SMTP Authentication failed

[RubusFruticosus74]

Describe the bug

Hi there, We just install a fresh Paheko 1.3.6-yhn2 app on our yunohost on the root of a sub-domain gestion.mysite.com and the sendmail does not work with the default config. It produce a "authentication failed" error, when the paheko user send a mail (and the mail queue is filling a lot of the same error in the logs), but I'm not enough expert to understand the SMTP config and how to resolve the authentication on the mail server. Our mail server is working well, I think, maybe I have just to set the good password for user paheko, but I don't know how to do this. Any Idea to solve this issue? thanks in advance!

[rodinux]

Hello, did you have added the entries for the domain gestion.mysite.com in the dns zone ? You may need the mail entries, You can see them doing this

yunohost domain dns suggest gestion.mysite.com

And under ; Mail you will have the corrects dns to add in dns zone of your registar

; Mail
gestion 3600 IN MX 10 gestion.mysite.com.
gestion 3600 IN TXT "v=spf1 a mx -all"
mail._domainkey.gestion 3600 IN TXT "v=DKIM1; h=sha256; k=rsa; p=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
_dmarc.gestion 3600 IN TXT "v=DMARC1; p=none"

[RubusFruticosus74]

Hi, Thanks very Rodinux! Effectively I didn't configure these DNS fields! I will do it and tell you if it works :-)

[RubusFruticosus74]

Hi Rodinux, I have created the DNS records and waited for propagation, but I still have the "KD2\SMTP_Exception: SMTP AUTH error: 535 5.7.8 Error: authentication failed" It's like the paheko user account is not well configure to access the SMTP server, but I have no idea on how to check this Do you know how I can check this? Thanks in advance Nico

[rodinux]

I have created the DNS records and waited for propagation, but I still have the "KD2\SMTP_Exception: SMTP AUTH error: 535 5.7.8 Error: authentication failed" It's like the paheko user account is not well configure to access the SMTP server, but I have no idea on how to check this Do you know how I can check this?

Do you already have add the entry gestion 3600 IN A XXX.XXX.XXX.XXX ?

The user paheko is not declared on the paheko app or on yunohost, and don't have to be...

The sender app_user mail is normally configured by the install process, You can check like this

cat /var/www/paheko/config.local.php |grep SMTP

You can also try do this

yunohost tools regen-conf postfix -n -d

If the changes may be interesting

yunohost tools regen-conf postfix --force

and

yunohost tools regen-conf dovecot -n -d

If the changes may be interesting

yunohost tools regen-conf dovecot --force

Normally you must have something related with the domain in /etc/postfix/app_senders_login_maps

You can see it with grep -r gestion /etc/postfix/

For me with a paheko on garradin.mywebsite.tld

grep -r garradin /etc/postfix/
/etc/postfix/app_senders_login_maps:paheko@garradin.mywebsite.tld paheko
grep: /etc/postfix/sni.db: binary file matches
/etc/postfix/sni:garradin.mywebsite.tld /etc/yunohost/certs/garradin.mywebsite.tld/key.pem /etc/yunohost/certs/garradin.mywebsite.tld/crt.pem
grep: /etc/postfix/app_senders_login_maps.db: binary file matches

You can test the crontab also

sudo -u paheko /usr/bin/php8.2 /var/www/paheko/scripts/cron.php
sudo -u paheko /usr/bin/php8.2 /var/www/paheko/scripts/emails.php

Someone have done a special configuration here https://forum.yunohost.org/t/paheko-erp-for-non-profit-organization/23699/75

I am not sure is a good idea to do like this ??

[RubusFruticosus74]

Thanks very much for your help Rodinux! I tried with the A Record and had the same error. My colleague ask me to create a "gestion.mysite.com CNAME mysite.com" instead of the A record, but it should be the same, the sub-domain gestion point on the same adress than mysite.com. the cat /var/www/paheko/config.local.php | grep SMTP is:

 * Hôte du serveur SMTP, mettre à false (défaut) pour utiliser la fonction
const SMTP_HOST = 'gestion.mysite.com';
 * Port du serveur SMTP
const SMTP_PORT = 25;
 * Login utilisateur pour le server SMTP
const SMTP_USER = 'paheko';
 * Mot de passe pour le serveur SMTP
const SMTP_PASSWORD = 'xxxxxxxxxxxxxxxxxxxxxxxxx';
 * Sécurité du serveur SMTP
const SMTP_SECURITY = 'STARTTLS';
 * Nom du serveur utilisé dans le HELO SMTP
const SMTP_HELO_HOSTNAME = 'gestion.mysite.com';

For the command :grep -r gestion /etc/postfix/ grep: /etc/postfix/sni.db: binary file matches /etc/postfix/sni:gestion.mysite.com /etc/yunohost/certs/gestion.mysite.com/key.pem /etc/yunohost/certs/gestion.mysite.com/crt.pem /etc/postfix/app_senders_login_maps:paheko@gestion.mysite.com paheko grep: /etc/postfix/app_senders_login_maps.db: binary file matches

I regenerated the postfix main.cf with --force. There was effectively some differences because we changed some anti-spam spamhaus config manually. For dovecot there's no proposals...

In the journalctl I have some stranges messages, but I am not expert enough to understand:

postfix/pipe[1467995]: 2A92068B99: to=<paheko@mysite.com>, orig_to=<paheko>, relay=dovecot, del>
Mar 09 15:06:01 mysite.com dovecot[1468007]: lda(paheko@mysite.com)<1468007><+4zpC9l67GVnZhYAGlxb9w>: sieve: msgid=<202403>
**Mar 09 15:06:01 mysite.com postfix/trivial-rewrite[1467917]: warning: do not list domain mysite.com in BOTH virtual_mailbo>
Mar 09 15:06:01 mysite.com postfix/qmgr[1467916]: 2A92068B99: from=<paheko@mysite.com>, size=602, nrcpt=1 (queue active)**
Mar 09 15:06:01 mysite.com postfix/cleanup[1467991]: 2A92068B99: message-id=<20240309150601.2A92068B99@mysite.com>
Mar 09 15:06:01 mysite.com CRON[1467999]: pam_unix(cron:session): session closed for user paheko
**Mar 09 15:06:01 mysite.com postsrsd[1467992]: srs_forward: <paheko@mysite.com> not rewritten: Domain excluded by policy
Mar 09 15:06:01 mysite.com postfix/pickup[1467915]: 2A92068B99: uid=986 from=<paheko>
Mar 09 15:06:01 mysite.com CRON[1468000]: (paheko) CMD (/usr/bin/php8.2 /var/www/paheko/scripts/emails.php)
Mar 09 15:06:01 mysite.com CRON[1467999]: pam_unix(cron:session): session opened for user paheko(uid=986) by (uid=0)
Mar 09 15:05:59 mysite.com postfix/qmgr[1467916]: 127FD601FA: removed
Mar 09 15:05:59 mysite.com postfix/pipe[1467995]: 127FD601FA: to=<mysite.com@mysite.com>, orig_to=<info@mysite.com>, relay=d>**
Mar 09 15:05:59 mysite.com dovecot[1467996]: lda(mysite.com@mysite.com)<1467996><FhXPHdd67GVcZhYAGlxb9w>: sieve: msgid=<20114>
Mar 09 15:05:59 mysite.com postfix/trivial-rewrite[1467917]: warning: do not list domain mysite.com in BOTH virtual_mailbo>

I think maybe the pb is here "srs_forward: paheko@mysite.com not rewritten: Domain excluded by policy" but I don't know which policy it could be! When I run a simple PHP sendmail as paheko user, it's work: su -c "php sendmail.php" -s /bin/bash paheko I really don't understand this "Unauthorized"

Thanks again for you help and I will tell you If I find the solution

[RubusFruticosus74]

Hello Rodinux I tried the const SMTP_HOST = false; ----> utilisation de localhost comme adresse de serveur de courrier dans Paheko (cf doc Paheko) in /var/www/paheko/config.local.php as mention by Yves and it works with this config!!! And I don't have any warning in the journalctl Thanks so much for your help!!! Nico

[RubusFruticosus74]

Du coup, je ferme l'issue! Grand merci pour ton aide :-)