Link to home
Start Free TrialLog in
Avatar of Amin El-Zein
Amin El-Zein

asked on

postfix auth error

Hello,
I get always this error on my postfix: Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  dGVzdDExMTE=
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  dGVzdDEyMjI=
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  dGVzdDEzMzM=
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  JW51bGwl
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  MTIz
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  MTIzMTIz
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  MTIzNA==
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  MTIzNDU=
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 In:  RSET
 Out: 250 2.0.0 Ok
 In:  AUTH LOGIN
 Out: 334 VXNlcm5hbWU6
 In:  dGVzdDFAaXAtMTQ3LTEzNS0yMjcuZXU=
 Out: 334 UGFzc3dvcmQ6
 In:  MTIzNDU2
 Out: 535 5.7.8 Error: authentication failed: authentication failure
 Out: 421 4.7.0 mymail.com Error: too many errors

Session aborted, reason: too many errors

port 465 and 587 is allowed only from specific ip but I get this error … so where is the problem ?
thanks.
Avatar of arnold
arnold
Flag of United States of America image
Can you post the output from postfix after you issue greeting,
Ehlo yourservername.?
Avatar of arnold
arnold
Flag of United States of America image
Try the following example.
Note the username and password need to be the username, and password to be used.
https://www.ndchost.com/wiki/mail/test-smtp-auth-telnet
Avatar of Dr. Klahn
Dr. Klahn
Arnold is correct, we can't do much without seeing the initial negotation -- particularly where the receiving MTA says "I will accept these methods ..."
Avatar of David Favor
David Favor
Flag of United States of America image
Tip: Best to debug this using https://www.jetmore.org/john/code/swaks with a command line similar to this...

swaks -s smtp.mailgun.org:587 -tls -auth -au $user -ap $pass "test mail \$(date)\" --from=$from --to=$to

Open in new window


You may have to leave off the -tls option.

Post the entire SWAKS conversation output for debugging.

Note: You must run SWAKS on the IP actually whitelisted by your SPF record for this to work.
Avatar of noci
noci
Is there anything in the logs of the mail server?...
There must be a reason for the rejection, most server logs the reason for failure as well as the fact.
(those reasons are not on the communication with clients,esp. on authentication).
Avatar of David Favor
David Favor
Flag of United States of America image
You said, "port 465 and 587 is allowed only from specific ip but I get this error … so where is the problem ?"

If you mean the incoming MTA is running like this, best to remove all related firewall rules, as this will never work in real life... if you expect your MTA to accept mail from various places for any user handled by the MTA.
Avatar of Amin El-Zein
Amin El-Zein

ASKER

how I can restrict  specific ip to send emails from postfix to outside?
thanks.
Avatar of arnold
arnold
Flag of United States of America image
please explain what you mean. you can restrict which IP/s are allowed to send emails through the postfix using the config and mynetworks.
you can use transports to direct a domain to a specific destination.

Your question seems as though a configuration on the firewall when it sees traffic from the internal IP of the postfix to a destination port 25 to use Source update to reflect the packet as coming from a specific WAN IP that the firewall has. this should match the IP on which port 25 is setup to go into the postfix if that is your setup.
Avatar of Amin El-Zein
Amin El-Zein

ASKER

Hello,
postfix working as mail gateway
the mails flow is:
external email >>> postfix >>> local exchange server
local exchange Server >>> postfix >>> external emails.

so I want only the exchange server ip to send email to external mails.
do you want to show you my config ?
thanks.
Avatar of arnold
arnold
Flag of United States of America image
you can in the main.cf file restrict only the IP of the exchange server
look at the main.cf for mynetworkw and see what it is set to, it needs to only have 127.0.0.1 localhost, and the LAN ip of the postfix and the IP of the exchange server
Commonly, it is set to the local LAN which would allow all local computers the rights to relay through this server.

not sure why you want to restrict, but if you do double check whether currently it is being used by anything other than the exchange /var/log/maillog
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.