Urgent: 535 Incorrect authentication data

its_joy

Well-Known Member
Dec 29, 2007
54
0
56
Hello,

We are facing below error while trying to send mail. Also not receiving mails.

---------------------------------------------------------
2008-08-02 11:18:23 fixed_login authenticator failed for (localhost) [127.0.0.1]:54412 I=[127.0.0.1]:25: 535 Incorrect authentication data
----------------------------------------------------------------------

The domain and user are not present at /etc/demodomains & /etc/demousers
Also permissions for /etc/passwd & /etc/shadow are correct.
We have also done /scripts/eximup --force
But still facing the same error.

Please update us with exact solution.

Thank you in advance.

Regards,
its_joy.
 

mtindor

Well-Known Member
Sep 14, 2004
1,391
70
178
inside a catfish
cPanel Access Level
Root Administrator
Hello,

We are facing below error while trying to send mail. Also not receiving mails.

---------------------------------------------------------
2008-08-02 11:18:23 fixed_login authenticator failed for (localhost) [127.0.0.1]:54412 I=[127.0.0.1]:25: 535 Incorrect authentication data
----------------------------------------------------------------------

The domain and user are not present at /etc/demodomains & /etc/demousers
Also permissions for /etc/passwd & /etc/shadow are correct.
We have also done /scripts/eximup --force
But still facing the same error.

Please update us with exact solution.

Thank you in advance.

Regards,
its_joy.
If you're looking for a solution, open a ticket. It's been stated numerous times that these forums aren't support forums.

Somebody will help you if they can, but you can't expect to have Cpanel fix anything for you based upon a message you put in these forums.

Mike
 

Manoj_Krishnan

Registered
Aug 14, 2008
3
0
51
Hello

Please check whether the folder etc in the location

/home/"username"/etc/ is in the ownership username:mail

If not please change it by

chown username:mail /home/username/etc/ -R


Thanks

Manoj Krishnan
Systems Engineer
http://SupportPRO.com :: Transparent Web Hosting Support Services to Web Hosting Businesses ..
 

MaestriaNick

Well-Known Member
Aug 6, 2008
159
3
68
is the entry for domain name present in /etc/localdomains file ?
 

gruvin

Member
Feb 20, 2006
13
1
151
same problem -- different cause in case it helps

Hi


Perhaps this post will help some lonely Googler some day :)

I had the same problem and found this thread as a result. But in my case none of the above, or the /etc/demo files were the cause.

In this case it was a file permissions problem, but it was that the user's main home found /home/user had been set wrx------ (700) instead of rwx--x--x (711) as it should have been. So the mail group process couldn't get down into /home/user/etc/domain to read the passwd file.

Fix: chmod 711 /home/user
 

InstaCarma_Tech

Well-Known Member
Apr 22, 2009
227
1
68
Another reason!

additional info for that lonely googler ;)

This might also happen when the option “Allow mail account authentication using the password of the domain owner’s account” in WHM -> Server Configuration -> Tweak Settings is enabled.
Webmail logs you in but attempts to use the cPanel account password via SMTP. Hence. the problem.

Disable the option and check.
If this does not fix the issue then try running /scripts/upcp
 

claudio

Well-Known Member
Jul 31, 2004
201
0
166
in fact there is another place to find some issues resulting 535 errors

i found this at

/etc/userdomains

there you usually look for some blank space or broken line near to the domain that is having the incorrect authentication data issue error 535

kind regards
claudio
 

ponkjo

Registered
Jul 29, 2010
1
0
51
Same problem but itn's solved

Hi,

I prove all the solutions in this forum but the problem persist :confused:

Any another ideas?
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Hello,

What is the exact error message and what exactly have you tried?

Next, which of the following is this impacting:

- One email account on one domain on a cPanel account
- All email accounts on one cPanel account
- All email accounts on all cPanel accounts

Knowing which is impacted helps to narrow down substantially where the issue is occurring. Here is a breakdown of how providing specific details would be necessary:

[Impacted - one email account on one domain on a cPanel account]
Could be caused by incorrect permissions (ownership or file) on /home/username/mail/domain.com/passwd, shadow or quota file permissions
Could be caused by missing user /home/username/mail/domain.com/passwd, shadow or quota file(s)
Could be caused by incorrect permissions (ownership or file) on /home/username/mail/domain.com/emailuser folder or subfolder (cur, new)
Could be caused by missing /home/username/mail/domain.com/emailuser folder or subfolder (cur, new)
And so on

[Impacted - all email accounts on one cPanel account]
Could be caused by incorrect permissions (ownership or file) on any level leading up to /home/username/mail/domain.com/passwd, shadow or quota file(s)
Could be caused by missing users in /home/username/mail/domain.com/passwd, shadow or quota file(s)
Could be caused by setting immutable attributes on /home/username/mail/domain.com/passwd, shadow or quota file(s)
Could be caused by incorrect permissions (ownership or file) on any folders leading up to /home/username/mail/domain.com
Could be caused by missing /home/username/mail or /home/username/mail/domain.com folders
Could be caused by domain not being properly owned (/scripts/whoowns domain.com)
Could be caused by account not having been properly unsuspended (grep -i suspend /var/cpanel/users/username)
Could be caused by domain not digging to the machine for the DNS zone
Could be caused by the domain not being in /etc/localdomains and/or in /etc/remotedomains
And so on

[Impacted - one email account on one domain on a cPanel account]
Could be caused by exim not running
Could be caused by CSF firewall or iptables blocking port incoming and/or outgoing 25
Could be caused by immutable attribute set on /etc/exim.conf or any exim file(s) needing to be updated
Could be caused by Perl module issues
Could be caused by domains being in /etc/remotedomains
Could be caused by resolver not working (/etc/resolv.conf)
Could be caused by bind not properly working for named resolving local domains
And so on

There are many reasons that email might not function because email is extremely complex. At all points in time when reporting an error message, please ensure to provide whether it is just one email account on a domain, all email accounts on a cPanel account, or all email accounts on the machine. If you are unable to provide additional information for privacy concerns, then please submit a ticket using WHM > Support Center > Contact cPanel or using the link in my signature. If you post the ticket number upon opening one, we can track the progress of the ticket.

Please note that if you do not have root SSH and root WHM access, you would want to contact your datacenter, NOC or provider to have them investigate the issue. If they are unable to resolve it, then they could submit a ticket to us using our support channels.

Thanks!
 

StoneyCreeker

Well-Known Member
Oct 17, 2006
53
3
158
Upper-East TN
cPanel Access Level
Root Administrator
Thank you for that detailed answer! I now have an attack plan to try to figure out what my problem is.

I have 34 accounts on my WHM and I have one customer having trouble accessing multiple email accounts across 2 domains hosted on my WHM via IMAP. I sporiadically get this error via lfd:

================================
Time: Tue Feb 28 11:07:35 2012 -0500
IP: 76.7.110.xx (US/United States/tn-76-7-110-xx.dhcp.embarqhsd.net)
Failures: 1 (smtpauth)
Interval: 300 seconds
Blocked: Temporary Block (IP match in csf.allow, block may not work)

Log entries:

2012-02-28 11:07:31 dovecot_login authenticator failed for tn-76-7-110-xx.dhcp.embarqhsd.net (JAMIE) [76.7.110.xx]: 535 Incorrect authentication data ([email protected])

=========================
Some days he has no issues and other days I get dozens of these only for his computer.
I have whitelisted him in cPHulk and in CSF. He has a static IP. I even set up a rule in Host Access Control for dovecot to allow his static ip. I'm guessing on that one. :)

He is using Outlook 2003. I have deleted the accounts from his Outlook and re-created them. I have changed the passwords. Checked his machine for viruses, malware, spyware, and thouroughly cleaned his system. I have compacted the databases in Outlook and am about to try changing his email settings to use SSL.

Any other ideas?
Thanks for your time!
 

cPanelTristan

Quality Assurance Analyst
Staff member
Oct 2, 2010
7,607
40
248
somewhere over the rainbow
cPanel Access Level
Root Administrator
Have you tried temporarily disabling LFD options in CSF for blocking IPs to see if that fixes the issue? It appears to me given the timestamp on the email by that third party product that it is the cause of the issue with the failure to authenticate. Since we do not provide CSF and LFD, the best course of action would be to post on their forum about the issue:

CSF Forum
 

Infopro

Well-Known Member
May 20, 2003
17,091
516
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
Time: Tue Feb 28 11:07:35 2012 -0500
IP: 76.7.110.xx (US/United States/tn-76-7-110-xx.dhcp.embarqhsd.net)
Failures: 1 (smtpauth)
Interval: 300 seconds
Blocked: Temporary Block (IP match in csf.allow, block may not work)
If he typed in his password wrong, 1 time, you've got CSF set to block.

From CSF:

# [*]Enable login failure detection of SMTP AUTH connections

Default is 5.


I have whitelisted him in cPHulk and in CSF. He has a static IP. I even set up a rule in Host Access Control for dovecot to allow his static ip.
I would remove all of these changes. They should not be needed.

It may sound harsh, but if a user cannot type in the credentials properly and gets himself blocked (I do not use temp ban, I only use perm) and needs to contact you to get unblocked, he may take the time to login properly next time and avoid the wait for you to unblock his IP.

I may be wrong here of course, but it sounds to me like user error. Whitelisting any user as you have is a bad idea. In my humble opinion...
 

sardinha

Registered
Apr 19, 2013
1
0
1
cPanel Access Level
Root Administrator
Check in WHM » Server Configuration » Tweak Settings » Mail if Restrict outgoing SMTP to root, exim, and mailman (FKA SMTP Tweak) it's set off
 

tulsagraphics

Registered
Nov 5, 2006
1
0
151
I had the same "535 Incorrect Authentication Data" errors.
(This was an issue for one of my clients)

I initially checked CSF, and the IP was white listed. I also logged into their computers remotely, and verified they were able to access the server. I also set up a test email account (for myself) at their location, and still the same issue (Outlook pop-up login boxes non-stop) Pings were fine, WinMTR showed no packet loss, etc. etc.

Anyway, I stumbled across cphulk (in the forums). This also acts as a firewall... but I've never messed with it at all. In 7 years (managing 200 websites across 4 servers) I've never had a client get blacklisted in cphulk. Who knew?

Anyway, I added their IP to cphulk whitelist, and bam! Everybody was back in business.

I hope that helps!
 

laks

Member
Dec 14, 2011
12
0
51
cPanel Access Level
Root Administrator
Hi,

I have found one kind of solution, If you are using exim4 add the line in /etc/exim4/exim4.conf.localmacros file MAIN_TLS_ENABLE = true
or
vi /etc/exim.conf.local

MAIN_TLS_ENABLE = true

Thank you,