-2

I just finished following this tutorial on Digital Ocean for configuring a Dovecot, MySQL, and Postfix email server. I did not follow it to the end. (I didn't install Spam Assassin.) I also used a self-generated SSL temporarily. Other than that, I followed the tutorial to the letter. At every point where I was told to do a test command, I did so and the results were what the author said they should be.

The problem is that using an email client (like Thunderbird) I cannot login to the server. However, using Telnet I can connect to SMTP on ports 587 and 25. I can also connect to IMAP on port 993. (25, 587, and 993 are the ONLY ports I have forwarded from my external IP.)

I have checked the data in the MySQL DB. My user exists with my desired password.

How can I troubleshoot the issue here? Is there a way to test login credentials using telnet?

EDIT

Authentication is the issue. I've initiated the connection with openssl s_client -connect mail.example.com:587 -starttls smtp (Thanks 84104). My exchange then looks like this...

ehlo example.com
250-hostname.example.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
MyBase64EncodedUsername
334 UGFzc3dvcmQ6
MyBase64EncodedPassword
535 5.7.8 Error: authentication failed: Connection lost to authentication server

Is there a debugging route I can take to find the problem? Is this simply authentication or a connection issue?

Allenph
  • 135
  • 10

1 Answers1

2

smtpd_tls_auth_only = yes means that telnet isn't going to be a viable option for credential testing. You really don't want to do the TLS negotiation by hand.

Instead use something like openssl s_client, e.g. openssl s_client -connect mail.example.com:587 -starttls smtp.

Once connected you can then issue the standard commands. The exchange should look similar too: 

S> Blah...Blah...Blah...
S> ---
S> 250 DSN
C> ehlo <client hostname>
S> 250-<server hostname>
S> Blah...Blah...
S> 250-AUTH PLAIN LOGIN
S> Blah...Blah...
S> 250 DSN
C> auth plain <echo -ne '\0<username>\0password>' | base64>
S> 235 2.7.0 Authentication successful
84104
  • 12,698
  • 6
  • 43
  • 75
  • Thanks! That worked. Is there a way to login with credentials? – Allenph Oct 04 '16 at 01:33
  • 1
    @Allenph The same way you would had you been using telnet. I've added an example exchange. – 84104 Oct 04 '16 at 01:50
  • I attempted to login...authentication is the problem. I did it a little differently than you, though. I logged in, issued `ehlo example.com`, then `AUTH LOGIN` then used Perl to give me the Base64 encoded version of my username and password. I then entered my username, entered, then my password. Authentication failed. I noticed that the author of that tutorial uses SHA2. Does that have something to do with it? How can I debug the setup? – Allenph Oct 04 '16 at 01:57
  • I've expanded my question with an example of my exchange after logging in to SMTP. – Allenph Oct 04 '16 at 02:01