Authentication failed when trying to add mail address to a gmail

Discussion in 'Installation/Configuration' started by Arne Ytting, Nov 10, 2020.

Page 2 of 2
  1. Arne Ytting

    Arne Ytting New Member HowtoForge Supporter

    Sorry but I am not aware if i copy any cert. or how to.
    After i run the commands from the New tutorial, i have the same error
    POP and IMAP goes offline, before and after reboot.

    upload_2020-11-17_13-55-28.png
     
    Arne Ytting, Nov 17, 2020
    #21
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Then you have missed doing a step which resulted in a missing/invalid SSL certificate. Please take care that you replace the example names with your own names.

    You can also hire paid business support to set this up for you if you can't find the issue.
     
    Th0m, Nov 17, 2020
    #22
  3. Arne Ytting

    Arne Ytting New Member HowtoForge Supporter

    I solved the main problem. :):D:) ( “Authentication failed when trying to add mail address to a gmail “ )

    Thank you all for your help and patience, i really appreciate it. :)

    I run the update command again,
    Code:
    cd /tmp
wget https://www.ispconfig.org/downloads/ISPConfig-3.2.tar.gz
tar xvfz ISPConfig-3.2.tar.gz
cd ispconfig3_install/install
php -q update.php
    and this time i answered yes to : “ Create new ISPConfig SSL certificate (yes,no) [no]: yes “
    and the mail certificate changed to mail.my-domain.com from Lets encrypt.

    Now I can add a mail address to a gmail account and don’t get error in outlook..

    I also tried and run the tutorial again after i got it to work, but POP and IMAP still goes offline ? :confused:
    I dont know what i am missing out when i cant get the tutorial to work ?
     
    Arne Ytting, Nov 17, 2020
    #23
  4. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Try restarting the dovecot service and check your log files for errors.
     
    Jesse Norell, Nov 17, 2020
    #24
  5. Arne Ytting

    Arne Ytting New Member HowtoForge Supporter

    Just tried run the first part of the tutorial :
    Code:
    cd /etc/postfix/
mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak
mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
ln -s /etc/letsencrypt/live/mail.mydomain.dk/fullchain.pem smtpd.cert
ln -s /etc/letsencrypt/live/mail.mydomain.dk/privkey.pem smtpd.key
systemctl restart postfix
systemctl restart dovecot
    POP and IMAP goes offline after some minutes.
    Tried: "systemctl restart dovecot " pop & imap will not start

    Mail warn log:
    Code:
    ov 17 23:13:37 mail postfix/postfix-script[1025]: warning: group or other writable: /etc/postfix/./smtpd.cert
Nov 17 23:13:37 mail postfix/postfix-script[1026]: warning: group or other writable: /etc/postfix/./smtpd.key
Nov 17 23:13:37 mail postfix/postfix-script[1031]: warning: symlink leaves directory: /etc/postfix/./smtpd.cert
Nov 17 23:13:37 mail postfix/postfix-script[1034]: warning: symlink leaves directory: /etc/postfix/./makedefs.out
Nov 17 23:13:37 mail postfix/postfix-script[1037]: warning: symlink leaves directory: /etc/postfix/./smtpd.key-201117230617.bak
Nov 17 23:13:37 mail postfix/postfix-script[1040]: warning: symlink leaves directory: /etc/postfix/./smtpd.key
Nov 17 23:13:37 mail postfix/postfix-script[1043]: warning: symlink leaves directory: /etc/postfix/./smtpd.cert-201117230617.bak
Nov 17 23:15:02 mail postfix/smtpd[1209]: warning: cannot get RSA certificate from file "/etc/postfix/smtpd.cert": disabling TLS support
Nov 17 23:15:02 mail postfix/smtpd[1209]: warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:288:fopen('/etc/postfix/smtpd.cert','r'):
Nov 17 23:15:02 mail postfix/smtpd[1209]: warning: TLS library problem: error:20074002:BIO routines:file_ctrl:system lib:../crypto/bio/bss_file.c:290:
Nov 17 23:15:02 mail postfix/smtpd[1209]: warning: TLS library problem: error:140DC002:SSL routines:use_certificate_chain_file:system lib:../ssl/ssl_rsa.c:615:
Nov 17 23:15:02 mail postfix/smtpd[1209]: warning: SASL: Connect to private/auth failed: Connection refused
Nov 17 23:15:02 mail postfix/smtpd[1209]: fatal: no SASL authentication mechanisms
Nov 17 23:15:03 mail postfix/master[1084]: warning: process /usr/lib/postfix/sbin/smtpd pid 1209 exit status 1
Nov 17 23:15:03 mail postfix/master[1084]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Nov 17 23:20:02 mail postfix/smtpd[1353]: warning: cannot get RSA certificate from file "/etc/postfix/smtpd.cert": disabling TLS support
Nov 17 23:20:02 mail postfix/smtpd[1353]: warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:288:fopen('/etc/postfix/smtpd.cert','r'):
Nov 17 23:20:02 mail postfix/smtpd[1353]: warning: TLS library problem: error:20074002:BIO routines:file_ctrl:system lib:../crypto/bio/bss_file.c:290:
Nov 17 23:20:02 mail postfix/smtpd[1353]: warning: TLS library problem: error:140DC002:SSL routines:use_certificate_chain_file:system lib:../ssl/ssl_rsa.c:615:
Nov 17 23:20:02 mail postfix/smtpd[1353]: warning: SASL: Connect to private/auth failed: Connection refused
Nov 17 23:20:02 mail postfix/smtpd[1353]: fatal: no SASL authentication mechanisms
Nov 17 23:20:03 mail postfix/master[1084]: warning: process /usr/lib/postfix/sbin/smtpd pid 1353 exit status 1
Nov 17 23:20:03 mail postfix/master[1084]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
Nov 17 23:25:02 mail postfix/smtpd[1487]: warning: cannot get RSA certificate from file "/etc/postfix/smtpd.cert": disabling TLS support
Nov 17 23:25:02 mail postfix/smtpd[1487]: warning: TLS library problem: error:02001002:system library:fopen:No such file or directory:../crypto/bio/bss_file.c:288:fopen('/etc/postfix/smtpd.cert','r'):
Nov 17 23:25:02 mail postfix/smtpd[1487]: warning: TLS library problem: error:20074002:BIO routines:file_ctrl:system lib:../crypto/bio/bss_file.c:290:
Nov 17 23:25:02 mail postfix/smtpd[1487]: warning: TLS library problem: error:140DC002:SSL routines:use_certificate_chain_file:system lib:../ssl/ssl_rsa.c:615:
Nov 17 23:25:02 mail postfix/smtpd[1487]: warning: SASL: Connect to private/auth failed: Connection refused
Nov 17 23:25:02 mail postfix/smtpd[1487]: fatal: no SASL authentication mechanisms
Nov 17 23:25:03 mail postfix/master[1084]: warning: process /usr/lib/postfix/sbin/smtpd pid 1487 exit status 1
Nov 17 23:25:03 mail postfix/master[1084]: warning: /usr/lib/postfix/sbin/smtpd: bad command startup -- throttling
    Mail error log:
    Code:
    Nov 17 23:10:01 mail postfix/smtpd[1245]: fatal: no SASL authentication mechanisms
Nov 17 23:15:02 mail postfix/smtpd[1209]: fatal: no SASL authentication mechanisms
Nov 17 23:20:02 mail postfix/smtpd[1353]: fatal: no SASL authentication mechanisms
Nov 17 23:25:02 mail postfix/smtpd[1487]: fatal: no SASL authentication mechanisms
Nov 17 23:30:02 mail postfix/smtpd[1881]: fatal: no SASL authentication mechanisms
     
    Last edited: Nov 17, 2020
    Arne Ytting, Nov 17, 2020
    #25
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    What shows
    Code:
    ls -lh /etc/postfix/smtpd.cert
    Then repeat the ls -lh command for the file that smtpd.cert points to, and repeat until the file is not a symlink.
     
    Taleman, Nov 18, 2020
    #26
  7. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    you say in your first posts that the server hostname is isp2.my-domain.com and the mx host is mail.my-domain.com

    and after running the ispconfig update, it recreated the certs, using these names and everything worked.

    you then try re-running the tutorial, but according to what you posted, the domain is now mail.mydomain.dk, and you're symlinking to
    which neither matches the original domain name, or the path the letsencrypt certificate would be in using the original domain name.
    so the certificate either doesn't match, or isn't found.
     
    nhybgtvfr, Nov 18, 2020
    #27
  8. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    If the daemon won't start, the reason will almost certainly make its way into log files, maybe check "daemon", "syslog", or "messages" in addition to "mail.log" and "mail.err". From the postfix errors about your certificate, it's a reasonable bet that the dovecot problem is also due to the same (so maybe ignore dovecot till you fix the certificate issue, then see if everything works).
     
    Jesse Norell, Nov 18, 2020
    #28
  9. Arne Ytting

    Arne Ytting New Member HowtoForge Supporter

    Before running script:
    Code:
    root@saturn3:~# ls -lh /etc/postfix/smtpd.cert
lrwxrwxrwx 1 root root 48 Nov 17 15:07 /etc/postfix/smtpd.cert -> /usr/local/ispconfig/interface/ssl/ispserver.crt
root@saturn3:~#
root@saturn3:~# ls -lh /usr/local/ispconfig/interface/ssl/ispserver.crt
-rwxr-x--- 1 root root 3.9K Nov 17 15:07 /usr/local/ispconfig/interface/ssl/ispserver.crt
    After running script (include the script):
    Code:
    root@saturn3:~#
root@saturn3:~# cd /etc/postfix/
root@saturn3:/etc/postfix# mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak
mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
ln -s /etc/letsencrypt/live/saturn3.glocom.dk/fullchain.pem smtpd.cert
root@saturn3:/etc/postfix# mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
ln -s /etc/letsencrypt/live/saturn3.glocom.dk/privkey.pem smtpd.key
systemctl restart postfix
root@saturn3:/etc/postfix# ln -s /etc/letsencrypt/live/saturn3.glocom.dk/fullchain.pem smtpd.cert
root@saturn3:/etc/postfix# ln -s /etc/letsencrypt/live/saturn3.glocom.dk/privkey.pem smtpd.key
root@saturn3:/etc/postfix# systemctl restart postfix
systemctl restart dovecot
root@saturn3:/etc/postfix# systemctl restart dovecot
root@saturn3:/etc/postfix#
root@saturn3:/etc/postfix#
root@saturn3:/etc/postfix# ls -lh /etc/postfix/smtpd.cert
lrwxrwxrwx 1 root root 53 Nov 19 00:37 /etc/postfix/smtpd.cert -> /etc/letsencrypt/live/saturn3.glocom.dk/fullchain.pem
root@saturn3:/etc/postfix#
root@saturn3:/etc/postfix#
root@saturn3:/etc/postfix# ls -lh /etc/letsencrypt/live/saturn3.glocom.dk/fullchain.pem
ls: cannot access '/etc/letsencrypt/live/saturn3.glocom.dk/fullchain.pem': No such file or directory
root@saturn3:/etc/postfix#
    Correct, in my first posts i used server hostname isp2.my-domain.com and the mx host mail.my-domain.com (it is a running server with clients)

    Then i made a new test server with mail.mydomain.dk as mx and hostname as well, to see if that solved the problem.
    I have to say am still a bit confused about the terms/names and what exactly the name should be in server, host, mx, hostname, in the setup.:confused:
    In the above i have just changed the test servers hostname to "saturn3.glocom.dk" in stead of mail..... i did not change original domain names is in the tekst this time (hope it is ok, ?? ).
    But it did not made any difference pop and imap gos Offline.
     
    Arne Ytting, Nov 19, 2020
    #29
  10. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Code:
    root@saturn3:~# ls -lh /usr/local/ispconfig/interface/ssl/ispserver.crt
-rwxr-x--- 1 root root 3.9K Nov 17 15:07 /usr/local/ispconfig/interface/ssl/ispserver.crt
    Only root can read that file. This causes the failures you have.
    How have you set up the certificates? On my host that file is a link to where the actual certificate is.
     
    Taleman, Nov 19, 2020
    #30
  11. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Not necessarily correct for 3.2 since acme.sh was introduced to slowly replace official LE client certbot. ISPConfig server that is secured by acme.sh installed the certs directly in /usr/local/ispconfig/interface/ssl/ so that should be possible as well. So LE SSL certs created by certbot will be symlinked but by acme.sh will not.
     
    ahrasis, Nov 19, 2020
    #31
  12. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The best thing to do (in my opinion) is let your client access the mailserver on smtp.hostingcompany.com and imap.hostingcompany.com. I shared the tutorial before, it's here: https://www.howtoforge.com/securing...server-with-a-valid-lets-encrypt-certificate/

    You should check where your certificates are actually stored. Does the folder /etc/letsencrypt/live/saturn3.glocom.dk exist?
     
    Th0m, Nov 19, 2020
    #32
    ahrasis likes this.
  13. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter


    that shouldn't be a problem, i have a geotrust wildcard cert in that location, with the same root:root ownership and 750 permissions,
    smtpd.cert and smtpd.key in /etc/postfix and dovecot.key and dovecot.pem in /etc/dovecot/private both symlink to the certificate files in /usr/local/ispconfig/interface/ssl
    both postfix and dovecot start and run without any problems.
     
    nhybgtvfr, Nov 19, 2020
    #33
  14. Arne Ytting

    Arne Ytting New Member HowtoForge Supporter

    How do I change access to that file ?
    Sorry I’m not sure I understand the question on how the certificates is setup. Maybe the answer is, I Check the Let's Encrypt checkbox, “ISPConfig panel > Sites > Website > Website Name, then click SSL and Let's Encrypt check buttons “

    I tried smtp & imap.glocom.dk aliases as well and that seems working fine,
    Why split it in 2 and not just make one alias like mail.glocom.dk ?

    No I don’t thing the folder exist ? (se below)
    Code:
    root@saturn3:~# cd /etc/letsencrypt/live/saturn3.glocom.dk
-bash: cd: /etc/letsencrypt/live/saturn3.glocom.dk: No such file or directory
root@saturn3:~#
root@saturn3:~#
root@saturn3:~# cd /etc
root@saturn3:/etc# cd /etc/letsencrypt/
-bash: cd: /etc/letsencrypt/: No such file or directory
     
    Arne Ytting, Nov 19, 2020
    #34
  15. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The reason to split it over smtp.hostingcompany.com and imap.hostingcompany.com is that you might want to spread these services over different servers in the future for example. If you use mail. and all your clients use that, it will be more complicated to do that because all clients would have to update their settings.

    I'm not sure why the Let's Encrypt folder doesn't exist. I thought acme.sh used the same folder but it might be that they are elsewhere?
    You could check in a vhost which path is used to your certificates and use the correct path to symlink the certs to.
     
    Th0m, Nov 19, 2020
    #35
  16. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    I checked the code in ISPConfig 3.2 very recently, so my answer is based on that i.e. no symlink if you using acme.sh. Do check and verify this at the git from line 2742 onwards especially 2967-2971:
    Code:
                        // Define LE certs name and path, then install them
                    //$acme_cert = "--cert-file $acme_cert_dir/cert.pem";
                    $acme_key = "--key-file " . escapeshellarg($ssl_key_file);
                    $acme_chain = "--fullchain-file " . escapeshellarg($ssl_crt_file);
                    exec("$acme --install-cert -d " . escapeshellarg($hostname) . " $acme_key $acme_chain");
     
    Last edited: Nov 20, 2020
    ahrasis, Nov 20, 2020
    #36
Page 2 of 2

Share This Page