SMTP - authentication failure

marc · November 26, 2025, 10:14pm

What type of hardware are you using: Raspberry Pi 0, 1 or 2
What YunoHost version are you running: 12.1.32
How are you able to access your server: Other(?)
Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: non

Describe your issue

Suddenly, it becomes impossible to send any mail, either by Computer Client, Smartphone Client, or Website (SOGo).
The message is “authentication failure”.

I did not change anything in my server.

On the log file, it seems that the connexion is lost, and also that the user is not recognized.

Any idea?

Thanks in advance

Share relevant logs or error messages

jarod5001 · November 26, 2025, 10:47pm

Check in the permissions section that the group all_users has email permission. Try restarting postfix and dovecot services. Does the diagnosis complain about something? Any config file manually modified?

marc · November 27, 2025, 11:22pm

Hi Jarod5001, Thank you for helping me another time as you already did last time here.

It seems to be the same kind of problem:

all_users have correct permissions
restarting postfix and dovecot doe not change anything
The diagnosis complains about reverse_dns for emails, and ipv6; But i try to connect with IPv4.
I changed the nslcd conf last time because of a long delay of SMTP and SSH connexions
I tried to configure relay SMTP : same problem
So i suppose, one more time, that it is a problem of LDAP connexion inside the server.
Strange thing: no problem to connect to IMAP server and retrive emails. The problem oncly occurs for SMTP. I suppose there is a problem in SMTP code , when the server wants to connect to LDAP
What i understand is:
- the email client starts a connexion to SMTP
- It connects to POSTFIX
- POSTFIX connects to LDAP to authenticate the user
- If the user is authenticated, it uses either internal or relay SMTP
- I conclude that there is a problem between POSTFIX and LDAP, but only for SMTP connexions, not IMAP connexions

otm33 · November 28, 2025, 11:59am

Any output for

yunohost tools regen-conf dovecot postfix slapd --dry-run --with-diff

?

or something relevant in dovecot logs ?

jarod5001 · November 28, 2025, 1:20pm

What’s the output of

grep "SASL.*authentication failed" /var/log/mail.log

You can use this script (but instead of sending mail, you can make output the results on the terminal, or change the recipient mail)

github.com/DeMiro5001/Linux-scripts

yunohost/mail-report

main

#!/bin/bash

# Script to generate and send pflogsumm report for yesterday's mail activity
# Requires pflogsumm and geoip-bin to be installed: `sudo apt install pflogsumm geoip-bin -y`
# Place it in /etc/cron.daily and ensure it is executable (with `chmod +x mail-report`)

# Set variables
LOG_FILE="/var/log/mail.log"
REPORT_DATE=$(date -d "yesterday" +"%Y-%m-%d")
YESTERDAY_FORMAT=$(date -d "yesterday" +"%Y-%m-%d")
SUBJECT="Postfix Mail Report for $REPORT_DATE"
RECIPIENT="root"

# Function to get country from IP using geoiplookup
get_country() {
    local ip=$1
    if command -v geoiplookup &> /dev/null; then
        # Try to get country from IP
        country=$(geoiplookup "$ip" 2>/dev/null | awk -F ': ' '{print $2}' | awk -F ',' '{print $1}')
        if [[ -z "$country" || "$country" == "IP Address not found" ]]; then

This file has been truncated. show original

marc · November 30, 2025, 10:59pm

Dear otm33; here are DOVECOT’ logs

2025-11-30T22:20:42.498078+00:00 famille-flender postfix/submission/smtpd[24195]: warning: unknown[2a01:e0a:231:d6b0:65bd:4e5a:305c:a10c]: SASL PLAIN authentication failed: Connection lost to authentication server, sasl_username=(unavailable)
2025-11-30T22:20:42.521029+00:00 famille-flender dovecot: auth: Error: auth client 0 disconnected with 1 pending requests: EOF

postfix’l logs:

And in response to

yunohost tools regen-conf dovecot postfix slapd --dry-run --with-diff

Warning: The configuration file '/etc/postfix/ldap-aliases.cf' has been manually modified and will not be updated
Warning: The configuration file '/etc/postfix/ldap-accounts.cf' has been manually modified and will not be updated
Warning: The configuration file '/etc/postfix/sasl_passwd' has been manually modified and will not be updated
postfix: 
  applied: 
  pending: 
    /etc/postfix/ldap-accounts.cf: 
      diff: @@ -1,6 +1,5 @@
 server_host = localhost
 server_port = 389
 search_base = dc=yunohost,dc=org
-#query_filter = (&(objectClass=mailAccount)(mail=%s)(permission=cn=mail.main,ou=permission,dc=yunohost,dc=org))
-query_filter = (&(objectClass=mailAccount)(mail=%s))
+query_filter = (&(objectClass=mailAccount)(mail=%s)(permission=cn=mail.main,ou=permission,dc=yunohost,dc=org))
 result_attribute = uid
      status: modified
    /etc/postfix/ldap-aliases.cf: 
      diff: @@ -1,6 +1,5 @@
 server_host = localhost
 server_port = 389
 search_base = dc=yunohost,dc=org
-#query_filter = (&(objectClass=mailAccount)(mail=%s)(permission=cn=mail.main,ou=permission,dc=yunohost,dc=org))
-query_filter = (&(objectClass=mailAccount)(mail=%s))
+query_filter = (&(objectClass=mailAccount)(mail=%s)(permission=cn=mail.main,ou=permission,dc=yunohost,dc=org))
 result_attribute = maildrop
      status: modified
    /etc/postfix/sasl_passwd: 
      diff: @@ -1 +0,0 @@
-[ssl.polytechnique.org]:587 marc.flender.1992:XXXXXXXXX
      status: modified

Here are the explainations:

LDAP manually changed in order to use aliases for my family members: i think there is no impact on SMTP
```
/etc/postfix/sasl_passwd :
```
this relay Host was typed in the Webadmin. Now, i understand that when we use SMTP relayhost , IPv6 does not work, and thus i could not send email with SMTP. But it xas impossible to diasblle relay host!! As a matter of fact, YUNOHOST said that the file sasl_password was manually changed and could not be changed by Yunohos. But i did not change it manually

marc · November 30, 2025, 11:30pm

Dear @jarod5001 and @otm33 ,

It works now, but i think we can improve Yunohost.

My SMTP config was ip-v6 allowed
when SMTP started to malfunction last week, i remembered, in examining /etc/postfix/main.cf, that i had manually configured a SMTP relay some years ago to solve email blacklist problems. This configuration was made before yunohost proposed a SMTP relay in yunohos Wabadmin
So i regenerated main.cf last week. And declared properly the relay host in the webadmin
Today i de-activated Ipv6 as proposed by yunohost diagnosis warning. And then it works : emails could be sent by SMTP…using relay host
And when i deactivated smtp relay in webadmin, it was not applied: all emails were sent to relay host
the relay host configuration was really reset when i use otm33 command yunohost tools regen-conf dovecot postfix slapd --dry-run --with-diff

Conclusion

if a SMTP relay host is used in Yunohost webadmin, then it should be forbidden to tick IPv6
If the SMTP relay host is de-activated in Yunohost Webadmin, (here is the bug) , the configuration is not changed because Yunohost thinks that /etc/postfix/sasl_passwd has been manually changed before

otm33 · November 30, 2025, 11:54pm

Hello @marc

That rings a bell…

I had a similar issue creating a config panel.

I think this is related to one of the config panel behaviors: ticking the SMTP option only makes the other SMTP fields visible or invisible, but it doesn’t clear or disable their values when they are hidden and when saving.