Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: OSX Server 10.8.5 email Authentication Issues

I am running email on OSX Server 10.8.5. I am on the same LAN with an email client, the Mail.app from Apple. I had to redo my server for various reasons, and it's giving me all kinds of problems.


I have a user in the server, "house". Login for services only. I'm only running email on this server. So this user's email address is house@mydomain.com as it has been for ages.


On the server:


Full Name: House

Account Name: house

email address: house@mydomain.com

Log in checked

mail stored locally

It's an IMAP account, as are all of them on OSX Server


In my Mail.app:


Account: IMAP

Description: House

Alias: House <house@mydomain.com>

email address: house@mydomain.com

Full Name: House

Incoming Mail Server: 192.168.1.6

user name: house@mydomain.com

password: ••••••••• (yes it is verified)


Outgoing Mail Server (SMTP): mailserver (verified)

TLS Certificate: an Apple cert


Note: I have 4 certs from Apple here, then my Box cert. No clue where that came from, but it expires June 11. In my mail client, I have choice of two of the Apple certs.


My mail server log shows the following:


May 25 13:46:32 mailserver.mydomain.com log[9047]: auth: Error: od(house,192.168.1.4): authentication failed for user=house@mydomain.com, method=DIGEST-MD5

May 25 13:46:38 mailserver.mydomain.com log[9047]: auth: Error: od(house,192.168.1.4): Credentials could not be verified, username or password is invalid.


I have no clue where to even start. I can't log into my own email server. I've checked usernames, full names, account names, passwords, etc.


Any insight appreciated, as to how I can fix this thing. Cheers.

Mac mini, OS X Server, 10.8.x server

Posted on

Reply

May 25, 2018 5:12 PM in response to BioRich In response to BioRich

Both logging in and not authenticating:


1 May 25 19:47:23 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): Credentials could not be verified, username or password is invalid.

2 May 25 19:47:23 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): authentication failed for user=myusername, method=DIGEST-MD5

3 May 25 19:47:29 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): Credentials could not be verified, username or password is invalid.

4 May 25 19:47:29 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): authentication failed for user=myusername, method=DIGEST-MD5

5 May 25 19:47:31 box7.mydomain1.com log[129]: imap-login: Aborted login (auth failed, 1 attempts): user=<myusername>, method=DIGEST-MD5, rip=192.168.1.4, lip=192.168.1.6, TLS

6 May 25 19:47:39 box7.mydomain1.com log[129]: imap-login: Login: user=<myusername>, method=CRAM-MD5, rip=192.168.1.4, lip=192.168.1.6, mpid=839, TLS

7 May 25 19:47:39 box7.mydomain1.com log[129]: imap(pid 839 user myusername): ID sent: name=Mac OS X Notes, version=4.2 (555.10.42), os=Mac OS X, os-version=10.11.6 (15G20015), vendor=Apple Inc.

8 May 25 19:47:39 box7.mydomain1.com log[129]: imap(pid 839 user myusername): Connection closed bytes=185/504

9 May 25 19:47:43 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): Credentials could not be verified, username or password is invalid.

10 May 25 19:47:43 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): authentication failed for user=myusername, method=DIGEST-MD5

11 May 25 19:47:53 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): Credentials could not be verified, username or password is invalid.

12 May 25 19:47:53 box7.mydomain1.com log[129]: auth: Error: od(myusername,192.168.1.4): authentication failed for user=myusername, method=DIGEST-MD5

13 May 25 19:47:55 box7.mydomain1.com log[129]: imap-login: Login: user=<myusername>, method=CRAM-MD5, rip=192.168.1.4, lip=192.168.1.6, mpid=839, TLS

14 May 25 19:47:55 box7.mydomain1.com log[129]: imap(pid 839 user myusername): ID sent: name=Mac OS X Notes, version=4.2 (555.10.42), os=Mac OS X, os-version=10.11.6 (15G20015), vendor=Apple Inc.

15 May 25 19:47:55 box7.mydomain1.com log[129]: imap(pid 553 user myusername): Connection closed bytes=158/476

Any insight appreciated. Not sure what to think of this.

May 25, 2018 5:12 PM

Reply Helpful

May 27, 2018 7:51 AM in response to BioRich In response to BioRich

Hi,


Have you tried changing the loginname from house@mydomain.com to just house?

That should work.

Using an OSX server, the full emailaddress is not used as authentication, just your username/shortname.

Verify the username with the terminalapp.

Typ: id house and id house@mydomain.com

Both will return the same info, but only the UID house is being used for authentication.

Goodluck


Jeffrey

May 27, 2018 7:51 AM

Reply Helpful

May 27, 2018 5:50 PM in response to jepping In response to jepping

Hi there.


Tried it many times, and twice just now, even with lowercase. Is there a reason authentication is turned off for outside the LAN? I am using Add Mail Account instead of macOS Server account type. The latter times out.


It's like the outside world is turned off. Here are the open ports:


Open TCP Port: 22 ssh

Open TCP Port: 25 smtp

Open TCP Port: 80 http

Open TCP Port: 88 kerberos

Open TCP Port: 110 pop3

Open TCP Port: 143 imap

Open TCP Port: 443 https

Open TCP Port: 445 microsoft-ds

Open TCP Port: 548 afpovertcp

Open TCP Port: 587 submission

Open TCP Port: 993 imaps

Open TCP Port: 995 pop3s

Open TCP Port: 4190
sieve

Open TCP Port: 5900
rfb


Any ports you think are necessary for external IMAP? I can poke more holes in my router. I don't know what's going wrong.


Update: I popped open port 993 for IMAPS (secure) and seems it's working. Hah.


OK I'm keeping an eye on it. Cheers

May 27, 2018 5:50 PM

Reply Helpful

May 30, 2018 5:04 AM in response to BioRich In response to BioRich

By default your router will not allow traffic towards those ports from WAN to LAN unless you open those ports specifically. Inside your LAN shouldn't be a problem.


For a basic mailserver I would open these ports only:

25, 80, 443, 465, 587 and 993.


Port 25 for smtp

Port 80 for redirecting https traffic to 443 from the server.app/websites

Port 465 and 587 for sending mail

Port 993 imap for receiving mail


Inside a LAN you can test IMAP using the local IP address of the server, externally I would use the FQDN of the server using dns.

Goodluck


Jeffrey

May 30, 2018 5:04 AM

Reply Helpful

May 30, 2018 5:29 AM in response to jepping In response to jepping

Yes. With the confusion of this system, I forgot what I had done to make this work the previous times. Also, due to my lovely Canadian providers (all two of them), they block ports and I had to research mapping external ports to internal ports. What a S-Show that was, as there's little to no information on routers and how to change ports on both sides of a router.

May 30, 2018 5:29 AM

Reply Helpful

May 30, 2018 6:24 AM in response to BioRich In response to BioRich

Nice! Figuring out how routers route their ports external and internally is almost as much fun as setting up a new server.

Here in the Netherlands you can sometimes setup your own favorite router or replace the whole thing for something much better.

And then hoping they will not "reset" your router to defaults when they deem it necessary so all the work is for nothing.

I have seen that happen a couple of times.

Goodluck


Jeffrey

May 30, 2018 6:24 AM

Reply Helpful

May 30, 2018 6:32 AM in response to jepping In response to jepping

Well just chasing the general concept...it's amazing how little is published. I assumed it could be done, as it makes sense...the job of a proper router.


Oh I host, so all of this is 100% mine, not a rental. Static IP, full LAN, great ISP with no blocked ports. The problem is using WiFi "out there" in Ontario, means ports are blocked. The two ISPs don't want you using outgoing SMTP servers, so you have to use their email system, which means you have to sign up. Buggers are hugely unpopular.

May 30, 2018 6:32 AM

Reply Helpful

May 30, 2018 6:45 AM in response to BioRich In response to BioRich

This has helped me in the past:

https://www.portforward.com/

if your make or model is noted in the database of course.


ISP's blocking smtp servers makes sense for spammers, but for business you should be able to choose a static IP with benefits like open ports, is that not the case?


Jeffrey

May 30, 2018 6:45 AM

Reply Helpful
User profile for user: BioRich

Question: OSX Server 10.8.5 email Authentication Issues