On 17/06/24 13:54, Paul Schmehl via Postfix-users wrote:
I’m seeing this error in the roundcube logs:
[16-Jun-2024 20:28:58 -0500]: <n142glqv> SMTP Error: Authentication
failure: mail.stovebolt.com
PIPELINING
SIZE 900000000
VRFY
ETRN
STARTTLS
ENHANCEDSTATUSCODES
8BITMIME
DSN
SMTPUTF8
CHUNKING (Code: 250) in
/var/www/html/webmail/program/lib/Roundcube/rcube.php on line 1794 (POST
/webmail/?_task=mail&_unlock=loading1718587737852&_framed=1&_action=send)
[16-Jun-2024 20:34:16 -0500]: <n142glqv> PHP Error: SMTP server does not
support authentication (POST
/webmail/?_task=mail&_unlock=loading1718588056454&_framed=1&_action=send)
[16-Jun-2024 20:34:16 -0500]: <n142glqv> SMTP Error: Authentication
failure: mail.stovebolt.com
PIPELINING
SIZE 900000000
VRFY
ETRN
STARTTLS
ENHANCEDSTATUSCODES
8BITMIME
DSN
SMTPUTF8
CHUNKING (Code: 250) in
/var/www/html/webmail/program/lib/Roundcube/rcube.php on line 1794 (POST
/webmail/?_task=mail&_unlock=loading1718588056454&_framed=1&_action=send)
For starters these are not Postfix logs. I do not know what roundcube
logs are supposed to look like but you have shown two sets of what
appear to be responses to the EHLO command. Both of the above responses
were made prior to or entirely without the issuance of a STARTTLS
command so a well configured postfix will not show AUTH support until
after STARTTLS is issued and a TLS session is established.
This leads me to the conclusion that you do not have Roundcube
configured to use TLS and therefore postfix will not offer
authentication to roundcube until you fix this. There may be other
issues as well which I cannot tell you until I see actual postfix logs
and configuration as shown in the DEBUG_README file.
The odd thing is, I don’t see any connection attempts at all in the mail
logs. However, this log entry has me wondering. PHP Error: SMTP server
does not support authentication
Postfix will always show connection attempts in the mail logs. If it is
not then something is likely wrong with your syslog implelmentation.
There can sometimes be issues with journald dropping log messages before
they can get passed to rsyslog, assuming your system has such a setup
then have a look at journald.conf(5) specifically at the
RateLimitIntervalSec and RateLimitBurst configuration parameters to
journald which have some rather unfortunate defaults.
I should note that if you're not seeing *any* postfix entries in maillog
then it's likely that there are other issues such as rsyslog not being
installed or not running or journald not being configured to pass log
entries through to rsyslog.
Also note that if you cannot or do not wish to get journald and rsyslog
properly configured then postfix can be configured to write directly to
it's own log file rather than use the syslog facility, see:
http://www.postfix.org/postconf.5.html#maillog_file
Should postfix be announcing that it accepts AUTH LOGIN?
Probably not since the LOGIN mech is a poor implementation that was only
ever needed to support some very old outlook express email clients.
Postfix should, however, be announcing "AUTH PLAIN" support, but only
after a TLS session is established, not before (see above).
If so, I may
have missed something in the config. I’m wondering if roundcube is not
even attempt auth because postfix isn’t announcing it as a service that
it offers.
It's likely that roundcube is not configured for TLS and postfix is (as
it should be) configured not to offer AUTH until TLS is established.
Peter
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
