The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Incorrect authentication only for mass mailing

Discussion in 'E-mail Discussions' started by koda, Feb 23, 2014.

  1. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I'm facing a very odd issue while trying to send mails.
    I have a virtual network between 2 cloud istance. I use that private network IP to send mails from the web server throught the SMTP/CPanel server, with authentication.
    I created an email account on the CPanel server which I use just for this and on the web server I have a service wich aysnchronously forwards e-mails to be sent to CPanel server and it has also settings for throttling and such.

    The odd thing I'm facing is that if I'm sending like 2-3 email it works perfectly. If I try to send 1000+ emails i receive an authentication error like the following:

    Description: SERVER_ERROR: 535 Incorrect authentication data

    Error code: 535
    MTA: ip.ip.42.133

    SMTP Conversation:

    Sun, 23 Feb 2014 14:52:30 +0100
    Connecting ip.ip.42.133 25
    Connected
    220-mail.myserver.net ESMTP Exim 4.82 #2 Sun, 23 Feb 2014 14:53:13 +0100
    220-We do not authorize the use of this system to transport unsolicited,
    220 and/or bulk e-mail.
    EHLO mail.myserver.net
    250-mail.myserver.net Hello provider.com [ip.ip.42.236]
    250-SIZE 52428800
    250-8BITMIME
    250-PIPELINING
    250-AUTH PLAIN LOGIN
    250-STARTTLS
    250 HELP
    AUTH LOGIN
    334 VXNlcm5hbWU6
    *REDACTED*
    334 UGFzc3dvcmQ6
    *REDACTED*
    535 Incorrect authentication data

    Any hint on were to look for this? Maybe too many mails in a few time (like 1000 in less than 1 minute?)
    Or could this have something to do with a bad Helo domain? I used a domain wich actually was on the CPanel/SMTP server rathar than a domain from the Web server (which was sending the mail through the other one)
    Thanks in advance
     
    #1 koda, Feb 23, 2014
    Last edited: Feb 23, 2014
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Check /var/log/maillog on the cPanel server when this happens or search it for the time that it occurred and look for any specific error messages.

    Thank you.
     
  3. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Hallo Michael, what you mean with "specifi error"? I mean in that email that returned back with the report I have:

    Description: SERVER_ERROR: 535 Incorrect authentication data
    In the path you provided do you think there are more detailed info on that?

    It seemed very casual like on another test it blocked 10 email on over 2000 with that error and sent me 2 times the error report (so I received 20 total). I tried to send more than 2000 email in 3-4 minutes. Maybe it was just a massive load that caused the random failure?
    Also note that I added all the IPs (of the webserver both public and private) to the mail server WHM > Service Configuration > Exim Configuration Manager > Access List > Trusted SMTP IP addresses, so this should override any ratelimit setting btw (which is not present in any case).

    I also checked in the web server queuing service that I use to forward the mails to the mail server and the error was:
    SERVER_ERROR: 535 Incorrect authentication data (final);cmd=*REDACTED*

    Now I scheduled 2 max concurrent connection (for that queue service) for a max of 25 email per minute... this should hit less hard the mail server and maybe skip the errors.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Yes, there might be more information in /var/log/maillog when this occurs. You may need to increase the following limits in "WHM Home » Service Configuration » Mailserver Configuration":

    Number of Spare Authentication Processes
    Maximum Number of Authentication Processes


    Thank you.
     
  5. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    You are the best as always. I'm asking my admin friend to check the /var/log/maillog thank you again.
     
  6. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Ok Micheal I think I found the problem. The problem should be where you pointed at "Maximum Number of Authentication Processes".
    BUT looking at the log I see a very odd behaviour. I increased the "Maximum Number of Authentication Processes" from 50 to 150 (and I see the correct value saved in the WHM gui infact), but looking at the logs, it seems the default "50" (+5 spare) value is still retained:

    2014-02-23 14:51:52 SMTP connection from [xxx.xxx.42.236]:53793 (TCP/IP connection count = 55)
    2014-02-23 14:51:52 1WHZTA-0001Wx-07 => xxxxx_xxxxx@yahoo.it R=lookuphost T=remote_smtp H=mx-eu.xxxxx.xxx.xxxxxx.net [xxx.xxx.69.79] X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 C="250 ok dirdel"
    2014-02-23 14:51:52 1WHZTA-0001Wx-07 Completed
    2014-02-23 14:51:52 dovecot_login authenticator failed for xxxx-xxxxx-xx.xxxxx.com (mail.xxxxx.xxx) [xxx.xxx.42.236]:53738: 535 Incorrect authentication data (set_id=thesender@mydomain.com)
    2014-02-23 14:51:52 dovecot_login authenticator failed for xxxx-xxxxx-xx.xxxxx.com (mail.xxxxx.xxx) [xxx.xxx.42.236]:53748: 535 Incorrect authentication data (set_id=thesender@mydomain.com)


    After 50 connection (+5 spare) atuh fails.


    I didn't restart Exim after changing the configuration where you pointed me at. Should I restart exim as well? Or do I have to look elsewhere? thanks
     
    #6 koda, Feb 27, 2014
    Last edited: Feb 27, 2014
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Feel free to open a support ticket using the link in my signature if you want us to take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  8. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I will, but I guess this shouls be avoidable... we found the culprit already. Do you just think Exim should have been restarted for the new "Maximum Number of Authentication Processes" setting to be active? Maybe it was just this.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
  10. koda

    koda Well-Known Member

    Joined:
    Jan 10, 2014
    Messages:
    57
    Likes Received:
    1
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I see... then maybe I should reall open a ticket... I didn't want to bug you :(
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,723
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Opening a ticket will allow us the opportunity to access your system and review the mail logs. You can post the ticket number here and we can update this thread with the outcome.

    Thank you.
     
Loading...

Share This Page