SMTP authorization does not work with Postfix MTA: "SASL login authentication failed"

Refers to:

  • Plesk for Linux

Created:

2016-11-16 12:49:35 UTC

Modified:

2017-02-17 00:02:00 UTC

0

Was this article helpful?


Have more questions?

Submit a request

SMTP authorization does not work with Postfix MTA: "SASL login authentication failed"

Symptoms

  • SMTP authorization does not work, even though valid login credentials are used:

    ~# telnet localhost 25
    Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.220 plesk104.host ESMTP Postfixauth login334 VXNlcm5hbWU6YWJlemJvcm9kb3ZhQHBhcmFsbGVscy5jb20=334 UGFzc3dvcmQ6MTIzcXdl535 5.7.8 Error: authentication failed: authentication failure
  • The following error is shown in the /usr/local/psa/var/log/maillog:

    plesk104 postfix/smtpd[7538]: warning: localhost.localdomain[127.0.0.1]: SASL login authentication failed: authentication failure
    
  • The mchk utility was used, but it did not help to resolve the issue.

  • The following errors appear in /var/log/plesk-roundcube/errors

    ERROR: Invalid response code received from server (535)
    SMTP Error: Authentication failure: Invalid response code received from server (Code: 535) in /usr/share/psa-roundcube/program/lib/Roundcube/rcube.php on line 1649 (POST /?_task=mail&_unlock=loading1486700183680&_lang=en_US&_framed=1&_action=send)

Cause

There are two possible root causes of this issue:

  1. The domain has been disabled\suspended via Plesk. In this case, mail_auth_view utility will show the 'D' flag for the mailboxes:

    # /usr/local/psa/admin/bin/mail_auth_view | grep domain
    mailbox@domain.tld | D | ********* |

    You can verify whether the domain is disabled on the Websites & Domains screen. It will have the 'disabled' mark near the domain name, as in the below picture:

    alttext

  2. The /usr/lib64/sasl2/smtpd.conf configuration file contains incorrect data.

Resolution

  1. Activate the domain if it has been disabled.

  2. Verify that /usr/lib64/sasl2/smtpd.conf is configured correctly:

    For Plesk 10.x:

    # cat /usr/lib64/sasl2/smtpd.conf:
    pwcheck_method: auxprop saslauthd
    auxprop_plugin: sql_sqlite3
    saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
    mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
    auto_transition: yes
    sql_engine: sqlite3
    sql_hostnames: localhost
    sql_database: /var/spool/postfix/plesk/passwd.db
    sql_select: SELECT `%p` FROM domains d, users u WHERE u.name='%u' and d.name='%r' and d.status=0 and u.status=0 and u.dom_id=d.id sql_verbose: yes
    log_level: 9

    For Plesk 11.x:

    # cat /usr/lib64/sasl2/smtpd.conf:
    pwcheck_method: auxprop saslauthd
    auxprop_plugin: plesk
    saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
    mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
    auto_transition: yes
    sql_engine: intentionally disabled
    log_level: 4

    For Plesk Onyx:

    # cat /usr/lib64/sasl2/smtpd.conf:
    pwcheck_method: auxprop saslauthd
    auxprop_plugin: plesk
    saslauthd_path: /var/spool/postfix/private/plesk_saslauthd
    mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
    sql_engine: intentionally disabled
    log_level: 4

Also, make sure that the following line in the /etc/postfix/master.cf file points to the existing passwd.db file:

 plesk_saslauthd unix y y y - 1 plesk_saslauthd status=5 listen=6 dbpath=/var/spool/postfix/plesk/passwd.db
Have more questions? Submit a request
Please sign in to leave a comment.