I have set up an Ubuntu 18.04 server using Perfect server tutorial and it was working for almost 2 years without a problem. But SMTP stopped working suddenly two days ago (I made no change to the server). Issue started to occur when I was getting timeout errors in Mozilla Thunderbird while sending emails. After doing so much searches, purging ISPConfig, re-installing all services, the problem just persisted. Totally I installed a new Ubuntu 20.04 and did everything mentioned in this Perfect server tutorial. Still the same problem. Using Roundcube, I can login and receive emails, but while trying to send, I get this error message: "SMTP Error (250): Authentication failed." Using Thunderbird, it can find the server configurations, but when trying to authenticate, after taking so much times for checking password ..., it totally shows me an error: "Unable to log in at server. Probably wrong configuration, username or password." I have tested disabling firewall, using both Certbot and self-signed certificates and no chance. Here is my master.cf file: Code: # # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master" or # on-line: http://www.postfix.org/master.5.html). # # Do not forget to execute "postfix reload" after editing this file. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (no) (never) (100) # ========================================================================== smtp inet n - y - - smtpd -v #smtp inet n - y - 1 postscreen #smtpd pass - - y - - smtpd #dnsblog unix - - y - 0 dnsblog #tlsproxy unix - - y - 0 tlsproxy submission inet n - y - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_tls_auth_only=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING smtps inet n - y - - smtpd -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o smtpd_reject_unlisted_recipient=no # -o smtpd_client_restrictions=$mua_client_restrictions # -o smtpd_helo_restrictions=$mua_helo_restrictions # -o smtpd_sender_restrictions=$mua_sender_restrictions # -o smtpd_recipient_restrictions= # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING #628 inet n - y - - qmqpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr #qmgr unix n - n 300 1 oqmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d vmail ${extension} ${recipient} ${user} ${nexthop} ${sender} # # ==================================================================== # # Recent Cyrus versions can use the existing "lmtp" master.cf entry. # # Specify in cyrus.conf: # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 # # Specify in main.cf one or more of the following: # mailbox_transport = lmtp:inet:localhost # virtual_transport = lmtp:inet:localhost # # ==================================================================== # # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 # #cyrus unix - n n - - pipe # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} # # ==================================================================== # Old example of delivery via Cyrus. # #old-cyrus unix - n n - - pipe # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} # # ==================================================================== # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} amavis unix - - - - 2 smtp -o smtp_data_done_timeout=1200 -o smtp_send_xforward_command=yes -o smtp_bind_address= 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes 127.0.0.1:10027 inet n - n - - smtpd -o content_filter= -o local_recipient_maps= -o relay_recipient_maps= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_end_of_data_restrictions= -o mynetworks=127.0.0.0/8 -o strict_rfc821_envelopes=yes -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtp_send_xforward_command=yes -o milter_default_action=accept -o milter_macro_daemon_name=ORIGINATING -o disable_dns_lookups=yes
I'm not sure I understood what the problem was, but here goes: Can you login to roundcube, and and see e-mails you have there? Can you receive new emails? If only sending from roundcube fails, what have you configured in roundcube settings? Same for Thunderbird. Maybe start with this: https://www.howtoforge.com/community/threads/please-read-before-posting.58408/
Thanks for sharing that useful link. However, I think almost provided the most information I had. I'm running ISPConfig 3.2.1 on Ubuntu 20.04. Yes, I can login to webmail and receive new emails. But only can't send. I changed the Roundcube port to 25 now and it's working (I can send emails). But this is isn't what I really want. This is the current config and smtp_port is the only thing I have changed (587 to 25). Code: $config['default_host'] = 'localhost'; $config['smtp_server'] = 'localhost'; $config['smtp_port'] = 25; $config['smtp_user'] = '%u'; $config['smtp_pass'] = '%p'; However, Thunderbird has another story. I even can't login with port 25 and without encryption. If you need the `mail.log` output, I can post it here.
If you change to port 587 you need to specify 'tls://' in the smtp_server setting. Your debug log doesn't appear to show a problem, it ends with: Code: Dec 28 23:00:45 localhost postfix/smtpd[16094]: < unknown[45.125.65.39]: AUTH LOGIN Dec 28 23:00:45 localhost postfix/smtpd[16094]: xsasl_dovecot_server_first: sasl_method LOGIN Dec 28 23:00:45 localhost postfix/smtpd[16094]: xsasl_dovecot_handle_reply: auth reply: CONT?1?VXNlcm5hbWU6 Dec 28 23:00:45 localhost postfix/smtpd[16094]: > unknown[45.125.65.39]: 334 VXNlcm5hbWU6 Dec 28 23:00:45 localhost postfix/smtpd[16094]: < unknown[45.125.65.39]: MTU5MzU3 Dec 28 23:00:45 localhost postfix/smtpd[16094]: xsasl_dovecot_handle_reply: auth reply: CONT?1?UGFzc3dvcmQ6 Dec 28 23:00:45 localhost postfix/smtpd[16094]: > unknown[45.125.65.39]: 334 UGFzc3dvcmQ6 Dec 28 23:00:45 localhost postfix/smtpd[16094]: < unknown[45.125.65.39]: MTU5MzU3 So that's thunderbird attempting to login using the same string '159357' for both the username and password; it cuts off before showing the server's response, but I would expect it to say authentication failed (unless you happen to be using alternative login names, and '159357' is your actual login name - in which case you need to grab a bugfix from nightly builds, and change your password, and your password policy ).
If roundcube is on the same server as postfix, you can use port 25 safely. If it's on a different server, use 587 with tls:// (like Jesse said).
This is not working and Roundcube doesn't event show an error. It just get stuck working and finally a timeout (let me say firewall is disabled). I see. Thunderbird is the problem and also other email clients. As I mentioned, those unmasked IPs are spammers trying to brute-force and will be blocked by Fail2ban. If you want to check the logs related to Thunderbird requests, look at those segments which I have masked IP addresses like "connect from unknown[**.**.**.*]".
Ah, I missed that; makes sense. So the relevant log entries are simply the first 5 lines?: Code: Dec 28 22:56:35 localhost postfix/submission/smtpd[15865]: connect from unknown[**.**.**.*] Dec 28 22:56:35 localhost dovecot: imap-login: Aborted login (no auth attempts in 0 secs): user=<>, rip=**.**.**.*, lip=***.**.***.***, session=<2jMDWY23Lr1WORAJ> Dec 28 22:56:35 localhost postfix/submission/smtpd[15865]: improper command pipelining after EHLO from unknown[**.**.**.*]: QUIT\r\n Dec 28 22:56:35 localhost postfix/submission/smtpd[15865]: disconnect from unknown[**.**.**.*] ehlo=1 quit=1 commands=2 Dec 28 22:59:38 localhost dovecot: imap-login: Disconnected: Inactivity (no auth attempts in 180 secs): user=<>, rip=**.**.**.*, lip=***.**.***.***, session=<QJ7qY423Mr1WORAJ> Try searching with "thunderbird 'improper command pipelining'", eg. one of the first entries shows a virus scanner causing the problem.