1

Topic: SMTPAuthenticationError(535, '5.7.8 Error: authentication failed: Conn

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.3.1 OPENLDAP edition
- Deployed with iRedMail Easy or the downloadable installer? downloadable installer
- Linux/BSD distribution name and version: CentOS 7
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx):Nginx
- Manage mail accounts with iRedAdmin-Pro? 4.5 (LDAP)
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

# messages
Oct 21 02:26:11 mail journal: iredadmin + << ERROR >> Error while sending notification email to user@mydomain.com: SMTPAuthenticationError(535, '5.7.8 Error: authentication failed: Connection lost to authentication server') (/opt/www/iredadmin/tools/notify_quarantined_recipients.py, line 360)

# crontab
26 */2 * * * python /opt/www/iredadmin/tools/notify_quarantined_recipients.py --force-all >/dev/null


# maillog
Oct 21 02:26:01 mail postfix/submission/smtpd[18571]: connect from mail.mydomain.com[127.0.0.1]
Oct 21 02:26:11 mail postfix/submission/smtpd[18571]: warning: mail.mydomain.com[127.0.0.1]: SASL PLAIN authentication failed: Connection lost to authentication server
Oct 21 02:26:11 mail postfix/submission/smtpd[18571]: lost connection after AUTH from mail.mydomain.com[127.0.0.1]
Oct 21 02:26:11 mail postfix/submission/smtpd[18571]: disconnect from mail.mydomain.com[127.0.0.1]
Oct 21 02:26:11 mail postfix/cleanup[18578]: 4CG2BW4BjvzBsdZcH: message-id=<4CG2BW4BjvzBsdZcH@mail.mydomain.com>
Oct 21 02:26:11 mail clamd[4401]: SelfCheck: Database status OK.
Oct 21 02:26:13 mail postfix/10025/smtpd[18593]: 4CG2BY4Qt3zBsdZcV: client=mail.mydomain.com[127.0.0.1]
Oct 21 02:26:13 mail postfix/cleanup[18578]: 4CG2BY4Qt3zBsdZcV: message-id=<4CG2BW4BjvzBsdZcH@mail.mydomain.com>
Oct 21 02:26:13 mail postfix/10025/smtpd[18593]: disconnect from mail.mydomain.com[127.0.0.1]
Oct 21 02:26:13 mail amavis[11438]: (11438-04) Passed CLEAN {RelayedInternal}, ORIGINATING LOCAL [127.0.0.1] <root@mail.mydomain.com> -> <root@mail.mydomain.com>, Message-ID: <4CG2BW4BjvzBsdZcH@mail.mydomain.com>, mail_id: Wd4aAJ561Blc, Hits: -98.501, size: 1972, queued_as: 4CG2BY4Qt3zBsdZcV, dkim_new=dkim:mydomain.com, 1991 ms, Tests: [KAM_DMARC_STATUS=0.01,KAM_MXURI=1.5,NO_RELAYS=-0.001,USER_IN_WELCOMELIST=-0.01,USER_IN_WHITELIST=-100], helo=
Oct 21 02:26:13 mail amavis[11438]: (11438-04) Passed CLEAN, <root@mail.mydomain.com> -> <root@mail.mydomain.com>, Hits: -98.501, tag=-999, tag2=6.2, kill=6.9, queued_as: 4CG2BY4Qt3zBsdZcV, L/Y/0/0
Oct 21 02:26:13 mail postfix/cleanup[18578]: 4CG2BY4fvTzBsdZcY: message-id=<4CG2BW4BjvzBsdZcH@mail.mydomain.com>
Oct 21 02:26:13 mail postfix/qmgr[2772]: 4CG2BW4BjvzBsdZcH: removed
Oct 21 02:26:13 mail postfix/qmgr[2772]: 4CG2BY4Qt3zBsdZcV: removed
Oct 21 02:26:13 mail postfix/pipe[18596]: 4CG2BY4fvTzBsdZcY: to=<rootbcc@mydomain.com>, relay=dovecot, delay=0.17, delays=0.05/0.01/0/0.12, dsn=2.0.0, status=sent (delivered via dovecot service)
Oct 21 02:26:13 mail postfix/qmgr[2772]: 4CG2BY4fvTzBsdZcY: removed


# rootbcc@ 收到的mail
send: 'ehlo mail.mydomain.com\r\n'
reply: '250-mail.mydomain.com\r\n'
reply: '250-PIPELINING\r\n'
reply: '250-SIZE 215482368\r\n'
reply: '250-ETRN\r\n'
reply: '250-STARTTLS\r\n'
reply: '250-ENHANCEDSTATUSCODES\r\n'
reply: '250-8BITMIME\r\n'
reply: '250 DSN\r\n'
reply: retcode (250); Msg: mail.mydomain.com
PIPELINING
SIZE 215482368
ETRN
STARTTLS
ENHANCEDSTATUSCODES
8BITMIME
DSN
send: 'STARTTLS\r\n'
reply: '220 2.0.0 Ready to start TLS\r\n'
reply: retcode (220); Msg: 2.0.0 Ready to start TLS
send: 'ehlo mail.mydomain.com\r\n'
reply: '250-mail.mydomain.com\r\n'
reply: '250-PIPELINING\r\n'
reply: '250-SIZE 215482368\r\n'
reply: '250-ETRN\r\n'
reply: '250-AUTH PLAIN LOGIN\r\n'
reply: '250-ENHANCEDSTATUSCODES\r\n'
reply: '250-8BITMIME\r\n'
reply: '250 DSN\r\n'
reply: retcode (250); Msg: mail.mydomain.com
PIPELINING
SIZE 215482368
ETRN
AUTH PLAIN LOGIN
ENHANCEDSTATUSCODES
8BITMIME
DSN
send: 'AUTH PLAIN AHRlY2hsaW5zc3BhbUB0ZWNobGlucy5jb20AdGVjaGxpbnNzcGFtMzIzNDAxODgxMQ==\r\n'
reply: '535 5.7.8 Error: authentication failed: Connection lost to authentication server\r\n'
reply: retcode (535); Msg: 5.7.8 Error: authentication failed: Connection lost to authentication server

## dovecot
Oct 21 02:26:01 mail dovecot: auth: ldap(rootbcc@mydomain.com,127.0.0.1): invalid credentials

## mariadb
201021  2:26:01  3531 Connect   fail2ban@localhost as anonymous on fail2ban


後台:隔離訊息
Subject
[WEBINAR] Web Application Security Essentials    

Sender
srs0=uxhl=d3=bounce.s11.exacttarget.com=bounce-63185_html-140022032-68829-514005493-6171@mail.mydomain.com    

Recipient
user@mydomain.com    

Kind
Spam    

Size
18 KB    

Score
0.0    

Date
2020-10-21 02:13:24

請問版主:

1).為何給 user@ 時, 出現 authentication failed ,此帳號為domain 裡的帳號


2). 後台 Spam 隔離信件, 其分數為 0.0 , 怎會被隔離?
在黑名單(White/Blacklist)已有:
srs0=rogl=dw=bounce.s11.exacttarget.com=bounce-63185_html-140022032-68829-514005493-5703@mail.mydomain.com

但在 Spam 隔離的sender 為:
srs0=uxhl=d3=bounce.s11.exacttarget.com=bounce-63185_html-140022032-68829-514005493-6171@mail.mydomain.com    

正確黑名單建立的格式要如何建立?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SMTPAuthenticationError(535, '5.7.8 Error: authentication failed: Conn

rain6966 wrote:

Oct 21 02:26:11 mail postfix/submission/smtpd[18571]: warning: mail.mydomain.com[127.0.0.1]: SASL PLAIN authentication failed: Connection lost to authentication server

似乎 dovecot 出问题了,检查下它的 log。

rain6966 wrote:

2). 後台 Spam 隔離信件, 其分數為 0.0 , 怎會被隔離?
在黑名單(White/Blacklist)已有:
srs0=rogl=dw=bounce.s11.exacttarget.com=bounce-63185_html-140022032-68829-514005493-5703@mail.mydomain.com
但在 Spam 隔離的sender 為:
srs0=uxhl=d3=bounce.s11.exacttarget.com=bounce-63185_html-140022032-68829-514005493-6171@mail.mydomain.com    
正確黑名單建立的格式要如何建立?

0.0 是因为被 whitelisted 或 blacklisted 了,跳过了 spam scanning。
你这个都是 SRS rewrite 后的地址,srs0= 和 @ 之间的部分会经常变动。这样恐怕不容易匹配到原始地址。

3

Re: SMTPAuthenticationError(535, '5.7.8 Error: authentication failed: Conn

1).

ZhangHuangbin wrote:

SRS rewrite 后的地址,srs0= 和 @ 之间的部分会经常变动。这样恐怕不容易匹配到原始地址

所以改為 @bounce.s11.exacttarget.com 或 @.exacttarget.com 就可以了?

2).可否幫忙確認設定:

## fail2ban.log
egrep '2020-10-21 02' /var/log/fail2ban.log
2020-10-21 02:26:01,435 fail2ban.filter         [1706]: INFO    [dovecot] Ignore 127.0.0.1 by ignoreself rule
2020-10-21 02:26:11,456 fail2ban.filter         [1706]: INFO    [postfix-sm-lost] Ignore 127.0.0.1 by ignoreself rule

## ls -la -R /etc/dovecot/
/etc/dovecot/:
總計 104
drwxr-xr-x.   4 root    root     4096 10月 21 15:46 .
drwxr-xr-x. 174 root    root    12288 10月 21 15:33 ..
drwxr-xr-x.   2 root    root     4096  8月 29  2019 conf.d
-rw-rw-r--.   1 root    root    17430  7月 17 16:51 dovecot.conf
-rw-r--r--.   1 root    root     4380  1月 28  2019 dovecot.conf.2019.01.28.18.57.21
-rw-r--r--.   1 root    root    12736  1月 29  2019 dovecot.conf.orig
-rw-r--r--.   1 root    root    13786  3月  4  2019 dovecot.conf.orig.20190304
-r--------.   1 dovecot dovecot  2088  5月 22 17:59 dovecot-last-login.conf
-r-x------.   1 root    root     1267  2月 14  2019 dovecot-ldap.conf
-r-x------.   1 dovecot dovecot   196  2月 18  2019 dovecot-master-users
-r-x------.   1 dovecot dovecot   518  1月 28  2019 dovecot-share-folder.conf
-r-x------.   1 dovecot dovecot   347  1月 28  2019 dovecot-used-quota.conf
drwxr-xr-x.   3 root    root       48 10月 21 15:49 sieve

/etc/dovecot/conf.d:
總計 148
drwxr-xr-x. 2 root root  4096  8月 29  2019 .
drwxr-xr-x. 4 root root  4096 10月 21 15:46 ..
-rw-r--r--. 1 root root  5296  1月  4  2017 10-auth.conf
-rw-r--r--. 1 root root  1893  8月 27  2019 10-director.conf
-rw-r--r--. 1 root root  3062  8月 27  2019 10-logging.conf
-rw-r--r--. 1 root root 17579  8月 28  2019 10-mail.conf
-rw-r--r--. 1 root root  3383  8月 27  2019 10-master.conf
-rw-r--r--. 1 root root  2519  8月 28  2019 10-ssl.conf
-rw-r--r--. 1 root root  1668  8月 27  2019 15-lda.conf
-rw-r--r--. 1 root root  2808  1月  4  2017 15-mailboxes.conf
-rw-r--r--. 1 root root  4235  8月 27  2019 20-imap.conf
-rw-r--r--. 1 root root   936  1月  4  2017 20-lmtp.conf
-rw-r--r--. 1 root root  2961  6月  6  2019 20-managesieve.conf
-rw-r--r--. 1 root root  4065  8月 27  2019 20-pop3.conf
-rw-r--r--. 1 root root   676  1月  4  2017 90-acl.conf
-rw-r--r--. 1 root root   292  1月  4  2017 90-plugin.conf
-rw-r--r--. 1 root root  2597  8月 27  2019 90-quota.conf
-rw-r--r--. 1 root root 10726  8月 28  2019 90-sieve.conf
-rw-r--r--. 1 root root  1829  6月 16  2017 90-sieve-extprograms.conf
-rw-r--r--. 1 root root   499  1月  4  2017 auth-checkpassword.conf.ext
-rw-r--r--. 1 root root   489  1月  4  2017 auth-deny.conf.ext
-rw-r--r--. 1 root root   343  1月  4  2017 auth-dict.conf.ext
-rw-r--r--. 1 root root   924  1月  4  2017 auth-ldap.conf.ext
-rw-r--r--. 1 root root   561  1月  4  2017 auth-master.conf.ext
-rw-r--r--. 1 root root   515  1月  4  2017 auth-passwdfile.conf.ext
-rw-r--r--. 1 root root   788  1月  4  2017 auth-sql.conf.ext
-rw-r--r--. 1 root root   611  1月  4  2017 auth-static.conf.ext
-rw-r--r--. 1 root root  2185  8月 27  2019 auth-system.conf.ext
-rw-r--r--. 1 root root   330  1月  4  2017 auth-vpopmail.conf.ext

/etc/dovecot/sieve:
總計 8
drwxr-xr-x. 3 root root   48 10月 21 15:49 .
drwxr-xr-x. 4 root root 4096 10月 21 15:46 ..
drwxr-xr-x. 2 root root   28 10月 21 15:48 pipe
-rw-r--r--. 1 root root 2886  3月  4  2019 scan_reported_mails.sh

## dovecot.conf
egrep -v '#|^$' /etc/dovecot/dovecot.conf

listen = *
mail_plugins = quota mailbox_alias acl mail_log notify stats
protocols = pop3 imap sieve lmtp
mail_uid = 2000
mail_gid = 2000
first_valid_uid = 2000
last_valid_uid = 2000
syslog_facility = local5
auth_verbose = yes
auth_verbose_passwords = yes
ssl_protocols = !SSLv2 !SSLv3
verbose_ssl = no
ssl_ca = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
ssl_cipher_list = ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5
ssl_prefer_server_ciphers = yes
disable_plaintext_auth = no
ssl=yes
auth_failure_delay = 10s
mail_location = maildir:%Lh/Maildir/:INDEX=%Lh/Maildir/
auth_mechanisms = PLAIN LOGIN
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k session=<%{session}>
deliver_log_format = from=%{from}, envelope_sender=%{from_envelope}, subject=%{subject}, msgid=%m, size=%{size}, delivery_time=%{delivery_time}ms, %$
service auth {
    unix_listener /var/spool/postfix/private/dovecot-auth {
        user = postfix
        group = postfix
        mode = 0666
    }
    unix_listener auth-master {
        user = vmail
        group = vmail
        mode = 0666
    }
    unix_listener auth-userdb {
        user = vmail
        group = vmail
        mode = 0660
    }
}
service lmtp {
    user = vmail
    process_min_avail = 5
    executable = lmtp -L
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
        user = postfix
        group = postfix
        mode = 0600
    }
    inet_listener lmtp {
        address = 127.0.0.1
        port = 24
    }
}
userdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
passdb {
    args = /etc/dovecot/dovecot-ldap.conf
    driver = ldap
}
auth_master_user_separator = *
passdb {
    driver = passwd-file
    args = /etc/dovecot/dovecot-master-users
    master = yes
}
plugin {
    quota = dict:user::proxy::quotadict
    quota_warning = storage=100%% quota-warning 100 %u
    quota_warning2 = storage=95%% quota-warning 95 %u
    quota_warning3 = storage=90%% quota-warning 90 %u
    quota_warning4 = storage=85%% quota-warning 85 %u
    quota_grace = 10%%
    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = "552 5.2.2 Mailbox is full"
    acl = vfile
    acl_shared_dict = proxy::acl
    sieve_dir = ~/sieve
    sieve = ~/sieve/dovecot.sieve
    sieve_global_dir = /var/vmail/sieve
    sieve_before = /var/vmail/sieve/dovecot.sieve
    sieve_max_redirects = 30
    sieve_vacation_send_from_recipient = yes
    mailbox_alias_old = Sent
    mailbox_alias_new = Sent Messages
    mailbox_alias_old2 = Sent
    mailbox_alias_new2 = Sent Items
    mail_log_events = delete undelete expunge mailbox_delete mailbox_rename
    mail_log_fields = uid box msgid size from subject
    stats_refresh = 30 secs
    stats_track_cmds = yes
    sieve_plugins = sieve_imapsieve sieve_extprograms
    imapsieve_url = sieve://127.0.0.1:4190
    imapsieve_mailbox1_name = Junk
    imapsieve_mailbox1_causes = COPY APPEND
    imapsieve_mailbox1_before = file:/var/vmail/sieve/report_spam.sieve
    imapsieve_mailbox2_name = *
    imapsieve_mailbox2_from = Junk
    imapsieve_mailbox2_causes = COPY
    imapsieve_mailbox2_before = file:/var/vmail/sieve/report_ham.sieve
    sieve_pipe_bin_dir = /etc/dovecot/sieve/pipe
    sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
    last_login_dict = proxy::lastlogin
    last_login_key = last-login/%s/%u/%d
}
service stats {
    fifo_listener stats-mail {
        user = vmail
        mode = 0644
    }
    inet_listener {
        address = 127.0.0.1
        port = 24242
    }
    unix_listener stats-reader {
        user = vmail
        group = vmail
        mode = 0660
    }
    unix_listener stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }
}
service quota-warning {
    executable = script /usr/local/bin/dovecot-quota-warning.sh
    unix_listener quota-warning {
        user = vmail
        group = vmail
        mode = 0660
    }
}
service dict {
    unix_listener dict {
        mode = 0660
        user = vmail
        group = vmail
    }
}
dict {
    quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
    acl = mysql:/etc/dovecot/dovecot-share-folder.conf
    lastlogin = mysql:/etc/dovecot/dovecot-last-login.conf
}
protocol lda {
    mail_plugins = $mail_plugins sieve
    lda_mailbox_autocreate = yes
    lda_mailbox_autosubscribe = yes
}
protocol lmtp {
    mail_plugins = quota sieve
    lmtp_save_to_detail_mailbox = yes
    recipient_delimiter = +
}
mail_attribute_dict = file:%h/dovecot-attributes
protocol imap {
    mail_plugins = $mail_plugins imap_quota imap_acl imap_stats imap_sieve last_login
    imap_client_workarounds = tb-extra-mailbox-sep
    mail_max_userip_connections = 30
}
protocol pop3 {
    mail_plugins = $mail_plugins last_login

    pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
    pop3_uidl_format = %08Xu%08Xv
    mail_max_userip_connections = 30
}
service imap-login {
    service_count = 1
    process_limit = 500
}
service pop3-login {
    service_count = 1
}
service managesieve-login {
    inet_listener sieve {
        address = 127.0.0.1
        port = 4190
    }
}
namespace {
    type = private
    separator = /
    prefix =
    inbox = yes
    mailbox Sent {
        auto = subscribe
        special_use = \Sent
    }
    mailbox "Sent Messages" {
        auto = no
        special_use = \Sent
    }
    mailbox "Sent Items" {
        auto = no
        special_use = \Sent
    }
    mailbox Drafts {
        auto = subscribe
        special_use = \Drafts
    }
    mailbox Trash {
        auto = subscribe
        special_use = \Trash
    }
    mailbox "Deleted Messages" {
        auto = no
        special_use = \Trash
    }
    mailbox Junk {
        auto = subscribe
        special_use = \Junk
    }
    mailbox Spam {
        auto = no
        special_use = \Junk
    }
    mailbox "Junk E-mail" {
        auto = no
        special_use = \Junk
    }
    mailbox Archive {
        auto = no
        special_use = \Archive
    }
    mailbox Archives {
        auto = no
        special_use = \Archive
    }
}
namespace {
    type = shared
    separator = /
    prefix = Shared/%%u/
    location = maildir:%%Lh/Maildir/:INDEX=%%Lh/Maildir/Shared/%%Ld/%%Ln
    subscriptions = yes
    list = children
}
!include_try /etc/dovecot/iredmail/*.conf
auth_failure_delay = 10s
service quota-status {
    executable = quota-status -p postfix
    client_limit = 1
    inet_listener {
        address = 127.0.0.1
        port = 12340
    }
}

4

Re: SMTPAuthenticationError(535, '5.7.8 Error: authentication failed: Conn

rain6966 wrote:

所以改為 @bounce.s11.exacttarget.com 或 @.exacttarget.com 就可以了?

是的。但你要注意用这个固定的sub-domain是否可能有误杀的情况。比如其它一些正常的邮件地址经过对方这台机器 SRS 地址改写后,也是同样的 sub-domain。

rain6966 wrote:

2).可否幫忙確認設定:

NO. 内容太多,细节之处难以一眼看出是否有问题。所以我只看相关的 error log。