ubuntu-server dovecot: POP3(admin.x3dev.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0 Dec 13 08:47:43 ubuntu-server postfix/anvil[5461]: statistics: max connection rate 1/60s for (smtp:67.15.47.3) at Dec 13 08$ Dec 13 08:47:43 ubuntu-server postfix/anvil[5461]: statistics: max connection count 1 for (smtp:67.15.47.3) at Dec 13 08:44$ Dec 13 08:47:43 ubuntu-server postfix/anvil[5461]: statistics: max cache size 1 at Dec 13 08:44:23 Dec 13 08:50:37 ubuntu-server postfix/smtpd[5653]: connect from smtpgw03.myhostguy.com[216.10.240.243] Dec 13 08:50:38 ubuntu-server postfix/smtpd[5653]: 31AFC5D035: client=smtpgw03.myhostguy.com[216.10.240.243] Dec 13 08:50:39 ubuntu-server postfix/cleanup[5657]: 31AFC5D035: message-id=<000f01ca7c03$4baaeec0$e300cc40$@com> Dec 13 08:50:49 ubuntu-server postfix/qmgr[5587]: 31AFC5D035: from=robby@it2max.com, size=1001881, nrcpt=1 (queue active) Dec 13 08:50:49 ubuntu-server postfix/smtpd[5653]: disconnect from smtpgw03.myhostguy.com[216.10.240.243] Dec 13 08:50:53 ubuntu-server spamc[5670]: skipped message, greater than max message size (512000 bytes) Dec 13 08:50:53 ubuntu-server postfix/local[5658]: 31AFC5D035: to=request.zapphost@ubuntu-server.zapphost.com, orig_to=<r$ Dec 13 08:50:53 ubuntu-server postfix/qmgr[5587]: 31AFC5D035: removed Dec 13 08:51:37 ubuntu-server dovecot: pop3-login: Login: user=<request.zapphost>, method=PLAIN, rip=192.168.1.1, lip=192.1$ Dec 13 08:51:46 ubuntu-server dovecot: POP3(request.zapphost): Disconnected: Logged out top=0/0, retr=1/1002031, del=1/1, s$

Sun, 12/13/2009 - 10:43 (Reply to #3)
coreymanshack

or is that all pop3 stuff

Sun, 12/13/2009 - 10:56
andreychek

Okay, so you can log in via POP, but not via SMTP.

Are you connecting via a local LAN? Ie, is it possible your ISP is blocking port 25/SMTP?

If you're connecting via a LAN, you should be able to authenticate without SSL or TLS using port 25 without trouble, in theory :-)

-Eric

Sun, 12/13/2009 - 11:00
coreymanshack

Yea I can log in and download mail via POP.... I'm not connecting from lan, im connecting from WAN

mail.zapphost.com

No ports are blocked and according to whatsmyip.org port 25 is open.

Sun, 12/13/2009 - 11:08 (Reply to #6)
coreymanshack

I just tried connecting via 192.168.1.10 "local machine ip" and it is still refusing my login.

Sun, 12/13/2009 - 12:20
andreychek

When you attempt to login, do you see any errors in the auth log -- /var/log/auth.log?

Also, make sure saslauthd is running -- you can do that with: /etc/init.d/saslauthd restart

-Eric

Sun, 12/13/2009 - 12:49
coreymanshack

it was running, i killed all, and restarded, and still same results

Sun, 12/13/2009 - 21:15
coreymanshack

IS someone trying to brute force my SSH login?? This IP address if from china, and i don't use that IP.

Dec 13 15:56:00 server1 sshd[14308]: Failed password for invalid user root from 60.31.211.5 port 57237 ssh2 Dec 13 15:56:01 server1 CRON[14311]: pam_unix(cron:session): session opened for user root by (uid=0) Dec 13 15:56:03 server1 sshd[14310]: User root from 60.31.211.5 not allowed because not listed in AllowUsers Dec 13 15:56:03 server1 sshd[14310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.31.211.5 user=root Dec 13 15:56:05 server1 sshd[14310]: Failed password for invalid user root from 60.31.211.5 port 57601 ssh2 Dec 13 15:56:08 server1 sshd[14327]: User root from 60.31.211.5 not allowed because not listed in AllowUsers Dec 13 15:56:08 server1 sshd[14327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.31.211.5 user=root Dec 13 15:56:10 server1 sshd[14327]: Failed password for invalid user root from 60.31.211.5 port 57995 ssh2 Dec 13 15:56:13 server1 sshd[14330]: User root from 60.31.211.5 not allowed because not listed in AllowUsers Dec 13 15:56:13 server1 sshd[14330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.31.211.5 user=root

Sun, 12/13/2009 - 21:19 (Reply to #10)
andreychek

I'd be surprised if you weren't seeing constant breakin attempts :-)

There's boatloads of worms and malcontents on the Internet constantly in search of easy targets.

The thing to do is keep your software up to date (both OS software as well as web apps), keep your passwords secure, and disable services you don't need.

-Eric

Sun, 12/13/2009 - 21:40 (Reply to #11)
coreymanshack

I don't notice any login failures for request.zapphost in that log.... Is that the right place to be looking for SMTP login failures?

Sun, 12/13/2009 - 21:41 (Reply to #12)
coreymanshack

Now I found another attempt from someone in Honduras :O I'm going to #ubuntu right now to try and make my ssh more secure. Maybe even lock out after so many login attempts.

Mon, 12/14/2009 - 12:54 (Reply to #13)
andreychek

Yeah, in either /var/log/mail.log, or /var/log/auth.log, you should see something that suggests that your client is connecting... be it a failed login, an error of some kind, or at least a notice that your particular IP has connected to the server.

If you don't see that much, it's likely your desktop isn't hitting port 25 on the server for some reason.

-Eric

Mon, 12/14/2009 - 10:21
ronald
ronald's picture

you can run sshd on a different port to stop the automated scripts, since they search for port 22 usually

Tue, 12/15/2009 - 08:37
coreymanshack

This is me trying to log in from work.

Dec 15 08:33:03 server1 postfix/smtpd[29650]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied Dec 15 08:33:03 server1 postfix/smtpd[29650]: warning: 66-76-106-250.tylrtx.sta.suddenlink.net[66.76.106.250]: SASL LOGIN authentication failed: $ Dec 15 08:33:05 server1 postfix/smtpd[29650]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied Dec 15 08:33:05 server1 postfix/smtpd[29650]: warning: SASL authentication failure: Password verification failed Dec 15 08:33:05 server1 postfix/smtpd[29650]: warning: 66-76-106-250.tylrtx.sta.suddenlink.net[66.76.106.250]: SASL PLAIN authentication failed: $ Dec 15 08:33:05 server1 postfix/smtpd[29650]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied Dec 15 08:33:05 server1 postfix/smtpd[29650]: warning: 66-76-106-250.tylrtx.sta.suddenlink.net[66.76.106.250]: SASL LOGIN authentication failed: $ Dec 15 08:33:07 server1 postfix/smtpd[29650]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied Dec 15 08:33:07 server1 postfix/smtpd[29650]: warning: SASL authentication failure: Password verification failed Dec 15 08:33:07 server1 postfix/smtpd[29650]: warning: 66-76-106-250.tylrtx.sta.suddenlink.net[66.76.106.250]: SASL PLAIN authentication failed: $ Dec 15 08:33:10 server1 postfix/smtpd[29650]: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied Dec 15 08:33:10 server1 postfix/smtpd[29650]: warning: 66-76-106-250.tylrtx.sta.suddenlink.net[66.76.106.250]: SASL LOGIN authentication failed: $ Dec 15 08:33:17 server1 postfix/smtpd[29650]: disconnect from 66-76-106-250.tylrtx.sta.suddenlink.net[66.76.106.250]

Tue, 12/15/2009 - 08:38 (Reply to #16)
coreymanshack

it keeps saying password failure and I know my password is correct.

Tue, 12/15/2009 - 08:46 (Reply to #17)
andreychek

Ahh, those logs are a bit more forthcoming about what the issue is... it looks like you're seeing an saslauthd permissions issue.

Try running this:

usermod -a -G sasl postfix

Followed by restarting Saslauthd:

/etc/init.d/saslauthd restart

And see if that does the trick for you.

-Eric

Tue, 12/15/2009 - 11:43
coreymanshack

that did the trick, what are those commands?

it added a user id and a group to postfix?

Topic locked