Applicable to:
- Plesk for Linux
Symptoms
- On attempt to send an email via Microsoft Outlook, the login/password prompt appears and does not accept credentials.
- The warning below can be found in the
/var/log/maillog:
CONFIG_TEXT: mail.example.com postfix/smtpd[17318]: warning: SASL authentication failure: realm changed: authentication aborted
Cause
Current implementation of a DIGEST-MD5 authentication in libsasl2 library is incompatible with Microsoft Outlook.
Resolution
- Login to the server via SSH.
-
Back up the file:
For CentOS/RHEL-based distributions:# cp /usr/lib64/sasl2/smtpd.conf /usr/lib64/sasl2/smtpd.conf.bak
For Debian/Ubuntu-based distributions:
# cp /etc/postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf.bak
-
Disable Digest-MD5 authentication for postfix by editing
/usr/lib64/sasl2/smtpd.conffor CentOS or/etc/postfix/sasl/smtpd.conffor Debian/Ubuntu using a text editor and replacing the following line:CONFIG_TEXT: mech_list: DIGEST-MD5 CRAM-MD5 PLAIN LOGIN
with
CONFIG_TEXT: mech_list: CRAM-MD5 PLAIN LOGIN
-
Restart the Postfix service to apply changes:
# service postfix restart
Comments
13 comments
On Ubuntu is /etc/postfix/sasl and not /usr/lib64/sasl2. Please correct your article.
Hello @Miomir,
Thank you for notice.
The article will be updated.
You might also need to make this change in the dovecot.conf file
Hello @Tara,
Thank you for the notice. This article is devoted to the error:
mail.example.com postfix/smtpd[17318]: warning: SASL authentication failure: realm changed: authentication aborted
In such case, Dovecot restart is not required.
i have this error
postfix/smtpd[19795]: warning: unknown[xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
Hello @Xalid Balagozov
Please check this article
Otherwise please contact our Technical support here
A similar procedure may be needed for Dovecot and is documented here...
https://support.plesk.com/hc/en-us/articles/115001001933-Cannot-set-up-IMAP-account-in-Outlook-SASL-DIGEST-MD5-authentication-failed-authentication-failure
I have something similar to what everyone has posted but in my case the logs show me two constantly repeating sentences that are:
Jan 2 18:26:16 name server postfix/smtpd[413]: warning: [xxx.xxx.xxx.xxx]: SASL DIGEST MD5 authentication failed: authentication failure
Jan 2 18:26:16 name server postfix/smtpd[413]: warning: [xxx.xxx.xxx.xxx]: SASL LOGIN authentication failed: authentication failure
Does it relate to the same problem?
Carlos Ivan Castillo Moya please try the following article https://support.plesk.com/hc/en-us/articles/115001001933-Cannot-set-up-Plesk-mail-IMAP-account-in-Outlook-SASL-DIGEST-MD5-authentication-failed-authentication-failure.
If it does not help please open a support ticket with us as follows: https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support-
I've made that change but the file appears to be getting overwritten and the DIGEST-MD5 option is reappearing?
Hi Justin Lnch could you please open a support ticket with us https://support.plesk.com/hc/en-us/articles/213608509-How-to-submit-a-request-to-Plesk-support- so we can address this issue?
The smtpd.conf file changes were reverted/overwritten. How can this be prevented?
Also, other affected users, please vote for this suggestion to remove digest-md5 from the default settings...
https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/41190802-remove-digest-md5-from-dovecot-and-postfix-configs
I second Bob Benson and aks you, if you read this, to support
https://plesk.uservoice.com/forums/184549-feature-suggestions/suggestions/41190802-remove-digest-md5-from-dovecot-and-postfix-configs
After significant testing on many servers that service a five digit number of domains we found that the only viable solution to the DIGEST-MD5 issues that are causing "failed auth" login attempts is to remove the digest-md5 entry from Dovecot. It's been a pain for many years, but now, right after we have updated all systems this issue is solved for good.
Please vote for this change in the Plesk default configuration.
Please sign in to leave a comment.