exim error 535

Status
Not open for further replies.
P

poNgz0r

Verified User
Joined
Jul 1, 2019
Messages
26
Oke so i have customer that has like 5 email addresses. Lets say:

[email protected]
[email protected]
[email protected]
[email protected]

I configured it on pc 1 with SSL. incoming server imap.domain.com port 993. Outgoing smtp.domain.com SSL port 456 i believe out of my head (basically outlook takes auto settings)

Everything works no problem. I set it up on PC 2 all the same address everything works at first but after 15 minutes or something i get this error:
exim1 2019-07-01 19:02:01 login authenticator failed for xxx.chello.nl ([IPv6:::ffff:192.168.178.171]) [213.93.xxx.xxx]: 535 Incorrect authentication data ([email protected])

I doesn't matter what i do, unless i remove [email protected] from PC 2 the error logs are gone. I already went to custom build dir to add custom properties like, max smtp connections to 1000, max connections per host 50 nothing seems to matter. All the other mail address on PC 2 are working fine, all with the same settings but somehow [email protected] keeps erroring with the 535 error. I know it's PC 2 because its sending the internal ip address aswell (see 192.168.178.xxx)

I restarted everything, i turned off firewalls, i tried Outlook 365, i tried Thunderbird, doesn't matter what i do, as soon as i add the [email protected] to the PC 2, it is showing up in the brute force log with 535 error on exim.

Please advice me what i can do, i am totally clueless right now

Greetings,
Dennis
 
I found some additional info, but i don't know what this means: 2019-07-01 19:21:15 TLS error on connection from xxx.chello.nl [213.93.xxx.xxx] (SSL_accept): error:00000000:lib(0):func(0):reason(0)

The customer is on wifi with his laptop, don't know if it matters
 
I also found out that i get 2 errors logs directly behind eachother:

2019-07-01 21:05:03 login authenticator failed
and
2019-07-01 21:05:03 plain authenticator failed

Somehow its trying plain and login authenticator...
 
Hello,

Try in a mail program:

- IMAP with SSL/TLS on port 143
- SMTP with SSL/TLS on port 587 with SMTP-auth.
 
zEitEr said:
Hello,

Try in a mail program:

- IMAP with SSL/TLS on port 143
- SMTP with SSL/TLS on port 587 with SMTP-auth.
Click to expand...

I will, what is the best settings for mail anyway? I use SSL everywhere. BTW I will try the settings but why does everything work on pc1 and is giving pc2 so much trouble?
 
I've suggested settings which I personally use and offer to my customers. I found them working in most cases (at least with modern versions of software).

Information you provided is not sufficient to identify a root cause of the issue. Yes, it shows that you have certain issues, but still it is not clear why.

The logs say that a client with IP 213.93.xxx.xxx tries to connect to a SMTP with wrong or missing password, and the connection fails.

Exim configured by DirectAdmin requires a SMTP authentication configured on a client's side. So you need to make sure it is enabled.
 
zEitEr said:
I've suggested settings which I personally use and offer to my customers. I found them working in most cases (at least with modern versions of software).

Information you provided is not sufficient to identify a root cause of the issue. Yes, it shows that you have certain issues, but still it is not clear why.

The logs say that a client with IP 213.93.xxx.xxx tries to connect to a SMTP with wrong or missing password, and the connection fails.

Exim configured by DirectAdmin requires a SMTP authentication configured on a client's side. So you need to make sure it is enabled.
Click to expand...

Well for some reason when i try:
smtp.domain.com
Port: 587
Method: SSL/ TLS

For the server with outgoing e-mail (SMTP) is authentication required (checkbox checked). It says Oops there are problems (Outlook). When i use port 456 it's no problem. Seems like 587 isn't working?
Anyway i can fix that? I have that CSF module in directadmin installed
 
zEitEr said:
I've suggested settings which I personally use and offer to my customers. I found them working in most cases (at least with modern versions of software).

Information you provided is not sufficient to identify a root cause of the issue. Yes, it shows that you have certain issues, but still it is not clear why.

The logs say that a client with IP 213.93.xxx.xxx tries to connect to a SMTP with wrong or missing password, and the connection fails.

Exim configured by DirectAdmin requires a SMTP authentication configured on a client's side. So you need to make sure it is enabled.
Click to expand...

Yeah but the thing is. The username and password isn't wrong. However STARTTLS + 143 for imap.domain.com works. When i go to smtp and do smtp.domain.com SSL/TLS port 587 with SMTP-auth i get nothing. Outlook doesn't accept it. When i change the port to 465 (which it was already, also already SMTP-auth) it works but then i get sometimes that weird log record.
 
Table Chain num pkts bytes target prot opt in out source destination
filter INPUT 26 0 0 ACCEPT tcp -- !lo * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587

filter OUTPUT 27 0 0 ACCEPT tcp -- * !lo 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:587

filter DENYIN 52 0 0 DROP tcp -- !lo * xxx.xxx.xxx.xxx 0.0.0.0/0 tcp dpt:587

filter DENYOUT 52 0 0 LOGDROPOUT tcp -- * !lo 0.0.0.0/0 xxx.xxx.xxx.xxx tcp dpt:587


How should i read this?
 
In CSF itself when i click view ports i get this:

587 tcp 4/- - 12360 mail /usr/sbin/exim -bd -q1h /usr/sbin/exim
 
You have 587 port opened for incoming/outgoing connections for all IPs excluding xxx.xxx.xxx.xxx, which is blocked. Is it the PC2 IP address masked and blocked? If so you need to go to DirectAdmin Brute force manager and unblock it. If the IP is persistent you can add it into a skip list on the same page in DA.
 
zEitEr said:
You have 587 port opened for incoming/outgoing connections for all IPs excluding xxx.xxx.xxx.xxx, which is blocked. Is it the PC2 IP address masked and blocked? If so you need to go to DirectAdmin Brute force manager and unblock it. If the IP is persistent you can add it into a skip list on the same page in DA.
Click to expand...

Yes well it gets blocked somehow. The thing is somehow my client shows up with invalid authentication. Also a weird thing, even tho port 587 is open, i am unable to configure and use port 587 myself too. I also made an inquiry on your site to ask for help. How much would that cost if you look into this for me and configure it properly
 
Well maybe something extra, i merged the mail from server 1 to server 2 with imapsync, maybe that messed it up somehow? Also that doesn't matter i guess because my own mail which is on the same server i dont get that configured using port 587 either
 
Well, 587 port might be blocked by your ISP, if this is the case you can still try 465 or any custom port 2525 added additionally in Exim config or using port forwarding in CSF/LFD.

imapsync should not cause firewall ban for your customer IP.

Anyway I believe the server is configured fine unless you replaced original configs. And it might be an issue on a PC2 side.

p.s. replied you by email.
 
zEitEr said:
Well, 587 port might be blocked by your ISP, if this is the case you can still try 465 or any custom port 2525 added additionally in Exim config or using port forwarding in CSF/LFD.

imapsync should not cause firewall ban for your customer IP.

Anyway I believe the server is configured fine unless you replaced original configs. And it might be an issue on a PC2 side.

p.s. replied you by email.
Click to expand...

I have now everything setup with STARTTLS 143 for incoming (mail.domain.com)
I have mail.domain.com outgoing for 465 with SSL/TLS and SMTP-auth and i still see this in the logs:

2019-07-03 11:16:01 login authenticator failed for xxx.chello.nl ([IPv6:::ffff:192.168.xxx.xxx]) [213.93.166.201]: 535 Incorrect authentication data ([email protected])
192.168.xxx.xxx = PC2

What am i missing?
 
zEitEr said:
Is a password for [email protected] accepted in webmail? Is it accepted from another device?
Click to expand...

On both questions the answer is yes. The weird thing is. It's just on that PC2 and i get 5 errors at a time

15621516610003 213.93.xxx.xxx [email protected] 1 exim1 2019-07-03 13:00:02 login authenticator failed for xxx.upc-e.chello.nl ([IPv6:::ffff:192.168.178.171]) [213.93.xxx]: 535 Incorrect authentication data ([email protected])
15621516610002 213.93.xxx.xxx [email protected] 1 exim1 2019-07-03 13:00:02 plain authenticator failed for xxx.upc-e.chello.nl ([IPv6:::ffff:192.168.178.171]) [213.93.xxx]: 535 Incorrect authentication data ([email protected])
15621516610001 213.93.xxx.xxx [email protected] 1 exim1 2019-07-03 13:00:01 login authenticator failed for xxx.upc-e.chello.nl ([IPv6:::ffff:192.168.178.171]) [213.93.xxx]: 535 Incorrect authentication data ([email protected])
15621516610000 213.93.xxx.xxx [email protected] 1 exim1 2019-07-03 13:00:01 plain authenticator failed for xxx.upc-e.chello.nl ([IPv6:::ffff:192.168.178.171]) [213.93.xxx]: 535 Incorrect authentication data ([email protected])

Webmail works, it even works on my PC, it works on 1 customer pc without problems. The thing is they have 5 mailboxes and this is the only one, also on one PC which give these errors
 
The affected PC must be having another program which tries to connect to SMTP service either without password or with a wrong one. It's not the server's side issue I'd rather say. Probably the PC#2 has malware or other hidden services.
 
When i Google this error i get several suggestions:

- Password is too weak, well it is a weak password but i am not sure if that is the real problems, sounds like a weird error if it is really a weak password
- Incorrect data which i am 100% sure it isn't because it works on my PC and on another PC from the customer
- Invalid permission, but i ran: https://help.directadmin.com/item.php?id=173 to fix that, didn't know if it was a cause but it didn't solve anything either
 
Status
Not open for further replies.
Back
Top