Incorrect authentication only for mass mailing

[koda]

I'm facing a very odd issue while trying to send mails.
I have a virtual network between 2 cloud istance. I use that private network IP to send mails from the web server throught the SMTP/CPanel server, with authentication.
I created an email account on the CPanel server which I use just for this and on the web server I have a service wich aysnchronously forwards e-mails to be sent to CPanel server and it has also settings for throttling and such.

The odd thing I'm facing is that if I'm sending like 2-3 email it works perfectly. If I try to send 1000+ emails i receive an authentication error like the following:

Description: SERVER_ERROR: 535 Incorrect authentication data

Error code: 535
MTA: ip.ip.42.133

SMTP Conversation:

Sun, 23 Feb 2014 14:52:30 +0100
Connecting ip.ip.42.133 25
Connected
220-mail.myserver.net ESMTP Exim 4.82 #2 Sun, 23 Feb 2014 14:53:13 +0100
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO mail.myserver.net
250-mail.myserver.net Hello provider.com [ip.ip.42.236]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
AUTH LOGIN
334 VXNlcm5hbWU6
*REDACTED*
334 UGFzc3dvcmQ6
*REDACTED*
535 Incorrect authentication data

Any hint on were to look for this? Maybe too many mails in a few time (like 1000 in less than 1 minute?)
Or could this have something to do with a bad Helo domain? I used a domain wich actually was on the CPanel/SMTP server rathar than a domain from the Web server (which was sending the mail through the other one)
Thanks in advance

 

[cPanelMichael]

Hello

Check /var/log/maillog on the cPanel server when this happens or search it for the time that it occurred and look for any specific error messages.

Thank you.

 

[koda]

Hallo Michael, what you mean with "specifi error"? I mean in that email that returned back with the report I have:

Description: SERVER_ERROR: 535 Incorrect authentication data
In the path you provided do you think there are more detailed info on that?

It seemed very casual like on another test it blocked 10 email on over 2000 with that error and sent me 2 times the error report (so I received 20 total). I tried to send more than 2000 email in 3-4 minutes. Maybe it was just a massive load that caused the random failure?
Also note that I added all the IPs (of the webserver both public and private) to the mail server WHM > Service Configuration > Exim Configuration Manager > Access List > Trusted SMTP IP addresses, so this should override any ratelimit setting btw (which is not present in any case).

I also checked in the web server queuing service that I use to forward the mails to the mail server and the error was:
SERVER_ERROR: 535 Incorrect authentication data (final);cmd=*REDACTED*

Now I scheduled 2 max concurrent connection (for that queue service) for a max of 25 email per minute... this should hit less hard the mail server and maybe skip the errors.

 

[cPanelMichael]

Yes, there might be more information in /var/log/maillog when this occurs. You may need to increase the following limits in "WHM Home » Service Configuration » Mailserver Configuration":

Number of Spare Authentication Processes
Maximum Number of Authentication Processes

Thank you.

 

[koda]

You are the best as always. I'm asking my admin friend to check the /var/log/maillog thank you again.

 

[koda]

Ok Micheal I think I found the problem. The problem should be where you pointed at "Maximum Number of Authentication Processes".
BUT looking at the log I see a very odd behaviour. I increased the "Maximum Number of Authentication Processes" from 50 to 150 (and I see the correct value saved in the WHM gui infact), but looking at the logs, it seems the default "50" (+5 spare) value is still retained:

2014-02-23 14:51:52 SMTP connection from [xxx.xxx.42.236]:53793 (TCP/IP connection count = 55)
2014-02-23 14:51:52 1WHZTA-0001Wx-07 => [email protected] R=lookuphost T=remote_smtp H=mx-eu.xxxxx.xxx.xxxxxx.net [xxx.xxx.69.79] X=TLSv1:DHE-RSA-CAMELLIA256-SHA:256 C="250 ok dirdel"
2014-02-23 14:51:52 1WHZTA-0001Wx-07 Completed
2014-02-23 14:51:52 dovecot_login authenticator failed for xxxx-xxxxx-xx.xxxxx.com (mail.xxxxx.xxx) [xxx.xxx.42.236]:53738: 535 Incorrect authentication data ([email protected])
2014-02-23 14:51:52 dovecot_login authenticator failed for xxxx-xxxxx-xx.xxxxx.com (mail.xxxxx.xxx) [xxx.xxx.42.236]:53748: 535 Incorrect authentication data ([email protected])


After 50 connection (+5 spare) atuh fails.


I didn't restart Exim after changing the configuration where you pointed me at. Should I restart exim as well? Or do I have to look elsewhere? thanks

 

[cPanelMichael]

Feel free to open a support ticket using the link in my signature if you want us to take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

 

[koda]

I will, but I guess this shouls be avoidable... we found the culprit already. Do you just think Exim should have been restarted for the new "Maximum Number of Authentication Processes" setting to be active? Maybe it was just this.

 

[cPanelMichael]

No, that setting is related to the mail server, Dovecot. Dovecot is automatically restarted after making the change.

Thank you.

 

[koda]

I see... then maybe I should reall open a ticket... I didn't want to bug you

 

[cPanelMichael]

Opening a ticket will allow us the opportunity to access your system and review the mail logs. You can post the ticket number here and we can update this thread with the outcome.

Thank you.